The Acronym Buster

UK security, in plain English

Physical security in schools and the public sector is drowning in acronyms. This is our reference: every term explained in plain English, with the legal basis where one exists and why it actually matters. Verified against primary sources and updated as the landscape moves.

Download the 2026 cheat sheet (PDF) 3-page A4 · No sign-up · Free to share
Regulators & Bodies

Regulators & Bodies

The public bodies whose remit shapes what physical security has to do.

CTSA
Regulators & Bodies
Counter Terrorism Security Adviser

A specialist police officer or staff member working within local police forces, coordinated by NaCTSO, who provides free protective security advice to businesses and organisations.

Why it matters

CTSAs are the primary source of tailored counter-terrorism advice for sites likely to fall within Martyn's Law's scope. Their input is free and independent of any supplier.

Related page →
DfE
Regulators & Bodies
Department for Education

The UK government department responsible for education and children's services in England.

Why it matters

The DfE issues Keeping Children Safe in Education (KCSiE), the statutory safeguarding guidance that every school and college in England must follow, and publishes the school security guidance underpinning most physical security expectations for schools.

HSE
Regulators & Bodies
Health and Safety Executive

The national regulator for workplace health and safety in Great Britain.

Why it matters

Fire safety, lone working and premises safety obligations intersect the HSE's remit. For schools and public sector buildings, this influences how physical security systems are designed to protect staff as well as visitors.

ICO
Regulators & Bodies
Information Commissioner's Office

The UK's independent regulator for data protection and information rights, operating under the Data Protection Act 2018.

Why it matters

Any use of CCTV, access control or visitor logging that captures personal data falls under the ICO's remit. Its guidance on video surveillance is the practical reference point for signage, retention and workplace monitoring policies.

NaCTSO
Regulators & Bodies
National Counter Terrorism Security Office

A police unit that provides counter-terrorism protective security advice across the UK, hosted by Counter Terrorism Policing.

Why it matters

NaCTSO oversees the Counter Terrorism Security Adviser (CTSA) network and publishes the ACT Awareness training programme that will play a central role in staff preparation for Martyn's Law.

Related page →
NPCC
Regulators & Bodies
National Police Chiefs' Council

The coordinating body for UK policing, formed in April 2015 as the successor to the Association of Chief Police Officers (ACPO).

Why it matters

NPCC owns the Secured by Design (SBD) initiative and shapes national police-led guidance on crime prevention through environmental design, which planning authorities often reference.

Ofsted
Regulators & Bodies
Office for Standards in Education, Children's Services and Skills

The non-ministerial government department that inspects and regulates schools, further education and skills training in England.

Why it matters

Ofsted's Education Inspection Framework covers safeguarding, which draws in physical security arrangements where they are relevant to keeping pupils safe. Inspectors will expect security measures to align with KCSiE and the school's own risk assessments.

SIA
Regulators & Bodies
Security Industry Authority

The UK regulator for the private security industry, established under the Private Security Industry Act 2001. A non-departmental public body sponsored by the Home Office.

Why it matters

The SIA licenses individuals working in guarding, door supervision, CCTV operation and close protection. It will also regulate the Terrorism (Protection of Premises) Act 2025 (Martyn's Law) once its requirements commence.

Related page →
Legislation & Frameworks

Legislation & Frameworks

The statutes, statutory guidance and non-statutory frameworks that create obligations.

DPA
Legislation & Frameworks
Data Protection Act 2018

The UK legislation that implements the UK GDPR and covers areas outside its scope, including law enforcement processing and intelligence services.

Why it matters

The DPA and UK GDPR should be read together. For schools and public sector organisations, the DPA governs how personal data captured by security systems must be handled, retained and disclosed.

FOIA
Legislation & Frameworks
Freedom of Information Act 2000

UK legislation giving the public a right of access to information held by public authorities, including schools, colleges and local authorities.

Why it matters

Security policies, CCTV coverage areas and incident data can be the subject of FOI requests. This is a strong reason for policies to be written to a publishable standard from the outset, rather than as internal notes.

