MCB Physical Security Guide for Mosque & Community Premises

Version: 1.4 Date: March 2026 Published by: Muslim Council of Britain — Security Workstream

How to Use This Guide

This guide covers twelve domains of physical security relevant to mosques, Islamic centres, and community premises in the United Kingdom. Each section follows a consistent structure: why the topic matters, what the law or standards require, a practical action checklist your committee can work through, common mistakes to avoid, available funding and support, and key references.

Use the executive summary to identify your highest-priority gaps, then go directly to the relevant sections. Each section is self-contained — you can print individual sections and hand them to the person responsible for that area. Where a section references another (for example, fire safety and electronic security overlap on alarm monitoring), cross-references are provided.

Executive Summary

Mosques and Islamic community centres face a wide range of security challenges — from hate crime and arson to fire safety compliance and data protection obligations. This guide synthesises authoritative UK sources into a single, actionable reference covering every aspect of physical security that a mosque committee or board of trustees should address.

Priority Overview

Key Deadlines

• Now in force: BS 5839-1:2025 (fire detection and alarm systems for non-domestic premises)
• ~April 2027: Terrorism (Protection of Premises) Act 2025 (Martyn's Law) — all places of worship must comply with Standard Tier requirements regardless of capacity
• Rolling: Protective Security for Mosques Scheme (PSMS) — applications accepted on an ongoing basis

1. Emergency Response & Crisis Management

Priority: Critical Applies to: All mosques and community premises Key legislation: Health and Safety at Work Act 1974; Regulatory Reform (Fire Safety) Order 2005

Why This Matters

Mosques face a documented and growing threat from hate crime, arson, and in the most extreme cases, terrorist attack. Since late 2023 there has been a marked increase in attacks against mosques and Islamic community centres by far-right individuals and groups. Having a clear, rehearsed emergency response plan is the single most important step your mosque can take — it costs nothing and could save lives.

Key Requirements

• Every mosque should have a written emergency response plan covering at minimum: evacuation, invacuation (sheltering in place), lockdown, and communication procedures.
• The plan must identify specific roles: Incident Lead, Fire Wardens, Communications Lead, and First Aiders.
• Evacuation routes must be clearly signed, unobstructed, and known to all regular staff and volunteers.
• Assembly points (primary and secondary) must be designated and communicated.
• A rapid communication system must be in place. The MCB Emergency Response Plan recommends a WhatsApp-based alert system with three tiers:
  • RED ALERT — EVACUATE NOW: Immediate evacuation required.
  • AMBER ALERT — STAND BY: Incident being assessed; prepare to evacuate.
  • GREEN ALERT — ALL CLEAR: Situation resolved; safe to remain or return.

Practical Actions

Good (safe start):

1. Write an emergency response plan covering evacuation (leaving the building), invacuation (moving to a safe area inside — see Glossary), and lockdown (securing doors to keep a threat out). Use the MCB Emergency Response Plan as your starting template — it covers seven threat scenarios. This plan also forms the foundation of your Martyn's Law compliance (see Section 2).
2. Assign named individuals to each role: Incident Lead (the person in charge during an emergency), Fire Wardens, Communications Lead, and First Aiders. Name a deputy (backup) for each role.
3. Map your evacuation routes. Walk them. Check that all fire exits open freely, are signed, and are never blocked by stored items. Lifts must NOT be used during evacuation. See Section 3 for fire detection and alarm requirements.
4. Designate two assembly points (places where people gather after evacuating) — a primary location (front of building, safe distance) and a secondary overflow zone. Both must be away from vehicle routes.
5. Keep an emergency contacts list posted by the main entrance and in the office: 999, local police SNT/NPT (Safer Neighbourhood Team) direct number, gas emergency (0800 111 999), and mosque leadership contact numbers.

Better (well protected):

6. Set up a WhatsApp alert group. Include all trustees, wardens, and key volunteers. Use the MCB three-tier system: RED (evacuate now), AMBER (stand by), GREEN (all clear). Test it monthly with a GREEN ALERT practice message.
7. Print and display the emergency response plan in the main prayer hall, entrance, kitchen, and any office areas.
8. Brief all regular volunteers on the plan at least twice per year. New volunteers should be briefed on their first day. During busy times (Jumu'ah, Tarawih, Eid), have volunteers at doors as stewards (see Section 8).
9. Check the streets before prayers. The MCB Emergency Response Plan specifically recommends checking the area around your mosque before prayers begin. If there is trouble outside, lock the doors and move people to a safe room inside.

Best (leading practice):

10. Prepare Personal Emergency Evacuation Plans (PEEPs) for anyone who regularly uses the premises and would need assistance evacuating — elderly congregants, wheelchair users, those with mobility or sensory impairments. If prayer halls or sisters' galleries are above the ground floor, ensure evacuation chairs are available and trained volunteers know how to use them.
11. Integrate your plan with neighbouring premises. Share your emergency procedures with adjacent buildings and agree coordination arrangements — for example, use of each other's assembly points or mutual aid during an incident.
12. Conduct an annual tabletop exercise (a discussion-based walkthrough of a scenario) with your local police and Counter Terrorism Security Adviser (CTSA) to test and refine your plan.

Common Mistakes

• No written plan at all. Many mosques rely on informal knowledge. This fails when the one person who "knows what to do" is absent.
• Plan exists but nobody knows about it. A document in a drawer is useless. It must be displayed, briefed, and practised.
• Blocking fire exits. Shoes, furniture, prayer mats, and storage frequently obstruct exits — especially during busy periods like Ramadan.
• No deputies assigned. If the Incident Lead is on holiday during an emergency, who takes over? Every role needs a named backup.
• Assuming "it won't happen here." The MCB Emergency Response Plan was created precisely because incidents at mosques are not hypothetical — they are documented and increasing.

Funding & Support

• The MCB Emergency Response Plan template is available free from the MCB Security Workstream.
• ProtectUK (protectuk.police.uk) provides free counter-terrorism guidance including the ACT (Action Counters Terrorism) awareness e-learning.
• Your local Counter Terrorism Security Adviser (CTSA) can conduct a free site visit and help you develop your plan — contact your local police force to request this.
• MEND offers training sessions on emergency preparedness for mosques ([email protected]).

Key Standards & References

2. Martyn's Law Compliance

Priority: Critical Applies to: All mosques and places of worship (Standard Tier regardless of capacity) Key legislation: Terrorism (Protection of Premises) Act 2025

Why This Matters

The Terrorism (Protection of Premises) Act 2025 — known as Martyn's Law after Martyn Hett, killed in the 2017 Manchester Arena attack — received Royal Assent on 3 April 2025. It creates a legal duty for premises operators to take proportionate steps to protect the public from terrorism. Places of worship are explicitly included in the Standard Tier regardless of their capacity, meaning every mosque in the UK must comply. The compliance deadline is expected to be approximately April 2027, when the regulator (the Security Industry Authority) begins enforcement.

