Sarah: I've just read Safeguard-Me's blog about auditing safeguarding records, and honestly, I'm feeling a bit overwhelmed. We've got files everywhere—some in the office, some digital, some... I'm not even sure where they are. Where do I even start?
Jon: I hear you! The trick is not to think of it as one massive task. Break it down. Start with a simple question: do you have a list of everyone who works with children?
Sarah: Yes, we've got that. It's our team and staff register.
Jon: Perfect. That's your starting point. Go through that list person by person and check: do they have an Enhanced DBS? Is it in date as per your guidelines or from your governing body? Do you have their references? Their ID documents? Just tick them off one at a time.
Sarah: Okay, that sounds manageable. But what counts as "in date" for a DBS check? I've heard different things—some say three years, others say they never expire.
Jon: Great question. Technically, DBS certificates don't have an expiry date. But most organisations, or their governing body, have a policy to renew them every three years. Some do it annually for high-risk roles. What does your safeguarding policy say?
Sarah: Erm... I'd need to check. I think it says three years, but I'm not 100% sure.
Jon: Right, so that's action number one: confirm your policy. Then apply it consistently. If you say three years, make sure everyone's renewed within that timeframe. The blog also mentioned setting reminders 30 days before expiry—that's a game-changer. We provide automated alerts now, and it's saved organisations so much hassle.
Sarah: Automated alerts? How does that work?
Jon: Our digital system tracks all staff records—DBS, training, qualifications—and sends reminders when something's about to expire. No more spreadsheets or sticky notes. It's all in one place.
Sarah: That sounds amazing. We're still using a filing cabinet and a shared Excel sheet. Half the time I can't find what I'm looking for.
Jon: Yeah, and it really helps when it comes to an audit. When you realise how much time you are wasting—and how risky it is to have incomplete records—it becomes a no-brainer.
Sarah: Speaking of incomplete records, what do you do if you discover someone's missing a document? Like, what if their DBS expired six months ago, according to your governing body requirements, and nobody noticed?
Jon: That's a bit of an issue. First, you need to assess the risk. Can they continue working with children while you sort it out? If no, you'd need to suspend them from regulated activity until the new DBS comes through.
Sarah: That's going to be awkward.
Jon: It is, but it's a non-negotiable. Child safety comes first. The good news is, if you start to use our digital solution you'll catch these things before they become emergencies.
Sarah: That sounds like a lot simpler.
Jon: It's certainly less work than doing a massive audit once a year. You're staying on top of renewals instead of scrambling at the last minute.
Sarah: That makes sense. What about references? We've got them on file, but I'm not sure we ever actually verified them. Is that a problem?
Jon: References aren't just about having a piece of paper—you need to prove you contacted the referee and confirmed the details. For example, if Ofsted asks, "How do you know this reference is genuine?" you need to show evidence. Phone records, emails, notes from the conversation.
Sarah: Okay, so I need to go back and check all our references. This is turning into quite the project.
Jon: It is, but here's the thing: once you've done it properly once, maintaining it is easy. The blog mentions creating an audit report with action items and deadlines. That's key. Don't just identify problems—assign someone to fix them and set a date for completion.
Sarah: Right. So if I find five staff members with expired training, I'd note that down, assign our training coordinator to book refresher courses, and set a deadline of, say, four weeks?
Jon: Exactly. And then you follow up. The worst thing you can do is complete an audit, write a report, and then file it away without taking action.
Sarah: What about GDPR? The blog mentions checking data retention policies. I'm not even sure we have one.
Jon: You definitely need one. GDPR says you can only keep personal data for as long as necessary. For safeguarding records, that's usually six months after someone leaves your organisation—but check your local authority or governing body guidance. Some recommend longer for certain roles.
Sarah: And what about access? Who should be able to see these records?
Jon: Only authorised personnel. Typically, that's the safeguarding lead, organisation head / head teacher, and maybe HR or the admin team if you're a bigger organisation with multiple teams or sites. And you need to log who's viewed what and when - something our system does automatically. It's all about accountability.
Sarah: This is making me realise how much we've been winging it. I thought we were doing okay, but there are so many gaps.
Jon: Don't beat yourself up. Most organisations are in the same boat. The important thing is you're doing something about it now. And honestly, once you've got our system in place, it's not that hard to maintain.
Sarah: The blog mentions a template checklist. I think I'll start there—print it out, work through our staff list, and see where we stand.
Jon: Good plan. And our system saves it taking forever, and stops you drowning in paperwork. It cuts admin time by about 80%. Everything's in one place, encrypted, backed up, and we get automatic alerts for renewals.
Sarah: I'll look into that, I just need to get through this audit and figure out what we're missing.
Jon: You've got this. And remember: the goal isn't perfection on day one. It's progress. Identify the gaps, create a plan, and work through it systematically. In a few months, you'll wonder how you ever managed without a proper system.
Sarah: Thanks. I feel a bit less panicked now.
Jon: Anytime. And if you need help, there are loads of resources out there—including the rest of Safeguard-Me's November series. Week 42 is all about GDPR compliance, which ties into what we've been talking about.
Sarah: I'll definitely read that. Right, time to dig out those files and get started!
Jon: Good luck! Let me know how it goes.
Key Takeaways:
Want to simplify your safeguarding records management? Explore Safeguard-Me's Digital Safeguarding Passport at www.safeguard-me.co.uk.