KCSiE
Legislation & Frameworks
Keeping Children Safe in Education

The DfE's statutory safeguarding guidance for schools and colleges in England, issued under sections 175 and 157 of the Education Act 2002. Updated annually with a September in-force date.

Why it matters

KCSiE is the anchor document for school safeguarding. It sets out the expectation that schools have proportionate arrangements to protect children on site, including from external threats. Physical security measures are not prescribed by name, but they must support the wider safeguarding framework.

Related page →
RRFSO
Legislation & Frameworks
Regulatory Reform (Fire Safety) Order 2005

The primary fire safety legislation for non-domestic premises in England and Wales. Places duties on the person who has control of the premises, referred to as the responsible person.

Why it matters

Fire alarm systems, evacuation procedures and fire risk assessments all sit under the RRFSO. Note that the responsible person under the RRFSO is a separate legal role from the responsible person under Martyn's Law, though in practice they are often the same individual.

Related page →
SBD
Legislation & Frameworks
Secured by Design

A UK police-led initiative owned by the NPCC that provides a preferred specification for crime prevention through design of buildings, systems and products.

Why it matters

SBD is not statutory, but planning conditions and public sector procurement frameworks often reference it. SBD-certified products can be a proportionate specification anchor when a client wants a defensible standard without over-engineering.

Related page →
TPPA / Martyn's Law
Legislation & Frameworks
Terrorism (Protection of Premises) Act 2025

UK legislation that will place duties on qualifying publicly accessible premises to have protective procedures in place. Received Royal Assent on 3 April 2025.

Why it matters

The substantive requirements are not yet in force. Commencement is expected from 2027, with the final date to be confirmed. Premises where 200 or more people may reasonably be expected fall within scope; below 200 is out of scope. Schools remain in the Standard Tier whatever their capacity, under the Act's special consideration for education.

Related page →
UK GDPR
Legislation & Frameworks
UK General Data Protection Regulation

The UK's version of the EU GDPR, retained in UK law after Brexit and sitting alongside the Data Protection Act 2018.

Why it matters

Every CCTV system, access control record and visitor log processes personal data under the UK GDPR. Compliance requires signage, documented retention periods, a lawful basis for processing and a Data Protection Impact Assessment for high-risk deployments.

Related page →
Accreditation & Certification

Accreditation & Certification

Third-party certification schemes that indicate competence and are often required by insurers and procurement.

BAFE
Accreditation & Certification
British Approvals for Fire Equipment

An independent, third-party certification scheme provider for the fire safety industry. BAFE certifies competency for fire product installation, servicing and design.

Why it matters

For fire detection and alarm systems (BAFE scheme SP203-1) and portable fire extinguishers (SP101), BAFE certification is the recognised marker of installer competence and is often specified by insurers and the fire and rescue service.

Related page →
BSI
Accreditation & Certification
British Standards Institution

The UK's national standards body, publisher of British Standards (BS) and the UK member of ISO and CEN.

Why it matters

Every technical standard referenced in a security specification (BS 5839, BS EN 50131, BS EN 62676 and so on) is a BSI publication. Compliance with the current BS is the baseline expectation on any professional installation.

LPCB
Accreditation & Certification
Loss Prevention Certification Board

The certification arm of BRE, providing product-level certification against Loss Prevention Standards (LPS).

Why it matters

LPCB is best known for LPS 1175 (physical security-rated doors, gates, cages and barriers) which is often specified where a defined attack resistance is required. Product certification, distinct from company certification like NSI or SSAIB.

NSI
Accreditation & Certification
National Security Inspectorate

A UKAS-accredited certification body that inspects and certifies companies providing security systems, fire detection and manned guarding services against BS and BAFE standards.

Why it matters

NSI certification (Gold and Silver schemes) is one of the two dominant marks of company-level competence in UK security. Insurers, police forces and larger clients often specify NSI or SSAIB certification as a procurement requirement.

SSAIB
Accreditation & Certification
Security Systems and Alarms Inspection Board

A UKAS-accredited certification body that certifies companies providing security systems, monitoring services, guarding and telecare against relevant BS standards.

Why it matters

SSAIB is the other main third-party certification body for security installers, sitting alongside NSI. Insurer and police procurement typically accepts either NSI or SSAIB certification as demonstrating competence.

