Article
Regulation 13 safeguarding: what inspectors check and the evidence they expect
Most services can point to a policy, a certificate and a named lead. Regulation 13 asks whether concerns are recognised, owned, escalated and learned from, and the trail that lets the record speak first.
By Klaudiusz Zembrzuski, ex-CQC inspector.
Safeguarding is one of those words that can become too familiar. Every registered manager knows they need a safeguarding policy. Most services can point to a training certificate. Many have a named lead. But Regulation 13 asks for more than the existence of the right documents. It asks whether people using the service are protected from abuse and improper treatment, and whether the provider has effective systems to prevent, recognise, report and learn from concerns.
That matters because safeguarding is not one process. It is several processes meeting at the same point: recruitment, training, observation, escalation, recording, external reporting, supervision, culture and governance. When I read a safeguarding concern as an inspector, I was rarely looking at the form alone. I was asking whether the concern was part of a system that worked when it was under pressure.
For a small provider, that distinction is practical. You do not need an elaborate safeguarding department. You do need a trail that shows the right concern was recognised, the right person took ownership, the right external route was considered, and the service learned something if the concern exposed a weakness.
What Regulation 13 is really testing
Regulation 13 is often summarised as safeguarding people from abuse. That is right, but incomplete. The regulation also expects systems and processes that prevent abuse, and systems that investigate allegations or evidence of abuse when the provider becomes aware of them. It also covers improper treatment, including care or treatment that is degrading, discriminatory, disproportionate in control or restraint, or that significantly disregards someone's needs.
That means an inspection does not only ask, "Did you make the safeguarding referral?" It asks several quieter questions. Did staff know this was a safeguarding concern in the first place? Did they know what to do without waiting for the registered manager to be available? Was the concern recorded in a way that preserved the facts, not just the conclusion? Did the service consider whether CQC, the local authority, police, professional regulator, commissioner or family needed to know? Did anyone check whether the same pattern was showing elsewhere?
The last question is the one that separates a filing system from governance. Safeguarding is not closed when the referral leaves the building. It is closed when the provider has done what it needed to do, recorded what happened next, and checked whether any action was needed inside the service.
What inspectors usually ask to see
Policy, training and named responsibility
A safeguarding policy should say who does what, what to do out of hours, how to report adult and child concerns, and how the service handles allegations involving staff. Training should match the service, the workforce and the people using the service. A dental practice, an independent clinic, a patient transport service and a care service do not all have the same risk profile, but each one needs staff who can recognise the concerns they are likely to meet.
Recruitment and staff suitability
A provider cannot talk credibly about preventing abuse if the safer-recruitment trail is weak. Inspectors may look for Disclosure and Barring Service (DBS) checks where required, references, employment history, right-to-work checks, induction, probation and how concerns about conduct are handled. This is why safeguarding links naturally to Regulation 19 and to supervision, not only to the safeguarding policy itself.
The concern record
The record should be factual, dated and owned. It should show what was reported, who was involved, what immediate action was taken to keep people safe, what external route was considered, what was actually reported, and what follow-up was planned. If there is no concern log because "we have not had any safeguarding concerns", an inspector will usually test that carefully. In any real service, staff have worries, near misses, odd comments and moments where they were not sure. A total absence of records can mean nothing has happened. It can also mean staff are not recognising or recording.
Learning
If a concern involved missed signs, unclear escalation, weak handover, unsafe conduct, late reporting or poor documentation, the service should be able to show what changed: supervision with one staff member, a team briefing, a change to a risk assessment, a safer-recruitment action, or a new check added to governance. The important point is that the record does not end with "reported to local authority".
Safeguarding competencies are defined, not assumed
Role-specific safeguarding training is not a vague aspiration. For children and young people it has a published framework: the Intercollegiate Document (2025), "Safeguarding children and young people & children and young people in care: competencies for health care staff". Now in its fifth edition, it brings together what used to be two separate documents (the 2019 safeguarding competencies and the 2020 looked-after-children competencies) and sets out competencies across five levels, plus a level for senior managers and executives. Any member of staff who delivers a clinical service to children or young people is expected to hold Level 3 competency; providers serving under-18s are expected to have staff operating at Level 4 (senior, experienced) and Level 5 (strategic leadership) as well.
For an inspection that matters in a specific way. It is not enough to show that staff "did safeguarding training". The question is whether each person holds the competency level their role and their actual contact with children and young people require, and whether that level is current. Adult safeguarding carries its own competency expectations on the same logic. A service that sees children, even occasionally, such as a dental practice, a GP practice, an aesthetic clinic treating young people within the law, or a patient transport service, needs to map its staff to the right level rather than assume a single generic course covers everyone.
