Healthcare Logbooks

CQC Inspection Records: What UK Care Providers Must Keep (2026)

A UK care provider's guide to CQC records — the single assessment framework, five key questions, quality statements, statutory notifications, and audit-ready documentation.

Jamie Dawson

Jamie Dawson

4 min read
Share
A UK care home staff member supporting a resident — CQC inspection records are the compliance foundation for 50,000 UK care providers.
Photo by Dr.Kanapon Phumratprapin on Unsplash
Quick answer: Every provider registered with the Care Quality Commission (CQC) must evidence compliance with the five key questions (Safe, Effective, Caring, Responsive, Well-led) through the 34 quality statements of the single assessment framework. Records must show what the provider does, how they know it works, and what they do when it doesn't. Inadequate records are treated as evidence of inadequate care — and trigger ratings downgrades, enforcement notices, or prosecution.

The CQC's 2023 single assessment framework changed the game. Scheduled inspections are gone; continuous assessment from emerging evidence is in. The records you keep today are the evidence the CQC sees tomorrow — whether or not an inspector visits.

Who must register with the CQC

Any provider delivering regulated activities under the Health and Social Care Act 2008 in England. This includes NHS trusts, independent hospitals, GP surgeries, dental practices, care homes (residential and nursing), domiciliary care agencies, hospice services, mental health services, substance misuse clinics, diagnostic and screening services, and ambulance services.

Each service location must be registered. Each regulated activity (e.g., "treatment of disease, disorder or injury") must be registered. Each registered manager must meet the fit-and-proper-person test.

The single assessment framework

Six evidence categories, 34 quality statements, mapped to the five key questions (KLOEs). Evidence categories are:

  1. People's experiences of health and care services
  2. Feedback from staff and leaders
  3. Feedback from partners
  4. Observation of care
  5. Processes (policies, records, systems)
  6. Outcomes (data, audits)

Each quality statement starts "We ensure..." — e.g., "We ensure people are safeguarded from abuse." Providers demonstrate this through evidence across the six categories.

The five key questions (and the records that satisfy them)

Safe

Safeguarding training records, incident logs, medication audit, infection prevention audit, CCTV review logs, DBS register, accident book. Evidence that learning from incidents changes practice.

Effective

Mental Capacity Act records, consent forms, care planning documents, clinical audit results, training matrix, supervision records, appraisal records.

Caring

Patient and family feedback (surveys, complaints, compliments), observation logs, dignity-in-care audit, End of Life Care records.

Responsive

Complaints log with response times, DNACPR records, reasonable adjustment records, accessible information records, care plan reviews.

Well-led

Board minutes, governance meeting minutes, risk register, quality improvement plans, policy review dates, whistleblowing logs, fit-and-proper-person register, statutory notification log.

Statutory notifications

Certain events must be reported to the CQC within specified timescales. Missing these is itself a breach and commonly drives enforcement. The main notifiable events:

  • Death of a service user (within 7 days)
  • Allegation of abuse (within 24 hours)
  • Police involvement (within 7 days)
  • Serious injury to a service user (within 24 hours)
  • Outbreaks of infection (within 7 days)
  • Events that stop or may stop the service running safely (immediately)
  • Changes to the registered manager or nominated individual (28 days before)

Key policies the CQC expects to see

Written, version-controlled, reviewed annually, signed off by the nominated individual, and — crucially — actually followed:

  • Safeguarding (adults and children as relevant)
  • Medication management
  • Infection prevention and control
  • Mental Capacity Act and DoLS
  • Duty of Candour
  • Complaints
  • Whistleblowing
  • Data protection and confidentiality
  • Health and safety
  • Recruitment and staff vetting
  • Supervision and appraisal

Duty of Candour records

Under Regulation 20 of the Health and Social Care Act (Regulated Activities) Regulations 2014, providers must be open with service users when things go wrong. Records must evidence: notification to the service user or family, the apology given, the investigation offered, and the learning applied. A missing Duty of Candour record is a single-point failure that the CQC inspects for directly.

Training and supervision records

A current training matrix showing: mandatory training completion (CSTF modules or sector equivalent), refresher due dates, supervision frequency and content, appraisal dates and outcomes. The CQC looks for completion rates — under 85% on any mandatory module is a compliance risk.

DBS and recruitment records

Every role requires Enhanced DBS checks for direct care; recruitment files must evidence identity verification, right-to-work, references, gap-in-employment explanations, and fitness-for-role. For registered managers, the fit-and-proper-person declaration must be updated on changes to circumstances.

Common mistakes

  1. Policy documents not reviewed annually — the "last reviewed" date is the first thing an inspector checks
  2. Training matrix completion rates below 85% on mandatory modules
  3. Statutory notifications missed or late
  4. Duty of Candour records absent for notifiable incidents
  5. Risk register not updated, or updated without evidence of mitigation action
  6. Minutes of governance meetings showing no follow-through on issues raised

Preparing for an assessment

The single assessment framework means you cannot "prepare" for a scheduled visit. Instead, build evidence continuously: monthly governance meetings, quarterly audits, termly training matrix review, annual policy sign-off. When an assessor requests evidence, you should be able to produce it within 24 hours.

FAQs

Does the CQC still do unannounced inspections?

Yes. Most comprehensive inspections are unannounced or short-notice. Focused inspections triggered by concerns are typically unannounced.

What ratings can the CQC give?

Outstanding, Good, Requires Improvement, Inadequate. Ratings apply to each key question, each regulated activity, each location, and the provider overall. Ratings are published on cqc.org.uk — they're commercially consequential for private providers.

What are the enforcement options?

Warning notices, fixed-penalty notices, prosecution, urgent suspension, cancellation of registration, and (for individuals) prosecution under the Care Act. "Requires Improvement" or "Inadequate" ratings often accompany enforcement.

Can records be digital?

Yes, and most providers have moved to digital care records. The CQC treats digital records as at least equivalent to paper — sometimes better because of audit trails.

Sources and further reading

Last reviewed 2026-04-22 by Jamie Dawson, Editor. Corrections: corrections@logbook.co.uk

Read more

Logbook.co.uk is an independent UK publication edited by Jamie Dawson. Guides are checked against current UK legislation and primary sources from gov.uk, HSE, ICO, DVLA, DVSA, CAA and trade bodies. Always confirm against the underlying source before acting. Nothing on this site is legal advice.