Technical Standards

Technical Standards

The British and European standards that define how systems should be designed and installed.

BS 5839-1
Technical Standards
Fire detection and fire alarm systems for buildings, Part 1: Non-domestic premises

The UK code of practice for the design, installation, commissioning and maintenance of fire detection and fire alarm systems in non-domestic buildings.

Why it matters

BS 5839-1 defines system categories (P1, P2, L1, L2, L3, L4, L5, M) that specify what a fire alarm system is designed to protect. Getting the right category is the single most important design decision in a fire alarm specification.

Related page →
BS 8243
Technical Standards
Design, installation and configuration of intruder and hold-up alarm systems designed to generate confirmed alarm conditions

The UK code of practice for confirmed alarm systems, which require two or more independent detections before triggering a full police response.

Why it matters

Confirmed alarms exist to reduce false police call-outs and remain a police response condition in most UK forces. BS 8243 is the code of practice that alarm designs must follow to qualify for police response under the current ACPO/NPCC secure key-holder policy.

BS 8418
Technical Standards
Design, installation, commissioning and maintenance of detector-activated video surveillance systems

The UK code of practice for remotely monitored, detector-activated CCTV systems where an alarm signal triggers live operator engagement.

Why it matters

BS 8418 is what makes monitored CCTV eligible for police URN response in many force areas. It defines how detection, verification and remote intervention must be integrated, and is the standard behind most solar CCTV tower deployments.

Related page →
BS EN 50131
Technical Standards
Alarm systems: Intrusion and hold-up systems

The European standard series that specifies requirements for the design, installation and performance of intruder and hold-up alarm systems.

Why it matters

BS EN 50131 defines the four security grades (Grade 1 to Grade 4) used to match alarm system performance to the risk of the premises. Insurers typically specify Grade 2 or Grade 3 for commercial and public buildings.

Related page →
BS EN 50136
Technical Standards
Alarm systems: Alarm transmission systems and equipment

The European standard series specifying performance and testing of the transmission paths that carry alarm signals from a system to an alarm receiving centre.

Why it matters

BS EN 50136 defines the ATS categories (SP1 through DP4) used to grade single-path and dual-path signalling. Insurers typically specify a minimum ATS category based on risk; higher grades give faster fault detection and greater resilience.

BS EN 50518
Technical Standards
Monitoring and Alarm Receiving Centre

The European standard covering the physical construction, staffing and operational requirements of alarm receiving centres.

Why it matters

BS EN 50518 is what makes an ARC an ARC. Any ARC handling monitored intruder or CCTV signals for insurance or police response should be certified against this standard.

Related page →
BS EN 62676
Technical Standards
Video surveillance systems for use in security applications

The European standard series covering requirements, performance and testing of video surveillance systems.

Why it matters

BS EN 62676 is the modern replacement for older CCTV standards, covering everything from image quality classifications to network security. A specification citing this standard is confirming the system will be designed to current European best practice.

Related page →
PD 6662
Technical Standards
Published Document 6662: Scheme for the application of European Standards for intrusion and hold-up alarm systems

The BSI Published Document that sets out how BS EN 50131 and related European standards should be applied in the UK.

Why it matters

PD 6662 is the practical bridge between the European standard and UK installation practice. A specification citing PD 6662:2017 is confirming that the system will be installed to current UK practice.

Related page →
Technical Terms

Technical Terms

The equipment, technologies and operational concepts that recur across specifications.

ACT
Technical Terms
Action Counters Terrorism

NaCTSO's public awareness campaign encouraging the reporting of suspicious activity, together with the free ACT Awareness e-learning package for frontline staff.

Why it matters

ACT Awareness is the recognised free training route for staff counter-terrorism awareness and is the practical baseline for Standard Tier Martyn's Law staff training. Bookable online through the ProtectUK platform.

Related page →
ANPR
Technical Terms
Automatic Number Plate Recognition

A camera-based technology that reads vehicle number plates and matches them against watchlists or access lists.

Why it matters

ANPR is commonly used at school and campus vehicle entrances, car parks and delivery yards. Under UK GDPR it is a significant data processing activity that requires a lawful basis, a documented retention period and clear signage.