Jon: I hear you! The trick is not to think of it as one massive task. Break it down. Start with a simple question: do you have a list of everyone who works with children?
Sarah: Yes, we've got that. It's our team and staff register.
Jon: Perfect. That's your starting point. Go through that list person by person and check: do they have an Enhanced DBS? Is it in date as per your guidelines or from your governing body? Do you have their references? Their ID documents? Just tick them off one at a time.
Sarah: Okay, that sounds manageable. But what counts as "in date" for a DBS check? I've heard different things—some say three years, others say they never expire.
Jon: Great question. Technically, DBS certificates don't have an expiry date. But most organisations, or their governing body, have a policy to renew them every three years. Some do it annually for high-risk roles. What does your safeguarding policy say?
Sarah: Erm... I'd need to check. I think it says three years, but I'm not 100% sure.
Jon: Right, so that's action number one: confirm your policy. Then apply it consistently. If you say three years, make sure everyone's renewed within that timeframe. The blog also mentioned setting reminders 30 days before expiry—that's a game-changer. We provide automated alerts now, and it's saved organisations so much hassle.
Sarah: Automated alerts? How does that work?
Jon: Our digital system tracks all staff records—DBS, training, qualifications—and sends reminders when something's about to expire. No more spreadsheets or sticky notes. It's all in one place.
Sarah: That sounds amazing. We're still using a filing cabinet and a shared Excel sheet. Half the time I can't find what I'm looking for.
Jon: Yeah, and it really helps when it comes to an audit. When you realise how much time you are wasting—and how risky it is to have incomplete records—it becomes a no-brainer.
Sarah: Speaking of incomplete records, what do you do if you discover someone's missing a document? Like, what if their DBS expired six months ago, according to your governing body requirements, and nobody noticed?
Jon: That's a bit of an issue. First, you need to assess the risk. Can they continue working with children while you sort it out? If no, you'd need to suspend them from regulated activity until the new DBS comes through.
Sarah: That's going to be awkward.
Jon: It is, but it's a non-negotiable. Child safety comes first. The good news is, if you start to use our digital solution you'll catch these things before they become emergencies.
Sarah: That sounds like a lot simpler.
Jon: It's certainly less work than doing a massive audit once a year. You're staying on top of renewals instead of scrambling at the last minute.
Sarah: That makes sense. What about references? We've got them on file, but I'm not sure we ever actually verified them. Is that a problem?
Jon: References aren't just about having a piece of paper—you need to prove you contacted the referee and confirmed the details. For example, if Ofsted asks, "How do you know this reference is genuine?" you need to show evidence. Phone records, emails, notes from the conversation.
Sarah: Okay, so I need to go back and check all our references. This is turning into quite the project.
Jon: It is, but here's the thing: once you've done it properly once, maintaining it is easy. The blog mentions creating an audit report with action items and deadlines. That's key. Don't just identify problems—assign someone to fix them and set a date for completion.
Sarah: Right. So if I find five staff members with expired training, I'd note that down, assign our training coordinator to book refresher courses, and set a deadline of, say, four weeks?
Jon: Exactly. And then you follow up. The worst thing you can do is complete an audit, write a report, and then file it away without taking action.
Sarah: What about GDPR? The blog mentions checking data retention policies. I'm not even sure we have one.
Jon: You definitely need one. GDPR says you can only keep personal data for as long as necessary. For safeguarding records, that's usually six months after someone leaves your organisation—but check your local authority or governing body guidance. Some recommend longer for certain roles.
Sarah: And what about access? Who should be able to see these records?
Jon: Only authorised personnel. Typically, that's the safeguarding lead, organisation head / head teacher, and maybe HR or the admin team if you're a bigger organisation with multiple teams or sites. And you need to log who's viewed what and when - something our system does automatically. It's all about accountability.
Sarah: This is making me realise how much we've been winging it. I thought we were doing okay, but there are so many gaps.
Jon: Don't beat yourself up. Most organisations are in the same boat. The important thing is you're doing something about it now. And honestly, once you've got our system in place, it's not that hard to maintain.
Sarah: The blog mentions a template checklist. I think I'll start there—print it out, work through our staff list, and see where we stand.
Jon: Good plan. And our system saves it taking forever, and stops you drowning in paperwork. It cuts admin time by about 80%. Everything's in one place, encrypted, backed up, and we get automatic alerts for renewals.
Sarah: I'll look into that, I just need to get through this audit and figure out what we're missing.
Jon: You've got this. And remember: the goal isn't perfection on day one. It's progress. Identify the gaps, create a plan, and work through it systematically. In a few months, you'll wonder how you ever managed without a proper system.
Sarah: Thanks. I feel a bit less panicked now.
Jon: Anytime. And if you need help, there are loads of resources out there—including the rest of Safeguard-Me's November series. Week 42 is all about GDPR compliance, which ties into what we've been talking about.
Sarah: I'll definitely read that. Right, time to dig out those files and get started!
Jon: Good luck! Let me know how it goes.
Key Takeaways:
- Start with a staff register and work through it systematically
- Confirm your organisation's DBS renewal policy (typically 3 years)
- Verify references—don't just file them
- Set up automated reminders for all documents that require it
- Create an audit report with clear action items and deadlines
- Restrict access to safeguarding records to authorised personnel only
- Use our digital system to reduce admin time and improve security
Want to simplify your safeguarding records management? Explore Safeguard-Me's Digital Safeguarding Passport at www.safeguard-me.co.uk.