K-12 School Security in 2025

School security is a highly complex objective to achieve. ASIS International will be the next organization to publish a school security standards document following in the footsteps of numerous others such as Partner Alliance for Safer Schools, CISA and the “I Love You Guys” Foundation.

Like every industry, school administrators hear numerous voices regarding the safety of children at school. Much of the security industry's messaging is dominated by technology, physical, and building security. This is one of the significant challenges in the K-12 space, where many districts face economic limitations. Furthermore, it is crucial to acknowledge that protection and risk mitigation encompass not only the physical building space but also elements that prioritize school violence prevention efforts, including student mental health and school climate, as well as emergency response and recovery initiatives. 

A detailed assessment of the existing and future K-12 guidelines available supports common concerns that physical security can be over-represented in the solutions conversation at the expense of other evidence-based solutions. After-action reports from the most significant school shootings identify common themes that illuminate several issues that must be considered for a holistic approach to incident prevention and response and underscore the fact that the failure to address the people part of the security equation contributes to bad outcomes. All individuals associated with the K-12 community must be able to recognize and overcome the natural barriers to reporting emerging threats, enabling effective assessment and intervention. Anecdotal evidence from National Threat Assessment Center (NTAC) studies and Sandy Hook promises to support the effectiveness and importance of behavioral threat analysis.

The complexity of these issues underscores the need for a properly structured baseline district security risk assessment, which thoroughly articulates all the risks (not just an active shooter) and results in a multi-year master plan where sensible and affordable mitigation strategies can be systematically implemented to meet the unique circumstances of each district.

This article will discuss some of the resources available to school Administrators and security practitioners, offering clarity on where districts should start if they are unsure their security programs are as effective as they can be with the resources at their disposal. School security assessments do not lend themselves to a “Do it Yourself” or “DIY” approach, but if districts cannot afford to bring in an outside expert, there are resources to help. Key points to be covered:

•  Key Resources on Prevention and Response: Setting Physical Security and Programmatic Standards.
• Non-Technical Strategies to Consider.
• Determining Specific District Needs and Developing a Master Plan.

Key Resources:

• Partner Alliance for Safer Schools (PASS) Safety and Security Guidelines (6th Edition)
• CISA K-12 School Security Guide (3rd Edition)
• ASIS International School Security Standard
• Various Emergency Management Guides
School Shooter After Action Reports

PASS Safety and Security Guidelines

The guidelines detail five physical security layers (district-wide, property perimeter, parking lot perimeter, building perimeter, and classroom/interior) and seven core components (policies and procedures, personnel, architecture, communication, access control, video surveillance, and detection/alarms). They employ a tiered approach, categorizing measures into four levels, allowing schools to implement them based on available resources and needs. Recommendations include conducting risk assessments, training staff and students, and avoiding over-reliance on single technologies. This resource is available to all at no cost.

CISA K-12 School Security Guide

The K-12 School Security Guide, 3rd Edition, published by the Cybersecurity and Infrastructure Security Agency (CISA) in 2022, provides a comprehensive framework for local education agencies (LEAs) to enhance physical security in K-12 schools. The document has a companion tool and works with the K-12 School Security Assessment Tool (SSAT), a web-based program for vulnerability analysis and tailored security recommendations. Key Themes of the CISA document include:

• No One-Size-Fits-All Approach: Security measures must be customized to each school’s unique context, including campus layout, student demographics, and geographic location.
• Systems-Based Approach: It integrates five core elements—equipment/technology, site/building design, personnel, policies/procedures, and training—to work cohesively for detection, delay, and response to threats.
• Layered Security: Organizes security across four campus layers to prevent single points of failure, ensuring robust protection through interconnected measures.

This resource is available to all at no cost.

 ASIS International School Security Standard

The ASIS International School Security Standard, a proposed American National Standard under development by ASIS International and accredited by the American National Standards Institute (ANSI), aims to provide a comprehensive framework for enhancing security in K-12 educational institutions. As of the writing of this article, the standard is in the draft-for-review stage, with the two rounds of public comment periods having closed. The standard is expected to be finalized in the second half of 2025. The ASIS School Security Standard seeks to address the inconsistency in school security regulations across different states and countries, which often leaves educational institutions vulnerable to various threats, including violence, bullying, and mental health-related incidents. 

