Safeguarding used to sit in a filing cabinet. It was a set of policies, a trained Designated Safeguarding Lead, and a Single Central Record. That work still matters, but it is no longer the whole picture. The way children move around your site, who gets through the front door, and what your cameras record are now part of the same safeguarding duty. This guide sets out what school and trust leaders need to understand about the security side of Keeping Children Safe in Education (KCSiE), where it overlaps with data protection law, and how to close the gaps that most schools do not know they have.
KCSiE is the Department for Education's statutory safeguarding guidance for schools and colleges in England. Governing bodies, proprietors, and senior leaders must have regard to it. The word "must" in the guidance signals a legal requirement.
The current statutory version is KCSiE 2025, in force since 1 September 2025. A draft KCSiE 2026 went out for consultation between February and April 2026, with proposed changes expected to take effect in September 2026. Until that is confirmed and published, KCSiE 2025 remains the version you comply with.
The direction of travel is clear from the draft. Alongside familiar themes, the 2026 proposals strengthen content on school premises safeguarding duties, filtering and monitoring, and the systems that sit behind day-to-day safety. In plain terms, the guidance is catching up with how schools actually operate. Safeguarding failures are rarely just about a missed conversation. They often trace back to an unlocked side gate, a visitor who was never signed in, or a camera pointing at the wrong place.
Three areas now sit inside the safeguarding conversation:
The front door is where safeguarding meets daily reality. A school has to feel open to parents, contractors, and the community, while making it genuinely difficult for the wrong person to walk in unchallenged.
Good access control does not mean turning the school into a fortress. It means:
A paper visitor book fails on all of these. It is easy to skip, impossible to search quickly, and useless in an emergency roll call. Electronic visitor management with controlled entry points does the job the guidance expects, and it does it consistently.
Cameras are one of the most useful safeguarding tools a school has, and one of the easiest to get wrong.
Used well, CCTV covers blind spots, monitors perimeters and entrances, deters incidents, and provides evidence when something goes wrong. Used carelessly, it becomes a data protection liability.
School CCTV is governed by the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025, with the Information Commissioner's Office setting out how surveillance should be handled. That framework places clear duties on any school running cameras:
The tension is real. You want coverage that protects children, and you have a legal duty not to over-collect or over-retain their data. A system designed for a school gets that balance right from the start. A system designed for a car park does not.
Safeguarding is only as strong as your ability to show what happened, when, and who was involved.
If a safeguarding concern is raised, or Ofsted asks how you manage site access, "we think the gate was locked" is not an answer. You need verifiable records:
Manual records break down under pressure. They get skipped on busy mornings and rely on people remembering to fill them in. Automated audit trails remove that weak point. They give inspectors, investigators, and your own leadership team a clear, defensible account of what took place.
If this has you wondering whether your existing security or safeguarding policy actually holds up, you can check it. Upload your policy for an instant AI-powered health check against KCSiE, Martyn's Law, UK GDPR and DfE guidance.
Run the Policy Health Check →Counter-terrorism preparedness now runs in parallel with safeguarding. The Terrorism (Protection of Premises) Act 2025, known as Martyn's Law, received Royal Assent on 3 April 2025. The Home Office published its statutory guidance on 15 April 2026.
The requirements are not yet in force. The government has confirmed an implementation period of at least 24 months from Royal Assent, so enforcement is expected in spring 2027 at the earliest. Schools do not have to comply yet, but the sensible move is to prepare now.
Schools get a specific carve-out that many leaders miss:
Standard Tier duties focus on planning and awareness, not expensive kit. Think documented procedures for evacuation, invacuation, lockdown, and communication, plus staff who understand them. The government has been explicit that schools do not need to buy a product to meet these duties, and it does not endorse third-party "compliance" services. Treat any provider that promises to make you "Martyn's Law compliant" for a fee with caution. The honest position is that good physical security supports your response plans, but the plans themselves are yours to own.
Here is where many schools come unstuck. Security is a competitive market, and plenty of installers are happy to take the work. The trouble is that a lot of them treat a school like any other commercial job.
A retail unit and a school have almost nothing in common from a compliance point of view. A school is a child-facing, safeguarding-heavy, data-sensitive environment with statutory duties layered on top of each other. Install a standard commercial system into that environment and you get predictable gaps:
The result is a school paying for security that looks the part but leaves the leadership team carrying the compliance risk. When a parent submits a data request, or an inspector asks a hard question, the installer is long gone and the gap is yours.
Fyrfly Systems is a physical security provider built specifically for UK schools and public sector estates. The point of difference is not the hardware. It is that the whole system is specified against the frameworks your school is judged against, not a commercial template repurposed.
Sector expertise. Fyrfly designs to the frameworks a school is measured against, not a generic commercial template. That means systems built to align with DfE guidance, KCSiE requirements, and the relevant British Standards, including BS EN 62676 for video surveillance and BS 8243 for confirmed intruder and hold-up alarms. The people specifying your system understand what a DSL needs and what an inspector will ask.
One team, no subcontracting. Fyrfly runs the whole job with a single accountable team, from site survey to installation to maintenance. Nothing is handed to a subcontractor. That matters because subcontracting is where accountability leaks away. When one team owns the survey, the build, and the ongoing service, there is no finger-pointing when a question comes up. There is one point of responsibility, and it stays with them.
A single, connected system. Fyrfly brings CCTV, access control, intruder alarms, and monitoring together into one system rather than a set of disconnected boxes from different suppliers. A connected system means your entry logs, camera footage, and alarms work as one, which is exactly what you need when you have to produce a clear account of an incident quickly.
Data protection handled from the start. This is where a school-focused provider earns its place. Fyrfly systems come with the data protection groundwork already in place: documented lawful bases for processing, DPIAs prepared for the surveillance you run, and Subject Access Request workflows built in, including face-blurring so you can release footage to one person without exposing others. Handled properly, a SAR is straightforward. Handled as an afterthought, it becomes a scramble and a risk. Building the process in from day one takes that pressure off your business manager and your DSL.
You do not need to solve everything at once. Start by understanding where you actually stand.
Write down what you find. The gaps you list become your action plan, and the exercise itself is evidence of the safeguarding culture inspectors want to see.
Fyrfly offers free compliance tools and a free Martyn's Law self-assessment to help you understand your duties and see where your school stands, with no obligation to buy anything. When you are ready to look at your physical setup, book a free site survey. Get the assessment done first — whatever you decide next, you will make a better decision knowing exactly where the gaps are.
Book a Free Site Survey →This article is general guidance for school and trust leaders. It is not legal advice. Compliance requirements change, so check the current KCSiE version and the latest Home Office guidance on Martyn's Law before acting. For decisions with legal weight, take advice from a suitably qualified professional.