Related page →
ARC
Technical Terms
Alarm Receiving Centre

A secure, 24/7 monitoring facility that receives alarm signals from remote sites and takes agreed action, typically to BS EN 50518.

Why it matters

The ARC is where an alarm actually gets responded to. A monitored intruder alarm, a detector-activated CCTV system or a lone-worker device is only as good as the ARC behind it, so the ARC's grading, response protocols and police URN status all matter.

Related page →
CCTV
Technical Terms
Closed-Circuit Television

The umbrella term for video surveillance systems, whether analogue or, more commonly today, IP-based network cameras.

Why it matters

The legacy of the analogue CCTV era is that clients often assume all systems are broadly the same. Modern IP-based CCTV differs significantly in image quality, network security, storage architecture and integration with access control, and specification matters.

Related page →
HVM
Technical Terms
Hostile Vehicle Mitigation

Physical security measures designed to prevent or reduce the impact of vehicle-borne threats, including bollards, planters, active road blockers and vehicle security barriers.

Why it matters

For sites likely to fall within Enhanced Tier scope of Martyn's Law, or those hosting public events, HVM is often part of the proportionate security assessment. Specification should reference an impact rating (IWA 14 or PAS 68/BSI PAS 170) rather than appearance alone.

Related page →
IP
Technical Terms
Internet Protocol

The network protocol that underlies almost all modern security systems. An IP camera is one that transmits video over a computer network rather than as an analogue signal.

Why it matters

IP-based systems bring the benefits of network technology (remote access, high resolution, integration) and also its risks (cyber security, network dependency). Any specification for IP CCTV should include the cyber security posture, not just the camera count.

Related page →
NVR
Technical Terms
Network Video Recorder

The dedicated device or server that records and stores video from IP cameras on a network.

Why it matters

The NVR determines how long footage is retained, how quickly it can be searched and exported, and how resilient the recording is to failure. Retention should be documented in the site's UK GDPR retention schedule.

Related page →
PIR
Technical Terms
Passive Infrared

The most common motion detection technology used in intruder alarms and lighting controls. Detects the change in infrared radiation caused by a warm body moving through a monitored area.

Why it matters

PIR detectors are inexpensive and effective indoors but have known limitations (line-of-sight, false triggers from heat sources). More critical detection points often combine PIR with microwave or dual-technology detectors to reduce false alarms.

Related page →
PoE
Technical Terms
Power over Ethernet

An IEEE 802.3 standard that allows Ethernet cabling to carry electrical power alongside data, powering devices like IP cameras, wireless access points and access control readers from the network switch.

Why it matters

PoE dramatically reduces installation cost and disruption because devices need only a single cable rather than separate power supplies. Modern PoE++ (802.3bt) supports higher-power devices including PTZ cameras and heaters.

Related page →
ProtectUK
Technical Terms
ProtectUK

The Counter Terrorism Policing digital platform providing protective security advice, training and, in due course, Martyn's Law guidance and support tools for the Responsible Person.

Why it matters

ProtectUK is the official source that all Martyn's Law preparation should reference. Any supplier's guidance, including ours, should be a proportionate interpretation of what ProtectUK sets out, not a substitute for it.

Related page →
PSTN
Technical Terms
Public Switched Telephone Network

The traditional analogue and copper-based telephone network in the UK.

Why it matters

Openreach is phasing out the PSTN in favour of digital voice services. This directly affects intruder alarms, fire alarms, lift lines and door entry systems that rely on analogue signalling, all of which need migration planning to digital signalling paths before the switch-off completes.

Related page →
VMS
Technical Terms
Video Management System

The software platform that manages CCTV cameras, recordings, users and integrations.

Why it matters

The VMS is the operational heart of a modern CCTV system. Its cyber security posture, integration capability and user management directly affect how a site actually uses its cameras day to day.

Related page →
Roles & Organisations

Roles & Organisations

The professional roles, bodies and formal responsibilities that sit around security decisions.

DPO
Roles & Organisations
Data Protection Officer

The individual formally designated under UK GDPR Article 37 to advise on and monitor compliance with data protection law. Mandatory for public authorities and for organisations whose core activities involve large-scale monitoring or processing of special category data.