Key Requirements

Standard Tier obligations (all places of worship):

• Documented public protection procedures for responding to a terrorist attack
• Evacuation, invacuation (shelter in place), and lockdown plans
• Provision of information to people on the premises about what to do in an emergency
• Training for staff and volunteers on the above procedures
• No costly physical security measures are required at Standard Tier — this is about procedures and awareness, not hardware

Penalties for non-compliance:

Criminal liability applies for obstruction of the regulator or providing false information.

Practical Actions

Good (safe start):

1. Don't wait until 2027. Begin preparing now. If you already have an emergency response plan (see Section 1), you have a strong foundation.
2. Document your procedures. Write down your evacuation, invacuation (moving to a safe area inside), and lockdown plans. The regulator (the SIA — Security Industry Authority) will expect written evidence.
3. Display information for visitors. Signs or notices explaining what to do in an emergency should be visible in the main prayer hall and entrance areas.

Better (well protected):

4. Train all staff and regular volunteers. This includes paid staff, regular volunteers, and anyone who supervises activities on the premises. Training should cover: recognising suspicious activity, evacuation procedures, invacuation (when and how to shelter), and lockdown (securing doors, moving away from windows).
5. Keep records of training sessions (dates, attendees, topics covered). The regulator may ask for evidence.

Best (leading practice):

6. Review your plan against the Act's requirements once the SIA publishes detailed guidance (expected before the compliance deadline). Update your procedures to match.
7. Consider the Enhanced Tier. If your mosque charges admission for any events and has a capacity exceeding 800, you may fall into Enhanced Tier for those events. Places of worship that do not charge admission remain Standard Tier regardless of capacity. Seek advice if unsure.

Common Mistakes

• Assuming mosques are exempt. They are not. Places of worship are explicitly Standard Tier regardless of capacity.
• Thinking this requires expensive security equipment. Standard Tier is about procedures and training, not physical measures.
• Waiting for the deadline. The Act is already law. Starting early means you can develop plans calmly rather than rushing.
• Confusing this with Prevent. Martyn's Law is a separate regime focused on protective security, not counter-extremism. The PSMS scheme is also separate from Prevent (see Section 9).

Funding & Support

• ProtectUK provides free guidance and e-learning on protective security measures.
• Your local CTSA can advise on compliance — this service is free.
• The SIA (gov.uk/sia) will publish compliance guidance as the enforcement date approaches.

Key Standards & References

3. Fire Safety & Detection

Priority: Critical Applies to: All non-domestic premises (mosques, community centres, madrassahs) Key legislation: Regulatory Reform (Fire Safety) Order 2005; BS 5839-1:2025

Why This Matters

Mosques are non-domestic premises and must comply with fire safety law. The "Responsible Person" (typically a trustee or premises manager) has a legal duty to carry out a fire risk assessment, maintain fire detection and alarm systems, and ensure safe evacuation. Arson is also a documented threat — the MEND guide specifically highlights keeping bins and combustibles away from walls as a preventive measure. The key standard, BS 5839-1, was significantly updated in 2025 with changes that directly affect mosque premises.

Key Requirements

Fire risk assessment must be carried out and reviewed regularly. It must be documented if you have 5 or more employees, but best practice is to document it regardless.

System categories (BS 5839-1) define the level of protection:

Key 2025 changes (BS 5839-1:2025):

• Sleeping rooms: Category L2 now explicitly includes rooms where people sleep as high-risk. Heat detectors are no longer permitted in sleeping rooms — smoke detectors are mandatory. This is directly relevant to mosques with caretaker accommodation or where congregants sleep during i'tikaf/Ramadan.
• Stairway lobbies now require automatic detection (previously excluded).
• Alarm transmission timing: Category L systems must reach the Alarm Receiving Centre (ARC) within 90 seconds; Category P within 120 seconds. Catastrophic failure must be indicated within 3 minutes (Cat L) or 31 minutes (Cat P).
• Maintenance tolerance: Service visits now have a one-month tolerance — the 6-monthly interval means visits between 5 and 7 months are acceptable.
• All variations must be justified and recorded in the system logbook (previously only "major" variations).
• Cyber security (new clause 43.4): Fire alarm systems connected to networks must have locked comms cabinets, anti-tamper plugs, and authentication before remote access. See also Section 11 (Cyber Security).
• Cause-and-effect matrix: A new documentation requirement — a cause-and-effect matrix or text description must be included in system handover documentation.
• Firmware updates classified as modifications: Updating firmware on fire alarm control panels is now classified as a modification requiring a certificate. Ensure your contractor issues one after any panel update.
• Cable identification: Fire alarm cables and the low voltage mains supply should be a single common colour, with red preferred. The functional earth conductor is now identified by pink colour or "FE" marking.
• False alarm investigation: A preliminary investigation should be triggered when the false alarm rate exceeds 4 per 100 detectors per annum.
• PSTN switch-off (2027): The public telephone network is being switched off in 2027. All alarm transmission will need to move to IP-based systems. Discuss transition plans with your monitoring company now.

Practical Actions

Good (safe start):

1. Ensure fire exit routes are clearly identified with signage and emergency lighting. All escape routes must have illuminated exit signs and maintained emergency lighting that activates on mains power failure. Check that signs are visible, unobstructed, and comply with BS 5266-1.
2. Ensure your fire risk assessment is current. If it is more than 12 months old or your premises have changed, commission a new assessment from a competent fire risk assessor (a qualified professional who evaluates fire hazards).
3. Test your fire alarm weekly and record the test in your fire logbook.
4. Ensure fire exits are clear at all times — especially during Jumu'ah, Tarawih, and Eid prayers when attendance peaks.
5. Manage shoes actively. Install adequate shoe racks positioned away from escape routes. Assign a volunteer to enforce their use during peak times. Shoes piled in corridors and doorways are the single most common fire exit obstruction in UK mosques.

Better (well protected):

6. Check your system category against BS 5839-1:2025 (the British Standard for fire detection in non-domestic buildings). If people sleep on the premises (caretaker flat, i'tikaf accommodation, overnight madrassah stays), you need at minimum Category L2 with smoke detectors in those rooms.
7. Replace heat detectors with smoke detectors in any sleeping rooms. The 2025 standard explicitly prohibits heat detectors in sleeping accommodation.
8. Conduct fire drills at least twice per year. Include scenarios during busy prayer times.
9. Maintain your fire logbook. Record all tests, service visits, false alarms, variations (changes from the standard design), and any modifications. The 2025 standard requires all variations to be documented.

Best (leading practice):

10. Schedule 6-monthly service visits with an NSI or BAFE-certified contractor (see Section 12 for what these certifications mean). Check that ARC (Alarm Receiving Centre — the monitoring station) signal transmission is tested at every visit.
11. Verify alarm transmission times with your monitoring company. Ask them to confirm ARC notification within 90 seconds for life safety systems. See Section 5 for ARC monitoring of intruder alarm systems, which uses the same infrastructure.
12. Label batteries in fire alarm systems with the date of installation.

