The Department for Education published updated guidance on protective security and preparedness for education settings that sets clear expectations for how schools should approach security planning. It is not a compliance tick-box — it is a genuine framework that, applied properly, reduces risk and improves a school's capacity to respond when things go wrong. This article distils the key requirements into an actionable format for headteachers, business managers, and governors.
The DfE guidance is explicit that security is a leadership responsibility, not a facilities management afterthought. Every school should have a named individual — headteacher, deputy, or competent business manager — accountable for coordinating security and preparedness. This person does not need to be a security expert, but they need the authority and time to take the role seriously.
Security culture matters as much as physical measures. Staff who challenge unfamiliar adults on site, follow visitor management procedures consistently, and know what to do in a lockdown are a more effective security layer than an expensive camera system operated by people who do not understand it.
Practical first steps include briefing all staff on security protocols at the start of each term, ensuring visitor management procedures are followed without exception, and running a simple walk-through of the site to identify anything that has changed since the last review.
The DfE guidance asks schools to think specifically about the threats they face rather than applying generic measures. A large secondary in an urban area has a different threat profile from a rural primary. An inner-city sixth form has different considerations from a village school sharing a site with a community hall.
Relevant threats include unauthorised access by adults, opportunistic theft and vandalism out of hours, targeted harassment of staff or pupils, and — for larger settings — the low-probability but high-consequence scenarios addressed by counter-terrorism guidance including Martyn's Law.
Your threat assessment does not need to be elaborate. A structured conversation between the headteacher, DSL, and site manager — documented and reviewed annually — is a reasonable starting point for most schools.
The guidance supports a layered approach: physical barriers first, technology second, procedures throughout. For most schools this means ensuring perimeter fencing is secure and regularly inspected, that pedestrian entry points are minimised, that a single controlled main entrance is the default access route, and that access control and CCTV are designed to support that layout.
Key physical checks include the condition of all gates and locking mechanisms, the integrity of fencing particularly at the rear of the site, lighting in car parks and around all external doors, and whether CCTV cameras cover all entry points with sufficient resolution to support identification.
Technology must be maintained. A camera offline for three months because nobody raised a fault report is worse than no camera — it creates false confidence. Maintenance contracts should include health monitoring and defined response times.
The DfE guidance requires schools to have an emergency plan covering a range of scenarios. For most schools the practically relevant scenarios are unauthorised access by a threatening individual, a significant fire or building emergency, and a serious incident involving a pupil or member of staff.
Lockdown procedures should be written, practised, and known by all staff — meaning at minimum an annual rehearsal, clear communication to all staff at the start of each year, and a review after any change to the school's layout or staffing. Staff who have never walked through the procedure before an incident cannot be expected to follow it calmly when one occurs.
Our free site surveys are structured around the DfE guidance and KCSiE obligations. We identify gaps, make practical recommendations, and help you build a security framework that works for your specific site.
Get in Touch →