A strength of the standard is the emphasis on preparedness and prevention over response, focusing on creating safer educational environments through proactive risk assessment and management. The March draft of the ASIS School Security Standard is a comprehensive document, spanning over 100 pages, that addresses three primary areas: physical security, behavioral threat assessment management (BTAM), and emergency operations planning (EOP). This resource will be available at a discounted rate for ASIS members and a higher rate for non-ASIS members.

Emergency Management Guides

The Role of Districts in Developing High-Quality School Emergency Operations Plans: A Companion to the School Guide (September 2019)

The “I Love U Guys” Foundation was established in 2006 by Ellen and John-Michael Keyes following the tragic death of their daughter Emily in a school shooting at Platte Canyon High School in Bailey, Colorado. The key contributions of this foundation include:

• Standard Response Protocol (SRP) provides a clear, action-based framework for responding to various emergencies, including active shooters, natural disasters, and other threats. It consists of five actions: Hold, Secure, Lockdown, Evacuate, and Shelter, each with specific directives for students, staff, and first responders. As will be demonstrated in the next section of this article, adoption of SRP would address some of the common opportunities shown in after-action reports.
• Standard Reunification Method (SRM), developed post-2009, offers schools a structured process for reunifying students with parents or guardians after a crisis, avoiding the potential for chaotic reunification efforts.
• Collaboration with schools, law enforcement, mental health professionals, and community stakeholders to deliver free training and resources, addressing the multi-agency coordination challenges.

The Role of Districts in Developing High-Quality School Emergency Operations Plans: A Companion to the School Guide (September 2019)

This document outlines the critical role of school districts in supporting individual schools to develop, implement, and maintain comprehensive EOPs to address a range of threats and hazards, ensuring the safety of the whole school community. It aligns with the National Preparedness System and emphasizes a collaborative, six-step planning process to create tailored, high-quality EOPs. It emphasizes collaboration, customization, and a comprehensive approach to hazard assessment, aligning with national standards such as the National Incident Management System (NIMS) and Incident Command System (ICS) for effective coordination with first responders. The document leads districts through a six-step planning process. 

In our experience, the key to any effective EOP is proper scoping and efforts invested in maintaining readiness and continuously improving the plans. This means conducting routine and diverse drills to maintain proficiency, identify opportunities for improvement and develop “muscle memory” for response in irregular situations. 

After Action Report Themes

The after-action reports for the Columbine High School (1999), Virginia Tech (2007), Sandy Hook Elementary (2012), Marjory Stoneman Douglas High School (2018), Uvalde Robb Elementary (2022), and Covenant School (2023) shootings reveal recurring systemic failures and lessons that have significantly influenced school safety and law enforcement response strategies. Analysis of this data provides systemic patterns and actionable lessons derived directly from the reports.

• Missed Opportunities for Threat Assessments and Early Intervention. This was even a theme in a less publicized incident in October of 2022 at Central Visual and Performing Arts (CVPA) High School.
• Weak physical security was a factor in several incidents, particularly in older events, where unlocked doors were more common. In recent years, there were several cases of guns being used to breach glass for entry, including the 2022 incident at CVPA.
• Delayed or Ineffective Law Enforcement Responses and Incident Command and Communication Breakdowns. Since the Columbine shooting, Immediate Action Rapid Deployment (IARD) tactics have become the standard response. However, even with this lesson learned, there have been at least two failures, highlighting the importance of regular training and joint exercises to improve response time and effectiveness. Poor incident command and communication failures hindered responses in several of these high-profile incidents.
• Mental Health System Gaps. This may be better characterized by fragmented services, the impact of privacy laws, or family resistance, all of which can hinder effective intervention.
• Emergency protocols often failed under pressure. Fire alarms triggered by gunfire (Columbine, Marjory Stoneman Douglas, Covenant) led students into harm’s way during evacuations. Lockdown procedures were inconsistently executed-- with Virginia Tech delaying notifications, Sandy Hook’s lockdown unable to stop the rapid attack, and Uvalde’s staff unprepared to distinguish threats.

Non-Technical Considerations for School Security

For districts that are strapped for cash, there are less expensive, non-technical solutions to consider, tailored to the unique nature of each school.