Common Mistakes

• Heat detectors in sleeping rooms. This was previously tolerated in some installations but is now explicitly prohibited under BS 5839-1:2025.
• Overdue servicing. Fire alarm systems must be serviced every 6 months (with a 1-month tolerance). Letting this lapse creates legal liability and may void insurance.
• No logbook or incomplete records. Every test, service visit, and false alarm must be recorded. Missing records are a common finding in fire safety inspections.
• Blocked fire exits during peak times. Shoes, overflow prayer mats, and temporary furniture frequently obstruct exits during Ramadan and Eid.
• Not informing the ARC of premises type. Your alarm monitoring company should know if your premises include sleeping accommodation — this affects Fire and Rescue Service response protocols.

Funding & Support

• PSMS (Section 9) can fund fire detection equipment improvements.
• Your local Fire and Rescue Service provides free fire safety advice for non-domestic premises — contact them to request a visit.
• The FIA (Fire Industry Association) publishes free guidance documents including the guide to BS 5839-1:2025 changes.

Key Standards & References

4. Safeguarding

Priority: Critical Applies to: All mosques registered as charities; all premises where children or vulnerable adults are present Key legislation: Charities Act 2011; Safeguarding Vulnerable Groups Act 2006; Children Act 1989/2004

Why This Matters

Mosques regularly host children (madrassah classes, youth groups, holiday clubs) and vulnerable adults (elderly congregants, those with disabilities, refugees). As a charity, your trustees have a legal duty to safeguard everyone who comes into contact with your organisation. Failure to have adequate safeguarding procedures is a serious regulatory matter — the Charity Commission can intervene, and in the worst cases, trustees can face personal liability.

Key Requirements

Charity Commission duties for trustees:

• Safeguarding must be central to the charity's operations and board decisions — not an afterthought.
• You must have a documented safeguarding policy, reviewed annually and immediately after any incident.
• You must have a code of conduct, whistleblowing policy, complaints procedure, and anti-bullying policy.
• A Designated Safeguarding Lead (DSL) must be appointed with adequate training.
• DBS (Disclosure and Barring Service) checks must be obtained for all eligible roles. All other roles involving contact with children or vulnerable adults should be risk-assessed.
• Concerns must be reported to the local authority within 24 hours — to the Local Authority Designated Officer (LADO) for concerns about a person working with children, or to the safeguarding adults team for concerns about vulnerable adults.
• Health, safety, and digital safety procedures must be in place.

DBS check levels:

Practical Actions

Good (safe start):

1. Appoint a Designated Safeguarding Lead (DSL) — the named person responsible for handling safeguarding concerns. This person should receive formal safeguarding training (Level 3 minimum) and be the first point of contact for any concerns. Appoint a deputy DSL as backup.
2. Write a safeguarding policy. The Charity Commission provides a template. Your policy must cover: scope, roles and responsibilities, reporting procedures, code of conduct, recruitment and DBS checks (criminal record checks — see table above), training requirements, record-keeping, and digital safety.
3. Conduct DBS checks for all roles involving unsupervised contact with children or vulnerable adults. This includes madrassah teachers, youth group leaders, holiday club volunteers, and anyone providing personal care.
4. Establish a clear reporting pathway. Concerns go to the DSL, who decides whether to refer to the local authority. Serious concerns must be reported within 24 hours. The DSL should know the local authority's referral numbers.

Better (well protected):

5. Review the policy annually and immediately after any incident. Minute the review in your trustee meeting records.
6. Risk-assess all other roles. Even where a DBS check is not legally required, assess whether the role involves contact with vulnerable people and what safeguards are needed.
7. Train all volunteers and staff in safeguarding awareness. At minimum, everyone should know: what abuse looks like, how to respond to a disclosure (when someone tells you about abuse), and who to report to (the DSL).
8. Implement a code of conduct covering appropriate behaviour, supervision ratios (how many adults per group of children), physical contact, photography, and lone working.
9. Display safeguarding information. A poster showing who the DSL is and how to raise a concern should be visible in areas used by children and vulnerable adults.

Best (leading practice):

10. Maintain records securely. Safeguarding records must be stored confidentially and retained in accordance with your retention policy.
11. Be aware of Out of School Settings (OOSS) requirements. Madrassahs and supplementary schools operating from mosque premises fall under the Department for Education's OOSS framework. Local authorities are increasingly monitoring these settings. Ensure your madrassah has appropriate safeguarding policies, supervision ratios, and health and safety measures in place.
12. Ensure trustees themselves have DBS checks. Trustees of charities working with children or vulnerable adults are eligible for Enhanced DBS checks, even if they do not directly teach or supervise. The Charity Commission scrutinises this.

Common Mistakes

• No written policy. "We all know what to do" is not adequate. The Charity Commission expects a documented policy.
• DBS checks not renewed. DBS checks are a point-in-time snapshot. Best practice is to renew them every three years, and to use the DBS Update Service for ongoing monitoring.
• No DSL appointed. Without a named responsible person, concerns fall through the cracks.
• Assuming safeguarding is "someone else's job." Every trustee shares collective responsibility.
• Not reporting. Fear of reputational damage must never prevent reporting a safeguarding concern. Failure to report is the greater legal and moral risk.
• Inadequate supervision ratios. Madrassah classes and youth activities must have appropriate adult-to-child ratios. A single adult alone with children is never acceptable.

Funding & Support

• Charity Commission safeguarding guidance is free at gov.uk.
• Local Safeguarding Children Partnerships and Safeguarding Adults Boards publish local procedures and provide training.
• NSPCC provides safeguarding training and a helpline (0808 800 5000).
• Ann Craft Trust provides resources specific to safeguarding adults.

Key Standards & References

5. Electronic Security Systems

Priority: High Applies to: All mosques (systems should be proportionate to risk) Key legislation: None specific; standards-based

Why This Matters

Electronic security systems — intruder alarms, CCTV, and access control — form the technical backbone of mosque security. A properly specified and installed system deters crime, provides evidence for prosecution, and can trigger rapid police or monitoring centre response. However, a poorly specified or unmaintained system provides a false sense of security and may not meet insurance requirements.

Key Requirements

Intruder alarm systems should comply with PD 6662:2017 (the UK application of the European standard BS EN 50131). Systems are graded 1-4 based on risk:

• BS 8243:2021 specifies procedures for avoiding false alarms, particularly for confirmed alarm signalling (sequential activation of two detectors).
• BS EN 50136-1 covers alarm transmission to monitoring centres.

CCTV systems should comply with BS EN 62676 (minimum requirements for video surveillance) and BS 8418:2015 (remote monitoring of detector-activated CCTV).

Access control systems should comply with BS EN 50133-1. Where access control interacts with fire safety (e.g. door release for escape), BS 7273-4:2015+A1:2021 applies.