Why it matters

The DPO should be consulted on the design of any CCTV, access control or ANPR system that captures personal data. In schools and local authorities, the DPO's sign-off on a Data Protection Impact Assessment is often the pragmatic gate before a system goes live.

Related page →
DSL
Roles & Organisations
Designated Safeguarding Lead

The named senior member of school staff with lead responsibility for safeguarding and child protection, required by KCSiE.

Why it matters

The DSL is the natural internal counterpart for the physical security specifier in a school. Site security arrangements, access control logic and CCTV usage policies should be aligned with, and signed off by, the DSL alongside the school's senior leadership.

Related page →
ISBA
Roles & Organisations
Independent Schools Bursars Association

The professional membership body for bursars, business directors and finance directors in independent schools in the UK.

Why it matters

ISBA's Bursar's Review, annual conference and framework agreements are the primary professional environment of independent school bursars. Suppliers serious about the independent sector engage through ISBA, not through general education marketing.

ISBL
Roles & Organisations
Institute of School Business Leadership

The professional body for school business leaders in England, formerly the National Association of School Business Management (NASBM).

Why it matters

ISBL sets the professional standards for the SBP role and provides accredited routes such as ISBL Fellowship. Suppliers respected within ISBL networks tend to have a more accurate understanding of how school procurement actually works.

MAT
Roles & Organisations
Multi-Academy Trust

A group of academy schools operating under a single trust and governance structure.

Why it matters

MATs typically hold contracts centrally, giving them purchasing power to consolidate maintenance, monitoring and installation across sites. A single accountable partner across a trust is often more cost-effective than parallel arrangements at each academy.

Related page →
NGA
Roles & Organisations
National Governance Association

The national membership organisation for governors and trustees of state schools and academy trusts in England.

Why it matters

Where a proposal will go before a governing body or board of trustees, framing that reflects NGA good practice, particularly around due diligence, value for money and safeguarding assurance, tends to land more effectively.

Responsible Person (Fire)
Roles & Organisations
Responsible Person under the Regulatory Reform (Fire Safety) Order 2005

The person who has control of non-domestic premises for fire safety purposes, whether as employer, occupier or owner.

Why it matters

This is a separate legal role from the Martyn's Law Responsible Person, though the same individual often carries both. The fire responsible person is the one accountable for the fire risk assessment and for arrangements under the RRFSO.

Related page →
Responsible Person (Martyn's Law)
Roles & Organisations
Responsible Person under the Terrorism (Protection of Premises) Act 2025

The person or body who has control of the qualifying premises or event under Section 3 of the Act. Where the responsible person is an organisation, a senior individual must be designated to be accountable for compliance.

Why it matters

This is a named role in law once the Act commences. There is no requirement in the Act for that person to hold any specific security qualification, contrary to some suppliers' claims. Naming the Responsible Person and documenting the appointment is one of the practical steps organisations can take now, before commencement.

Related page →
SBM / SBP
Roles & Organisations
School Business Manager / School Business Professional

The senior operations and finance role in a school, responsible for premises, contracts, procurement and non-teaching operations. SBP is the modernised term used by ISBL.

Why it matters

The SBM or SBP is usually the person who signs off security contracts and holds the operational relationship with the installer. Their priorities of value for money, minimal disruption and compliance visibility should shape any proposal put in front of them.

Related page →

No matching terms. Try a different keyword or clear the filter.

Put It Into Practice

Free tools that work with these frameworks

The acronyms are only useful if they help you make a decision. These tools apply the same frameworks to your site.

Missing a term? Spotted an error?

This glossary is maintained by a working security installer, not a law firm. If a definition needs updating or a term we should have covered is missing, tell us and we will fix it.

Email us →

Sources and method

Every entry is verified against primary sources: legislation on legislation.gov.uk, guidance from the ICO, SIA, DfE, ProtectUK, standards documents published by the BSI, and the accreditation bodies named. This page is general information, not legal advice. For a specific compliance question, verify against the primary source or seek advice from your DPO, solicitor or CTSA. Last reviewed 6 July 2026.