Security for Heritage Buildings

Stewart Kidd


The theft of artefacts from heritage buildings, museums and galleries is a serious problem that affects institutions throughout the world. One estimate suggests that pictures and sculpture worth more than £100 million are stolen each year in the UK alone. At the same time, the increasing value of tourism and the leisure industry has placed considerable burdens on those responsible for managing heritage premises. In particular, problems are posed by allowing the public access to locations where the building and the contents are of considerable financial as well as heritage value.


Before any work is undertaken, funds committed or contracts placed, it is essential to undertake a proper risk assessment of the premises. The assessment process may sound daunting, but this need not be the case. In most instances there is certainly no need to hire an expensive consultant to undertake this task. The process should not be confused with the fire risk assessment (for life safety purposes), which is now a legal requirement for all places of work other than those used solely by the self employed. The security risk assessment seeks to identify and quantify the potential threats facing the premises and their contents.

At its most basic, the assessment can be produced by asking some simple questions:

  • What items are we seeking to protect?
  • Who is likely to want to steal or damage them?
  • When are the intruders likely to attack?
  • How are the intruders most likely to try to gain access?

If these questions can be answered, the next steps should fall into place.

Risk assessment is a useful tool, but to be effective the process needs to be repeated whenever circumstances change. For example, if contractors are due to start work on an extension, then the risk will change, particularly if scaffolding is erected, making access much easier.

It is also worth keeping a record of the assessments made so that if something went wrong, it would be possible to demonstrate to the insurers or the courts that appropriate steps had been taken to protect the property.


The security survey should not be confused with the risk assessment. It is true that the two are connected, but the survey is a distinct tool to be used to determine precisely what security measures are in place and the deficiencies which may exist. Furthermore, any reasonably competent manager can undertake a basic risk assessment (providing he or she understands the principles), but the security survey is a little more demanding and it is unlikely that a non-specialist will be able to produce a meaningful outcome.

The survey should begin with a review or analysis of the area in which the building is located. This can often have a significant impact on the risk of crime. Crime Patterns vary tremendously. For example, buildings in rundown inner city areas where arson and vandalism are common obviously present widely different problems from remote rural locations.

It has been suggested that the arson risk can be predicted by using a simple scoring system which is available in a free leaflet published by the Arson Prevention Bureau.1

Once the environmental threat has been determined, the basic principles of security can be considered. These are often known as the 'three Ds' - Deterrence, Delay and Denial:

  • Deter the would-be intruder by presenting a difficult and discouraging site
  • Delay the intruder by making entry as difficult as possible
  • Deny the intruder either any advantage or access to the key parts of the building once entry has been gained.

The survey should review all the various security features - including both positive and negative aspects - and then produce a list of considered recommendations to overcome any deficiencies detected. The survey will normally be the starting point for any security improvements and may also provide the basis for contracts with suppliers of systems or services, so it is important to ensure that the individual or company undertaking the survey has no links with contractors. Some security service and equipment companies offer free surveys as a sales tool, but it must be accepted that such advice is worth little and may be counter-productive. Only an independent security consultant can offer impartial and unbiased advice, not motivated by thoughts of commercial self-interest.


All buildings or premises have a perimeter; this may be a fence, wall or simply the 'skin' of the building. It is at the perimeter that the security of the building and its contents begins. In the centre of a town or city it is unlikely that heritage buildings will enjoy the luxury of a perimeter wall or fence, so improving the level of security presented by the building 'skin' may be the only option. All buildings have penetrations in their skins - not just in the form of doors and windows, but also skylights, ventilation ducts, coal chutes, delivery shutters, utility duct covers, boiler room access panels and so on. It is very easy for those who live or work in a building to overlook such features.

Perimeter security can be enhanced or improved by either physical measures or detection devices. Physical measures might include bars and catches on windows and replacing or supplementing window glass with laminated or toughened glass. Detection devices might include fitting sensors on windows or the use of beam systems on walls or fences for example.


Too often the response to security threats in heritage properties has been an unthinking reflex response: 'Fit an alarm system'. While intruder detection systems can play an important role as part of a coherent security strategy, specifications for such systems are often produced by the supplying company, so it is not surprising that there have been some well-publicised cases of alarm systems failing in their intended purpose.

Modern technology is very reliable but can only be effective if the correct sensors are specified and if a reliable company which is properly certificated for this sort of work installs the system. No alarm supplier should be considered unless it is listed or approved by a reputable supervisory body.2 It almost goes without saying that a heritage building must have its alarm system directly connected to a central alarm monitoring system. However, given that some 94 per cent of all intruder alarm activating events prove spurious, it is not surprising that the police in many parts of the country are now more likely to view such equipment as a distraction and nuisance than as a welcome ally. In some force areas three or more false alarms in a specified period can result in a withdrawal or downgrading of police response to such systems.

If police response is withdrawn, insurers, whose conditions drive the installation of many alarm systems, may downgrade levels of cover or increase excess levels or 'deductibles' (the amount you have to pay of any claim).


Properly designed and installed lighting can play a considerable part in deterring would-be intruders. Again, correct specifications are important. Lighting should not only eliminate shadows or areas where an intruder can hide but should also be directed outwards from the building to provide security personnel with an advantage, silhouetting any intruder against the background and by shining into the intruder's eyes.

Lighting can be operated on time switches or by motion sensors.