Practical Actions

Good (safe start):

1. Commission a security survey from an NSI-approved company (see Section 12) before buying equipment. A survey establishes what you actually need rather than what a salesperson wants to sell you.
2. Specify the correct intruder alarm grade. For most mosques, Grade 2 to PD 6662:2017 (the UK standard for intruder alarms) is appropriate. Check with your insurer — they may specify a minimum grade.
3. Ensure CCTV covers key areas: all entrances/exits, car park, perimeter, and any areas vulnerable to arson (bins, side walls). Cameras should be visible as a deterrent. See Section 6 for the data protection and UK GDPR obligations that apply to all CCTV systems.

Better (well protected):

4. Use an NSI NACOSS Gold or Systems Silver certified installer. This ensures the system meets British Standards and is recognised by insurers and police.
5. Set up monitored alarm transmission to an NSI-approved Alarm Receiving Centre (ARC — a monitoring station that receives alarm signals and dispatches a response). Unmonitored alarms are significantly less effective.
6. Integrate access control with fire safety — ensure electronically locked doors release automatically on fire alarm activation (BS 7273-4).
7. Maintain all systems. Intruder alarms and CCTV should be serviced at least annually; monitored systems typically require 6-monthly maintenance per the monitoring contract.

Best (leading practice):

8. Check CCTV footage quality regularly. Ensure cameras are clean, correctly aimed, and producing usable images — especially at night.
9. Install panic buttons (personal attack systems) in the main office, reception desk, and Imam's office. These should be linked to your ARC and allow staff to raise a silent alarm if facing an aggressive individual or hate crime during opening hours when the main intruder alarm is unset.
10. Consider wireless panic attack lanyards and lone worker devices. These are optional but recommended for staff or volunteers who may be alone on premises or moving between areas. Wireless personal alarm devices can be worn as lanyards and trigger an alert to the ARC or designated responders without requiring the wearer to reach a fixed panic button.

Common Mistakes

• Buying equipment before getting a survey. Without a professional assessment, you may over-spend in some areas and miss critical vulnerabilities in others.
• Using uncertified installers. Systems installed by non-NSI companies may not meet British Standards, which can void insurance and prevent police response to alarm activations.
• Unmonitored alarms. An alarm that rings with nobody listening provides minimal protection. Monitored systems connect to an ARC that can dispatch a response.
• Forgetting maintenance. CCTV cameras get dirty, moved by wind, or develop faults. Alarms need battery replacement and sensor testing. Annual maintenance is essential.
• Access control that traps people in a fire. Electronic locks must fail-safe (unlock) on fire alarm activation. This is a life-safety requirement under BS 7273-4.

Funding & Support

• PSMS (Section 9) funds CCTV cameras, intruder alarms, secure fencing, and stronger locks and doors — all provided free by the Home Office.
• NSI (nsi.org.uk) maintains a searchable directory of approved companies.

Key Standards & References

6. CCTV & Data Protection

Priority: High Applies to: All mosques operating CCTV systems Key legislation: UK GDPR; Data Protection Act 2018

Why This Matters

CCTV is one of the most effective security measures a mosque can deploy — it deters crime, provides evidence, and reassures the community. However, operating CCTV brings legal obligations under UK data protection law. If your cameras capture images of people beyond your property boundary — including public pavements, roads, neighbouring properties, or communal areas — you are processing personal data and must comply with UK GDPR. Getting this wrong can lead to enforcement action by the Information Commissioner's Office (ICO) and damage community trust.

Key Requirements

• Lawful basis: You must have a clear, justified reason for using CCTV. For mosques, this is typically "legitimate interests" (security of premises and protection of congregants).
• Data minimisation: Capture only what is necessary. Position cameras to cover your own property as far as possible. Where cameras unavoidably capture public areas, consider privacy masking to block out neighbouring windows or irrelevant areas.
• Signage: Display clear signs at all entry points stating that CCTV is in operation, who operates it, and how to make a subject access request.
• Subject access requests (SARs): Anyone recorded by your CCTV can request a copy of their footage. You must respond within one calendar month.
• Right to erasure: Individuals can request deletion of their footage.
• Right to object: Individuals can object to being recorded. You must cease unless you have a strong justification that overrides their rights.
• Retention: Delete footage regularly. As a general guideline, 30 days is a commonly used retention period for CCTV — your mosque should set a period proportionate to its security needs and document the justification. Footage needed for an active investigation or legal proceedings should be retained until no longer required.
• Security: Footage must be stored securely with access restricted to authorised personnel only.

Practical Actions

Good (safe start):

1. Install signage at every entrance. Signs should state: "CCTV in operation", your mosque's name, the purpose ("for the safety and security of our premises and community"), and a contact for SARs (Subject Access Requests — when someone asks to see their footage), e.g. an email address.
2. Set automatic deletion. Configure your CCTV system to overwrite footage after 30 days (or your chosen retention period).
3. Restrict access. Only named individuals should have access to CCTV footage and the recording equipment. Keep the DVR/NVR (Digital/Network Video Recorder — the device that stores footage) in a locked room or cabinet.

Better (well protected):

4. Conduct a CCTV impact assessment. Document why you need CCTV, what areas it covers, and how you minimise intrusion (capturing only what is necessary). This is your evidence of compliance.
5. Position cameras carefully. Cover your entrances, exits, car park, and perimeter. Avoid pointing cameras directly at neighbouring properties, the street more than necessary, or the prayer hall interior unless there is a specific security justification.
6. Prepare a SAR response process. Know who handles requests, how to extract and provide footage, and the one-month deadline.

Best (leading practice):

7. Document your CCTV policy. A simple one-page document covering: purpose, areas covered, retention period, who has access, how to make a SAR. Keep this available for anyone who asks.
8. Review camera positions annually and after any changes to the building or surrounding area.

Common Mistakes

• No signage. This is the most common CCTV compliance failure. Every entry point needs a sign.
• Excessive coverage. Cameras aimed at the public street, neighbours' gardens, or the prayer hall without justification. Capture what you need for security, not everything.
• No retention policy. Keeping footage indefinitely is unlawful. Set automatic deletion.
• Open access to footage. Everyone having the DVR password defeats security and creates data protection risk. Restrict access to named individuals.
• Ignoring SARs. If someone asks for their footage, you must respond within one calendar month. Failure to respond is an ICO enforcement matter.
• Poor image quality. CCTV that cannot identify individuals is of limited evidential value. Ensure adequate resolution and lighting, especially at night.
• Audio recording left enabled. Many modern CCTV cameras record audio by default. Audio recording is considered highly intrusive under UK GDPR and is almost never justifiable for mosque premises. Disable audio recording on all cameras unless you have a documented, specific justification.

Funding & Support

• PSMS (Section 9) funds CCTV camera installation.
• The ICO provides free CCTV guidance at ico.org.uk. For organisational use (which applies to mosques), see the ICO's guidance for organisations using CCTV rather than the domestic/home guidance.
• The ICO cannot forcibly remove cameras, force repositioning, or retrieve footage — but they can issue fines for non-compliance.