Staff and Student Training

• Behavioral Threat Assessment Training: Train and encourage all members of the community to identify concerning behavior and report early warning signs. There are some good resources available (NTAC, a part of the Secret Service, Comprehensive School Threat Assessment Guidelines (CSTAG), Sandy Hook Promise, International Center for Digital Threat Assessment (ICDTA), and Behavioral Threat Assessment and Management (BTAM)).
• Active Shooter/Intruder Drills: Conduct regular lockdown and evacuation drills (age-appropriate and trauma-informed).
• De-escalation Training: Train teachers and staff to manage student aggression or conflict before it escalates verbally.

Personnel and Procedures

• School Resource Officers (SROs) or Security Staff: Where appropriate, post-trained personnel at main entrances or campus gates.
• Staffing Key Posts: Assign personnel to strategic positions during arrival, dismissal, and lunch for visibility and deterrence.

Policies and Accountability

• Code of Conduct Enforcement: Firmly and fairly enforce rules against bullying, violence, weapons, and unauthorized access.
• Anonymous Reporting Options: Provide a drop-box or other non-tech method for students to report concerns.

Access Control through Architecture and Policy

• Dedicated Visitor Point of Entry: Require all visitors to enter through a central, monitored entrance.
• Perimeter Fencing: Use fencing to define school boundaries and discourage trespassing.
• Locked Doors: Keep all exterior and classroom doors locked during school hours; use manual keyed locks or vestibules with staff supervision. Focus on loading docks and cafeteria delivery areas as typical soft spots in building security.
• Secure Vestibules: Employ double-door vestibules at the main entrance that funnel visitors through the front office before gaining access.
• Door Monitoring Protocols: Staff conduct regular physical checks to ensure doors are not propped open.

Visitor Management

• Check-In Protocols: Require all visitors to sign in, provide ID, and wear a visitor badge.
• Escort Policy: All non-staff adults must be escorted on school grounds.
• Manual Logs: Maintain written logs of all visitors and contractors.

Supervision and Movement Control

• Student Supervision: Ensure all school areas, especially hallways, stairwells, and restrooms, are regularly patrolled by staff.
• Classroom Lock-In Capability: If not otherwise kept locked, teachers must be able to lock classroom doors from the inside using mechanical locks quickly.
• Restrict Unsupervised Areas: Limit access to storage rooms, maintenance areas, and other secluded spaces.

Environmental Design (CPTED Principles)

• Natural Surveillance: Clear sightlines in hallways and entry areas; minimize visual obstructions.
• Territorial Reinforcement: Use signage and landscaping to define public, semi-public, and private school areas.
• Access Control through Design: Physical layout should discourage intrusion (e.g., avoid open, unmonitored rear access points).
• Maintenance: Keep facilities and grounds clean and well-maintained to deter vandalism and convey control.

Culture and Climate

• Build Trusting Relationships: Encourage students to report to peers who may pose threats.
• Supportive Environment: Foster a sense of inclusion and connectedness to reduce isolation, which can contribute to internal threats.

Determining Specific District Needs and Developing a Master Plan

This article isn't meant to provide a comprehensive guide on conducting a security risk assessment for a district; however, every district should undergo an evaluation with annual reviews and detailed refreshes at least once every five years. When we have done these for districts in the past, there has always been much work to be done. We have found it very effective to create working groups that could take on a subset of the work in areas that align with their expertise, such as:

• Policies, Procedures, Training, Liaison and Funding
• Capital Projects/ Building / Site Modification
• Security Systems, Crisis Alert

Master plans can be developed and progress tracked to ensure that improvements are memorialized, monitored and do not just become a “quick fix” that people forget as soon as some other issue diverts attention. This all requires the support of the board and superintendent.

Conclusion

School security is a highly complex objective to achieve. It is easy to focus on technology and building hardening while ignoring other effective violence prevention strategies that extend beyond the physical building space. A program requires consistent attention, care, and maintenance; otherwise, we are destined to repeat history, as seen in the lessons learned from the Columbine tragedy, which were not effectively applied to recent school shooting events. To assist districts and practitioners, this article highlights key resources on prevention and response standards, provides some non-technical strategies to consider, and encourages the use of district security assessments and master plans to demonstrate and memorialize improvements for monitoring and measurement.