Article

CQC governance documents: what you actually need

A governance document template is a useful start and a poor finish. What Regulation 17 actually asks for, and the living records that evidence it rather than describe it.

By Klaudiusz Zembrzuski, ex-CQC inspector.

Most providers searching for a CQC governance document template are asking a fair question: what does CQC expect us to have written down, and what does it need to say? The honest answer is that a template is a useful start and a poor finish. CQC does not inspect the document. It inspects whether the governance the document describes is actually happening, and whether the records can show it.

That distinction is the whole game. A provider can hold a tidy governance policy and still be rated inadequate for governance, because the policy describes a system that does not run. Another provider can have plainer paperwork and evidence strong governance, because the records show the system working week after week. The document is the map. CQC follows the road.

The quick answer: which CQC governance documents do you need?

For a small CQC-regulated provider, the useful starting set is usually a governance policy or framework, a current risk register, an audit and monitoring schedule, an improvement action log, governance meeting records, record-keeping standards, and the operational registers that feed governance: incidents, complaints, safeguarding, training, supervision, medicines and notifications. That is not a magic list. It is the practical evidence set that lets a registered manager show how quality, safety, risk and improvement are reviewed.

The important point is that each governance document has to do a job. A governance policy explains the system. A risk register shows known risks and controls. Audits show what has been checked. Action logs show what changed. Meeting records show who made decisions. Operational registers show the raw signals that governance is responding to.

If you are starting from blank paper, begin with the good governance policy template, then test the live evidence against the risk management and risk register checklist and the record keeping and confidentiality checklist. The template gives the structure. The checklists ask whether the structure is actually running.

What Regulation 17 actually asks for

Governance sits under Regulation 17 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, good governance. Regulation 17 asks whether the provider operates systems and processes that do three things: assess, monitor and improve the quality and safety of the service; assess, monitor and mitigate risks to people; and maintain an accurate, complete and contemporaneous record for each person, alongside records of the provider's own management.

Read that carefully and you see why a single template cannot satisfy it. Regulation 17 is about systems that run and records that accumulate. It is satisfied by what the provider does repeatedly, not by what it wrote down once.

The documents that carry governance

There is no official CQC list of required documents, and any template that claims to be the complete set should be treated with caution. What a CQC inspector looks for is a connected picture. In a small service that usually means a handful of living records:

Each of these can start from a template. None of them is finished until it carries dated, owned, real entries.

Why the template alone fails an inspection

The common pattern a CQC inspector sees is a service with good documents and a thin trail. The risk register exists but has not changed in a year. The audit schedule lists audits that were never run. The meeting template has no minutes behind it. The action log records issues opened but never closed.

None of that is dishonest. It is what happens when governance is treated as a folder to assemble rather than a habit to keep. The template gave the provider a false sense of completion. The inspection asks the next question the template cannot answer: did the system actually work, and can you show me?

How to turn a document into evidence

The services that evidence governance well share a simple discipline. Every governance record is dated, has a named owner, has a review point, and links to the thing it is about. A risk links to the action that addresses it. An audit links to the improvement it triggered. A complaint links to the change it produced. The provider is not assembling a story at the end of the quarter. The story is already written by the ordinary records, in order, with names and dates.

That is also the difference between a template and a system. A template is a blank shape. A system is the shape kept full, on a cycle, by the people doing the work. CQC can tell the difference in minutes, because the second one answers follow-up questions and the first one stops at the cover page.

So download the template if it helps you start. Then do the harder and more valuable thing: keep it alive, connect it, and let the record speak before you have to.

Verivius supports that shape by connecting risks, audits, incidents, complaints, safeguarding, training and improvement actions into one trail, so the governance picture stays current without being rebuilt before each review. It does not replace the registered manager's judgement. It makes the work visible enough for that judgement to be evidenced.

Related guidance

Get started free

Free to start, no card. A 14-day trial when you subscribe.

See the product in detail