Key Standards & References

7. Site Security & Perimeter Protection

Priority: High Applies to: All mosques and community premises Key legislation: None specific; duty of care under Occupiers' Liability Act 1957/1984

Why This Matters

The physical security of your building and its perimeter is your first line of defence against intrusion, vandalism, arson, and vehicle attack. Most attacks on mosques — particularly arson and vandalism — happen at night when the building is unoccupied. Simple, low-cost measures like good lighting, strong locks, and removing combustible materials from walls significantly reduce risk.

Key Requirements

• Premises must be maintained in a condition that does not pose a risk to visitors (Occupiers' Liability Act).
• Fire exits must be kept clear and functional at all times (Fire Safety Order 2005).
• Under Martyn's Law (Section 2), premises must have procedures for managing access during an attack.

Practical Actions

Good (safe start):

1. Audit all entry points. Walk the full perimeter. Identify every door, window, hatch, and opening. Ensure all have strong, working locks.
2. Install exterior lighting at all entrances, fire exits, car parks, and along perimeter walls. Sensor-activated lights are effective and energy-efficient. Most attacks happen at night — lighting is the cheapest and most effective deterrent.
3. Remove combustible materials (anything that can catch fire) from external walls. Keep bins, recycling, timber, and stored materials well away from the building. This is a specific arson prevention measure highlighted in both the MCB Emergency Response Plan and MEND guide.
4. Secure side doors, rear entrances, and windows from the inside. These are common entry points for intruders and should be checked daily.

Better (well protected):

5. Install visible CCTV covering entrances, car park, and perimeter (see Sections 5 and 6 for technical and legal requirements).
6. Implement access control during events. During busy times (Jumu'ah, Tarawih, Eid), have volunteers at doors to manage entry and watch for unusual activity.
7. Lock unused rooms and offices. Restrict access to areas not in active use.
8. Secure donation boxes and cash handling. Bolt donation boxes to the floor or wall. Count cash in a locked room with at least two people present. Vary your banking routine (different days, different times, different routes). Do not leave cash on the premises overnight if avoidable — use a safe bolted to the floor if it must stay.

Best (leading practice):

9. Demarcate public and private areas. Use signage, fencing, or barriers to make clear where the public may and may not go.
10. Consider hostile vehicle mitigation (HVM) — measures to prevent vehicle attacks such as bollards, planters, and traffic calming — if your premises front a road where a vehicle could approach at speed. NPSA/ProtectUK provides guidance. HVM should be proportionate — not every mosque needs bollards, but those on busy roads with direct vehicle approach should assess the risk.
11. Conduct regular housekeeping searches. Systematically check common areas, stairwells, toilets, and storage areas for suspicious items or signs of tampering. Make this routine, not reactive.

Common Mistakes

• Poor lighting. A dark building is an invitation. Lighting is inexpensive and effective — prioritise it.
• Bins against walls. This is the single most common arson enabler. Move them away.
• Side doors left unlocked. Main entrances may be well-secured while side and rear doors are neglected.
• No routine checks. Security should be a daily habit, not a response to an incident.
• Over-investing in one area while neglecting basics. An expensive CCTV system is less valuable than well-lit premises with locked doors and clear exits.
• Unsecured donation boxes. Loose or portable cash collection boxes near entrances are a primary target for opportunistic theft and break-ins.

Funding & Support

• PSMS (Section 9) funds secure fencing, gates, stronger locks and doors, and CCTV.
• NPSA/ProtectUK (protectuk.police.uk) provides free hostile vehicle mitigation guidance.
• Tower Hamlets Council has published mosque safety and security tips applicable to mosques nationwide.
• Your local Crime Prevention Design Adviser (CPDA) can provide free advice — contact your local police force.

Key Standards & References

8. Manned Guarding & Stewarding

Priority: High Applies to: Mosques using security guards, stewards, or door volunteers Key legislation: Private Security Industry Act 2001

Why This Matters

A visible human presence at the door is one of the most effective deterrents, particularly during high-attendance events. However, there is a critical legal distinction between stewarding (which does not require a licence) and security guarding (which does). Getting this wrong can result in criminal prosecution of both the individual and the organisation.

Key Requirements

When an SIA licence IS required:

When an SIA licence is NOT required:

• Unpaid volunteers never need a licence — provided they receive no reward, benefit, or payment in kind.
• Stewarding — directing people to seats, toilets, or first-aid facilities — does not require a licence. However, if a steward also refuses entry to people or removes people, that crosses into licensable activity.
• In-house employees at non-licensed premises (i.e. directly employed by the mosque, not via a security company) do not need a licence for security guarding.

Practical Actions

Good (safe start):

1. Use trusted volunteers as door stewards during busy times (Jumu'ah, Tarawih, Eid). Brief them on what to look for: unfamiliar individuals behaving unusually, unattended bags, vehicles parked in unusual positions.
2. Be clear about roles. If volunteers are welcoming people and showing them where to go, that is stewarding (no licence needed). If they are checking bags, refusing entry, or removing people, that is security guarding (SIA licence required if contracted — see Key Requirements above).
3. Brief all guards and stewards on your emergency response plan (Section 1), including evacuation routes, assembly points, and the WhatsApp alert system.

Better (well protected):

4. If you need contracted security guards, use only SIA-licensed individuals from NSI-approved security firms. Check licences on the SIA register (sia.homeoffice.gov.uk).
5. Apply for PSMS-funded security guarding for peak periods (see Section 9). The scheme provides free security guards for vulnerable mosques during Ramadan, Eid, and other high-attendance events.

Best (leading practice):

6. Conduct due diligence (background checks) on any security company you engage. Check their SIA Approved Contractor Scheme (ACS) status and NSI accreditation. Request copies of individual guard licences.
7. Do not use security guards as a substitute for good physical security. Guards are most effective when combined with lighting, CCTV, and controlled access points.

Common Mistakes

• Paying volunteers. If you pay someone — even in kind (meals, gifts, expenses beyond actual costs) — they may no longer be exempt from SIA licensing requirements.
• Assuming all door work is stewarding. The moment someone refuses entry or removes a person, it becomes security guarding.
• Using unlicensed security companies. This is a criminal offence under the Private Security Industry Act 2001 for both the company and the mosque.
• No briefing for guards. Security guards who don't know your evacuation plan are a liability, not an asset.

Funding & Support

• PSMS (Section 9) funds security guarding services for vulnerable mosques at peak times.
• SIA register (sia.homeoffice.gov.uk) — verify individual licence status.
• NSI (nsi.org.uk) — directory of approved guarding companies.
• MEND guide section 4 provides guidance on volunteer door teams.

Key Standards & References

9. Government Funding: Protective Security for Mosques Scheme (PSMS)

Priority: High Applies to: All mosques and associated faith community centres Key legislation: None (discretionary government scheme)

Why This Matters

The UK Government provides significant free security funding for mosques through the Protective Security for Mosques Scheme (PSMS), part of the Places of Worship Protective Security Fund. In 2024 the government allocated £117 million over four years for protective measures for mosques (MEND, 2025). In October 2025 the Prime Minister announced a further £10 million boost to the scheme (MCB Briefing, 2025). All measures — CCTV, alarms, fencing, locks, and even security guarding services — are provided free by the Home Office. Every vulnerable mosque should apply.