The evidence that carries weight
The strongest safeguarding evidence is a connected trail. A staff member records a concern. The registered manager reviews it the same day. Immediate safety steps are recorded. External advice or referral is made where needed. The concern is discussed in supervision if it involved staff judgement or conduct. Any action is assigned to a named person with a due date, completed, and then checked to see whether it worked. If the theme is wider, it appears in governance minutes or the risk register.
That trail tells an inspector that safeguarding is not treated as an exceptional event; it is part of how the service sees risk. It also protects the registered manager. Without the trail, the manager is left explaining from memory why a concern was handled appropriately. With the trail, the record speaks first and the manager explains the judgement behind it. The weaker version is familiar: a concern sits in an email inbox, a phone call happens but is not recorded, a referral is made but nobody records what happened afterwards, and three months later a similar concern appears and nobody can show whether the first one changed anything. That is not usually a failure of care. It is a failure of evidence and governance, the gap we describe in how the evidence loop works.
Cross-sector does not mean identical
Regulation 13 applies across CQC-regulated sectors, but the operational reality differs. In a dental practice, safeguarding may appear through missed appointments, visible injuries, a child's presentation, coercive behaviour from an accompanying adult, or concerns about a staff member's conduct. In an independent clinic, it may appear through consent, mental capacity, intimate examinations, chaperone use, cosmetic-treatment pressure or a patient who seems unable to make a free decision. In patient transport, it may appear in the home, during handover, or through crew observations about neglect or domestic abuse. In adult social care, the volume and complexity may be much higher, and the interface with the local authority safeguarding team is often more routine.
The evidence principle is the same in each setting: staff recognise the concern, record it, escalate it, protect the person, and the provider learns from it. The local procedure changes; the governance question does not. This is where generic adult-social-care safeguarding content often misses the independent-healthcare reader. A small surgical clinic is not a care home, and a dental practice is not a domiciliary-care provider, but both still need a safeguarding system that is proportionate to their risks and credible under inspection.
The common weak spots
Training that is not role-specific
A reception team needs different examples from a consultant surgeon. A driver in a patient transport service needs different examples from a dental nurse. If everyone receives the same generic slide deck and nobody checks whether it changed recognition, the evidence is thin.
Over-reliance on the registered manager
A safe service cannot depend on one person being available to decide whether a concern is serious. Staff need a route they can use at the moment the concern appears, including out of hours. The registered manager remains accountable, but the system has to work before the manager is in the room.
Treating external referral as the endpoint
Referral is often necessary, but it is not the whole provider response. The provider still needs to consider immediate safety, staffing, supervision, records, family communication where appropriate, notifications, commissioner contact where relevant, and whether the concern says anything about the wider service.
Culture
Staff need to believe they can raise concerns without being treated as difficult. If people only record safeguarding concerns when they are certain, the service loses the early warnings. The better habit is to record a concern or uncertainty, then triage it. That is safer than relying on staff to filter perfectly in their head.
What good looks like before inspection
A registered manager who wants to strengthen Regulation 13 evidence this month does not need a large new project. Start with five checks:
- Read the last three safeguarding concerns or, if there are none, the last three incidents or complaints that might have carried a safeguarding angle. Does each show who owned it, what immediate safety action was taken, whether external advice or referral was considered, and what happened afterwards?
- Check the safeguarding policy against the actual service. Does it mention the routes staff use, the out-of-hours path, allegations involving staff, children and adults, and the sectors you actually serve?
- Look at training by role. Are staff taught the concerns they are likely to see in this setting, or only generic definitions?
- Check whether safeguarding appears in supervision and governance. If a concern involved judgement, conduct, communication or delay, there should be a place where the service reflects on it.
- Check the links between records. A safeguarding concern may create an incident, a complaint, an improvement action, a notification, a risk-register update or a supervision note. If those records link, the service can show the full story.
The point is not paperwork
Safeguarding paperwork is not the aim. The aim is that people using the service are protected from abuse and improper treatment, and that the provider can show its system works. The evidence is there because the work happened, not because the inspection is coming.
That is the calm version of Regulation 13. Recognise concerns early. Record them plainly. Escalate properly. Own the actions. Learn from the pattern. If a service can show that, the safeguarding conversation with CQC becomes much less defensive: it becomes a conversation about a system that is already doing its job. The mechanics of reporting, and who needs to know when, sit alongside this in safeguarding reporting.
Verivius supports that evidence trail through the safeguarding lifecycle, linked improvement actions, notifications, supervision and governance records. The software does not replace judgement; it makes the judgement visible enough to stand up later. You can start a free trial.