Like alarm systems, closed circuit television (CCTV) has frequently been proposed as a panacea for security problems. While CCTV is extremely useful for providing surveillance of such areas as galleries, display rooms and exhibits, it must be remembered that to be effective there has to be a proper response to security breaches picked up by camera. Always consider who is going to respond to any incidents spotted on a monitor.

Nevertheless, recorded images are useful to the police as they may help to identify an intruder later. To this end, tapes should be retained for at least 28 days. To get the best possible images, tapes should be retired after six months use.

Specification of a CCTV system (including the type of camera and its location) should form part of an overall security design and should not be left to the supplier.


Where exhibits are displayed inside cabinets or cases, consideration should be given to the thickness and type of glass, the way it is fixed and the locks used to secure the doors or drawers. Conventional plate glass offers no real security and is positively dangerous when it is smashed. Laminated glass of 10mm thickness is the lowest level of security glazing which should be considered for items likely to be at risk. Proper security locks (of the type manufactured by Bramah, Abloy, Medeco or Chubb for example) should be considered, and contractors familiar with this kind of work should fit the locks and glazing.


If it is decided that the risk justifies full-time security personnel, then the choice will be between employing the personnel directly or using a security service company. Either approach has its advantages and disadvantages - it is certainly true that the contract approach may be cheaper and less time consuming for management. However, the in-house security officer, particularly in a small location, may well prove more flexible and will usually identify more closely with the organisation.

Security officers are not cheap. It has been estimated that to maintain a single post 24 hours a day, 365 days a year will cost around £85,000 per annum, so it is essential to ensure that you receive best value for the money you spend. This means that you are entitled to a security officer who is:

  • Properly trained;
  • Has had his or her background checked;
  • Reports for duty on time, dressed in the prescribed manner;
  • Complies with assignment instructions;
  • Is honest and reliable.

Like alarm systems, security officers should be contracted only from companies which have been independently certificated.3

Both in-house and contracted security officers should be properly trained (and retrained) and assistance in this respect can be obtained from the Government-recognised industry training organisation, SITO.4


Any changes to a heritage building must meet a number of tests:

Minimal Intervention. Any changes to a listed or heritage building must cause as little impact to the building and its fabric as possible. Any work undertaken to improve security should not cause unnecessary disruption or damage during installation, maintenance or eventual removal.

Necessity. Only the minimum amount of work necessary to achieve the stated objective should be undertaken and all the work should be justified and informed by a detailed risk assessment.

Reversibility. Any changes to historic fabric or a listed building should be reversible wherever possible. Sensitivity. Security systems should be installed with due consideration to the overall appearance of the building as well as having the minimum impact on its fabric. In particular, appropriate use should be made of existing features (such as voids, risers, old chimneys and ducts) to conceal wiring runs.

Appropriateness. The security adopted must be appropriate to the level of risk.

Compliance. The installation of security equipment, like all changes to listed buildings, must comply with all legal requirements, including listed budding consent, building standards, fire regulations and certification procedures.


Shops and catering facilities now play an important part in the economics of many heritage institutions and as such need to be considered when security is being reviewed. Cash and stocks of materials intended for sale (including alcohol and catering supplies) may prove an attractive target for thieves. Care should be taken to include these areas in the security survey and risk assessment.


Historic buildings are often let out for private functions ranging from corporate lunches to weddings. Events such as these must be carefully considered from a security perspective as any changes in layout, routine or personnel will inevitably create new or different risks, and risk assessments should be repeated beforehand.

Any special event may also create problems for security staff. For example, how are smoking restrictions to be enforced? What happens when a Royal visitor or VIP 'lights up'?


It is an unfortunate fact of life that an empty heritage building is much more likely to become a fire statistic than one which is occupied. Some 55 per cent of all large fires in the UK are now the result of arson and listed buildings feature heavily in the fire statistics. If a heritage building is to be left unoccupied for any length of time then additional security measures must be taken. Advice on this subject can be obtained from a useful publication produced by the Loss Prevention Council.5

Care should be taken to ensure that none of the physical security measures taken damage heritage fabric. For example, boarding up must be done sympathetically and if necessary, in consultation with the planning authority. Any 'stopping up' of windows or other openings should not be permitted to interfere with normal ventilation otherwise damp or mould may be aggravated. Regular cheeks on roofs, gutters and drains must be undertaken to ensure that the premises are wind and watertight.

In conclusion, the application of modern security management techniques in respect of heritage buildings can help alleviate some of the perils which threaten historic buildings and their contents. However, care must he exercised when selecting the mix of measures that need to be imposed. In particular, the use of the risk assessment and a proper security survey may assist in providing a cost-effective solution.



  1. Prevention and control of arson in industrial and commercial premises, Arson Prevention Bureau, London, April 1992.
  2. National Approval Council for Security Systems (NACOSS), Tel 01628 37512
  3. The Inspectorate of the Security Industry (ISI), Tel 01905 773131
  4. The Security Industry Training Organisation (SITO), Tel 01905 20004
  5. Code of Practice for the Protection of Unoccupied Buildings, Loss Prevention Council, London, 1995.

The Association of Security Consultants maintains a list of security consultants.
For details contact the Secretary, Tel 07071 224865.

This article is reproduced from The Building Conservation Directory, 2000


STEWART KIDD is an independent security consultant specialising in heritage loss prevention. Website

Further information




Fire protection systems

Fire resistant coatings & barriers (suppliers)

Fire safety consultants

Lighting consultants

Security services
Site Map