Key Requirements

Eligibility:

• Your mosque or associated faith community centre is a registered charity (or exempt from registration).
• You have experienced hate crime, feel vulnerable to hate crime, or there has been hate crime in your local area towards places of worship.

What you can apply for:

• CCTV cameras
• Intruder alarm systems
• Secure fencing and gates
• Stronger locks and doors
• Security guarding services (e.g. for Jumu'ah, Tarawih, Ramadan, Eid) — see Section 8 for SIA licensing requirements

If approved for CCTV, see Section 5 for installation standards and Section 6 for data protection compliance. For intruder alarms, see Section 5. For fencing and locks, see Section 7.

Practical Actions

Good (safe start):

1. Apply now — do not wait for an incident. Visit gov.uk/guidance/protective-security-for-mosques-scheme.
2. Prepare strong evidence. Document any hate incidents, threats, or vandalism. Include photographs, police crime reference numbers, and witness statements.
3. Explain community impact. Describe how hate crime (or the threat of it) affects your congregation — fear, reduced attendance, anxiety, changed behaviour.

Better (well protected):

4. Request security guarding if needed for peak times. Specify the events (Jumu'ah, Tarawih, Ramadan, Eid) and the hours required.
5. Be persistent. The MCB briefing (October 2025) documents delays of 10–25 months in application processing. Chase your application regularly and keep records of all correspondence.
6. Do not let PSMS delays prevent you from taking basic steps. While waiting for funded measures, implement low-cost actions: lighting, lock checks, bins away from walls, volunteer door teams, WhatsApp alert groups.

Best (leading practice):

7. Encourage other mosques to apply. The funding is free and available on a rolling basis. Many eligible mosques have not applied. Share your experience with the application process.
8. Apply for additional measures if your circumstances change or new threats emerge. One application does not have to cover everything.

Common Mistakes

• Not applying at all. Many eligible mosques are unaware of the scheme or assume they won't qualify. If you feel vulnerable, apply.
• Weak applications. Applications without evidence of hate crime or clear community impact are less likely to succeed. Document everything.
• Waiting passively. The MCB briefing documents that many mosques wait months without chasing. Follow up regularly.
• Confusing PSMS with Prevent. PSMS is a security funding scheme, not a counter-extremism programme. The MCB has called for the government to make this distinction clearer. MEND advises mosques against accepting any conditions attached to the funding such as participation in PREVENT or other counter-terrorism programmes — if approached on such matters, contact MEND for advice ([email protected]).
• Assuming one application covers everything. You can apply for additional measures if your circumstances change or new threats emerge.

Funding & Support

• Apply online: gov.uk/guidance/protective-security-for-mosques-scheme
• MEND guidance: MEND publishes step-by-step application guides and provides direct support ([email protected]).
• MCB Security Workstream: Provides template letters and advocacy support.
• Islamophobia Response Unit: 020 3904 6555 or [email protected] for reporting and support.

Key Standards & References

10. Training, Drills & Community Liaison

Priority: High Applies to: All mosques and community premises Key legislation: Martyn's Law (staff training requirement); Fire Safety Order (fire drill requirement)

Why This Matters

Security equipment and written plans are only effective if people know how to use them. Training transforms paper policies into practised capability. Community liaison — with police, neighbours, other mosques, and local institutions — provides the early warning and mutual support that no technology can replace. The MEND guide emphasises that building strong links with your community is the first step in keeping your mosque safe, and it is placed before physical security for good reason.

Key Requirements

• Martyn's Law (Section 2) requires training for staff and volunteers on emergency procedures. This becomes a legal obligation by ~April 2027.
• Fire Safety Order requires fire drills at appropriate intervals. For most mosques, at least twice per year is recommended, with additional drills during high-attendance periods.
• Safeguarding (Section 4) requires all volunteers with contact with children or vulnerable adults to receive safeguarding awareness training.

Practical Actions

Training:

Good (safe start):

1. Test the fire alarm weekly and record the test. Rotate which call point (the red box on the wall you press to trigger the alarm) is used.
2. Train all regular volunteers in: evacuation procedures, the WhatsApp alert system, how to use fire extinguishers, and what to do if they discover a suspicious item.
3. Record all training — dates, attendees, topics, trainer. You will need these records for Martyn's Law compliance and Charity Commission governance.

Better (well protected):

4. Conduct evacuation and invacuation drills at least twice per year during quieter periods (e.g. madrassah hours or weekday events). For busy periods like Jumu'ah or Tarawih, conduct a tabletop exercise (a discussion-based walkthrough of a scenario) with the committee — walk through the scenario on paper, identify bottlenecks, and assign roles. Only attempt a live drill during peak attendance once your committee has crowd management experience and confidence.
5. Practise the WhatsApp alert system monthly. Send a GREEN ALERT test message to confirm the group is active and all members receive it.
6. Deliver safeguarding awareness training annually to all volunteers who have contact with children or vulnerable adults. See Section 4 for full safeguarding requirements including DBS checks and policy documentation.

Best (leading practice):

7. Provide first aid training for at least two people per shift/event. St John Ambulance and the Red Cross offer courses.
8. Train the security team (stewards and any contracted guards) on searching procedures and how to handle bomb threats. ProtectUK provides free guidance.

Community Liaison:

Good (safe start):

9. Introduce yourself to your local police SNT/NPT (Safer Neighbourhood Team / Neighbourhood Policing Team). Exchange contact numbers with their leadership. Establish a named point of contact on both sides.
10. Report hate crimes — to the police (999 for emergencies, 101 for non-emergencies), to True Vision (report-it.org.uk) for all hate crimes, and for Islamophobic incidents specifically to: the British Muslim Trust (the government-funded Islamophobia monitor), Tell MAMA (tellmamauk.org, independent), or Muslim Safety Net (muslimsafetynet.org.uk, run by Muslim Women's Network UK). Under-reporting reduces the resources allocated to protect mosques — report every incident.

Better (well protected):

11. Know your Counter Terrorism Security Adviser (CTSA). Request a free site visit and ongoing liaison through your local police force.
12. Link up with other mosques in your area. Share information, compare experiences, and consider organising regular security meetings. MEND recommends establishing regional mosque safety committees.
13. Keep an incident log. MEND provides a printable "Mosque Incident Log" template for recording Islamophobic and hate incidents (date, time, location, what happened, people involved, whether it was reported, action taken, and follow-up needed). Consistent logging strengthens future PSMS applications and police engagement.

Best (leading practice):

14. Talk to neighbours, local shops, and schools. Good relationships mean people are more likely to report suspicious activity around your premises.
15. Collaborate with other faith leaders on shared security concerns. Interfaith security cooperation can be a force multiplier.
16. Support your community's wellbeing. Hate crime and the fear of hate crime have a real impact on mental health. Talk openly to your congregation about the safety steps you are taking, encourage continued attendance, and signpost to Victim Support (0808 168 9111) and the Islamophobia Response Unit (020 3904 6555) for those affected.
17. Engage with local councillors. Arrange regular meetings to discuss community safety. Find out if your council has an independent advisory group on hate crimes and the protection of places of worship. MEND recommends meeting your councillors at least monthly.

Common Mistakes

• Fire drills only when the building is quiet. A drill during a weekday afternoon tells you nothing about evacuation during Jumu'ah with 500 people present.
• Training the committee but not the volunteers. The people most likely to be first on the scene during an incident are volunteers, not trustees.
• No records kept. Training that is not documented did not happen, as far as regulators are concerned.
• Treating community liaison as optional. Your relationship with local police is one of your most valuable security assets. It costs nothing to maintain.
• Not reporting hate crimes. Under-reporting means the threat is under-estimated, which reduces the resources allocated to protect mosques. Report every incident.

Funding & Support

• ProtectUK provides free ACT Awareness e-learning and counter-terrorism guidance.
• CTSAs provide free site visits and security training through local police forces.
• MEND provides community safety training and regional support ([email protected]).
• St John Ambulance and British Red Cross provide first aid training courses.
• British Muslim Trust — government-funded Islamophobia monitoring and reporting service.
• Tell MAMA (tellmamauk.org) — independent Islamophobic hate crime reporting and monitoring.
• Muslim Safety Net (muslimsafetynet.org.uk, 0330 330 0288) — anti-Muslim incident reporting, run by Muslim Women's Network UK.
• True Vision (report-it.org.uk) — police-funded hate crime reporting service covering all categories.
• The MCB Briefing (Oct 2025) advocates for integrated security training with local police and Fire Rescue Services, rather than standalone packages.

Key Standards & References

11. Cyber Security

Priority: Recommended Applies to: All mosques with IT systems, connected security equipment, or online services Key legislation: UK GDPR (data breach notification); Network and Information Systems Regulations 2018 (for critical services)

Why This Matters

Mosques increasingly rely on connected systems: online donation platforms, membership databases, email communications, Wi-Fi networks, and — critically — networked fire alarm and CCTV systems. A cyber attack can disable your security systems, expose personal data, enable financial fraud, or disrupt operations. The 2025 update to BS 5839-1 introduced a new clause (43.4) specifically addressing cyber security of fire alarm systems, recognising that these are now networked devices vulnerable to attack. The same risks apply to networked intruder alarm and CCTV systems (see Section 5 for electronic security system standards).

Key Requirements

• Under UK GDPR, you must protect personal data against unauthorised access, loss, or destruction. A data breach affecting personal data must be reported to the ICO within 72 hours if it poses a risk to individuals.
• BS 5839-1:2025 clause 43.4 requires: locked communications cabinets, anti-tamper plugs on patch leads, authentication before remote access to fire alarm systems, and a risk assessment before performing remote services.

Practical Actions

Good (safe start):

1. Enable multi-factor authentication (MFA) — a second step when logging in, such as a code sent to your phone — on all email accounts, donation platforms, bank accounts, and any system holding personal data.
2. Use strong, unique passwords. A password manager (a tool that stores and generates passwords for you, such as Bitwarden, which is free) makes this practical.
3. Keep all devices and software updated. Enable automatic updates where possible. This includes the firmware (built-in software) on CCTV systems, routers, and fire alarm panels.

Better (well protected):

4. Use the NCSC Cyber Essentials framework as your baseline. It covers five key controls: firewalls (barriers between your network and the internet), secure configuration, access control, malware protection (defence against viruses and malicious software), and patch management (keeping software up to date). Certification is available but not mandatory.
5. Train staff and volunteers to recognise phishing (fake emails or messages designed to trick you into revealing passwords or clicking harmful links). Phishing is the most common entry point for attackers.
6. Back up data regularly. Follow the 3-2-1 rule: 3 copies, 2 different media (e.g. hard drive and cloud), 1 off-site. Test your backups periodically.

Best (leading practice):

7. Lock communications cabinets and IT enclosures. This is now a BS 5839-1:2025 requirement for fire alarm systems but should apply to all network equipment.
8. Fit anti-tamper plugs to patch leads (the cables connecting devices in a network cabinet) in communications cabinets (BS 5839-1 requirement).
9. Require authentication before remote access to any system — fire alarms, CCTV, access control, or IT.
10. Develop a cyber incident response plan. Know who to contact (your IT provider, the ICO if personal data is affected, Action Fraud for cyber crime) and what steps to take.

Common Mistakes

• Default passwords left unchanged on CCTV systems, routers, and fire alarm panels. Change these immediately on installation.
• No MFA on email. Email compromise is the gateway to financial fraud (fake invoice scams) and data breaches.
• Unsecured Wi-Fi. Guest Wi-Fi should be segregated from your operational network and secured with a password.
• No backups. Ransomware can encrypt all your files. Without backups, you lose everything.
• Ignoring fire alarm cyber security. The new BS 5839-1 clause 43.4 exists because networked fire alarm systems have been compromised. Lock the cabinets.

Funding & Support

All of the following NCSC resources are free:

• Cyber Essentials — self-assessment framework (ncsc.gov.uk)
• Cyber Action Toolkit — step-by-step cyber security improvement
• Exercise in a Box — realistic cyber attack exercises
• Mail Check and Web Check — free tools to check your domain security
• Active Cyber Defence programme — free tools for UK organisations

Key Standards & References

12. Certification & Compliance

Priority: Recommended Applies to: Mosques commissioning security and fire safety work Key legislation: None specific; industry standards and insurance requirements

Why This Matters

When you commission security or fire safety work, the quality of the company you use determines whether your systems will work when they matter most. Two organisations provide the benchmarks in the UK: the National Security Inspectorate (NSI) and the British Standards Institution (BSI). Using NSI-certified contractors ensures your systems meet British Standards, are recognised by insurers, and are eligible for police response to alarm activations.

Key Requirements

• Most insurance policies require security systems to be installed and maintained by an approved contractor (typically NSI NACOSS Gold or equivalent).
• Police response to intruder alarm activations is generally only available for systems installed and maintained by NSI or SSAIB approved companies with alarm transmission to an approved ARC.
• Fire safety systems should be installed and maintained by BAFE-registered companies.

Practical Actions

Good (safe start):

1. Always use NSI-approved contractors for security system installation and maintenance. Search the NSI directory at nsi.org.uk. See the Glossary for what NSI means.
2. For fire safety systems, use BAFE-registered companies (BAFE — British Approvals for Fire Equipment). Check at bafe.org.uk.
3. Check your insurance policy for specific requirements about contractor accreditation (approval) and system standards. Non-compliant systems may void your cover.

Better (well protected):

4. Request certificates of compliance after installation and each service visit. Keep these in your building records.
5. Verify certifications independently. Check the NSI and BAFE registers directly — don't rely solely on what a contractor claims.

Best (leading practice):

6. Consider ISO standards (international quality standards) if your mosque is large or operates multiple sites:
   • ISO 9001 — Quality management
   • ISO 14001 — Environmental management
   • ISO 45001 — Occupational health and safety

Common Mistakes

• Choosing the cheapest installer. An uncertified installer may save money upfront but the system may not meet standards, voiding insurance and preventing police response.
• Not checking accreditation. Verify on the NSI/BAFE register — accreditation claims are not always current.
• Missing maintenance contracts. Systems need ongoing maintenance. An installed-and-forgotten system degrades and fails.
• Assuming all "CCTV installers" are equal. Only NSI-approved companies are recognised by insurers and police for monitored systems.

Funding & Support

• NSI directory of approved companies: nsi.org.uk
• BAFE register of fire safety companies: bafe.org.uk
• BSI Knowledge for standards documents: knowledge.bsigroup.com
• PSMS-funded work (Section 9) is typically carried out by Home Office-approved contractors who meet these standards.

Key Standards & References

Appendix A: Emergency Contact Numbers

Appendix B: Key British Standards Quick Reference

Appendix C: Glossary

Appendix D: Sources & Further Reading

1. MCB Emergency Response Plan (Abdul Azad / TVMC, September 2025)
2. Terrorism (Protection of Premises) Act 2025 — legislation.gov.uk
3. FIA Guide to the Changes in BS 5839-1:2025 (Fire Industry Association, Version 1, June 2025)
4. Key British Standards: BS EN 50131, BS EN 62676, BS EN 50133, BS 5839-1, BS 5839-6, PD 6662, BS 8243, BS 8418, BS 7273-4
5. Tower Hamlets Council — Mosque Safety and Security Tips
6. SIA — Events Guidance for Suppliers of Security (May 2022)
7. ICO — Home CCTV Systems Guidance — ico.org.uk/for-the-public/home-cctv-systems/
8. Charity Commission — Safeguarding and Protecting People for Charities and Trustees — gov.uk
9. NCSC — Cyber Security for Small Organisations — ncsc.gov.uk
10. NSI — National Security Inspectorate — nsi.org.uk
11. BSI Knowledge — knowledge.bsigroup.com
12. MEND — Keeping Your Mosque Safe: Easy Read Guide for Mosque Leaders (September 2025)
13. MEND — Emergency Mosque Security Funding Guide (2024)
14. MCB Briefing: Urgent Improvements to the Protective Security for Mosques Scheme (October 2025)
15. GOV.UK — Protective Security for Mosques Scheme — gov.uk/guidance/protective-security-for-mosques-scheme
16. NPSA/ProtectUK — Hostile Vehicle Mitigation Guidance — protectuk.police.uk
17. British Muslim Trust — government-funded Islamophobia monitoring service
18. Tell MAMA — tellmamauk.org (independent)
19. Muslim Safety Net — muslimsafetynet.org.uk (Muslim Women's Network UK)
20. True Vision — report-it.org.uk
21. NPSA — Evacuation, Lockdown and Invacuation Guidance (April 2025) — npsa.gov.uk

Appendix E: Self-Assessment Questionnaire

A printable self-assessment questionnaire covering all twelve domains is available as a separate document: MCB Mosque Security Self-Assessment. Use it to identify your current level across each domain and prioritise your next steps.

The questionnaire is available from the MCB Security Workstream — see the Resources & Contact section at the end of this guide.

Appendix F: Schools & Madrassah Annex

This annex highlights which sections of the guide apply specifically to madrassahs (supplementary schools teaching Qur'an and Islamic studies), youth groups, holiday clubs, and other educational activities operating from mosque premises. It also identifies additional requirements that go beyond what is covered in the main guide sections.

Which Guide Sections Apply

Additional Requirements for Madrassahs

Out of School Settings (OOSS) Framework:

Madrassahs and supplementary schools operating from mosque premises fall under the Department for Education's OOSS framework. Local authorities are increasingly monitoring these settings. Key requirements:

• A named safeguarding lead for the madrassah (this can be the mosque's DSL, but they must be available during madrassah hours)
• A written safeguarding policy specific to the madrassah setting, or a clear section in the mosque's safeguarding policy covering madrassah activities
• Appropriate adult-to-child supervision ratios — a single adult alone with children is never acceptable. Recommended minimum ratios:
  • Under 8s: 1 adult to 8 children
  • 8 and over: 1 adult to 10 children
  • These are minimums — adjust based on the activity and any children with additional needs
• DBS checks (Enhanced with Barred List check) for all madrassah teachers and anyone in regulated activity (unsupervised teaching, care, or supervision of children)
• A register of attendance for every session
• A clear pick-up and drop-off procedure — know who is authorised to collect each child
• Health and safety basics: adequate heating, lighting, ventilation, access to drinking water, and clean toilet facilities

Behaviour and Discipline:

• Corporal punishment (physical punishment of any kind) is unlawful in all educational settings, including madrassahs. This includes hitting, slapping, and any use of physical force as discipline.
• A written behaviour policy should set out how behaviour is managed, what sanctions are used (e.g. time out, speaking to parents), and what is never acceptable.
• All teachers and volunteers must understand that physical punishment is a criminal offence and a safeguarding matter that must be reported.

Digital Safety:

• If children use devices during sessions (tablets, computers), internet access must be filtered and monitored.
• Photography and video recording policies must cover madrassah activities — who can take photos, for what purpose, and where they can be shared.
• Social media contact between teachers and children/young people should be governed by the code of conduct.

Premises Suitability:

• Rooms used for teaching must be suitable for the number of children — not overcrowded, with adequate ventilation and natural light where possible.
• Furniture must be appropriate for children's ages and sizes.
• First aid provision must be available during all madrassah sessions — at least one trained first aider and a stocked first aid kit.
• Accident and incident records must be maintained.

Registration and Inspection:

• Madrassahs providing more than 6–8 hours of teaching per week may meet the threshold for registration with the Department for Education. If registered, they become subject to Ofsted (the education inspectorate) inspection.
• Even if below the registration threshold, local authorities have powers to inspect unregistered settings where there are safeguarding concerns.
• Keep records of your curriculum, teaching hours, and safeguarding arrangements in case of inquiry.

Checklist for Madrassah Leaders

Resources & Contact

This guide, the emergency plan template, and the self-assessment questionnaire are available from the MCB Security Workstream:

• Email: [security workstream email — to be confirmed]
• MCB website: mcb.org.uk
• ProtectUK: protectuk.police.uk — free counter-terrorism guidance and e-learning
• NPSA: npsa.gov.uk — evacuation, invacuation, and lockdown planning guidance

For queries about this guide or to request support for your mosque's security planning, contact the MCB Security Workstream using the details above.

Published by the Muslim Council of Britain — Security Workstream. March 2026. This guide is for informational purposes and does not constitute legal advice. For specific legal obligations, consult the relevant legislation and seek professional guidance.