{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Building Security and Access Control Policy

1. Purpose

The purpose of this policy is to ensure that all buildings operated or used by {{org_field_name}}—such as administrative offices, training venues, or any facility under our control—are secure, safely accessible, and protected from unauthorised access. The policy safeguards the people we support, staff, visitors, and company assets by implementing robust access control measures in line with Regulation 15 – Premises and Equipment and Regulation 12 – Safe Care and Treatment​​.

2. Scope

This policy applies to all staff, contractors, visitors, agency personnel, and anyone accessing a {{org_field_name}}-managed building or facility. While our primary service is home care, it is recognised that administrative premises, storage facilities, or meeting locations may be used and must therefore meet CQC standards for safety and security.

3. Related Policies

• CH11 – Safe Care and Treatment Policy
• CH13 – Safeguarding Adults from Abuse and Improper Treatment Policy
• CH16 – Health and Safety at Work Policy
• CH18 – Risk Management and Assessment Policy
• CH24 – Management of Accidents, Incidents, and Near Misses Policy
• CH34 – Confidentiality and Data Protection (GDPR) – Service User Policy

4. Policy Statement and Responsibilities

Commitment to Security
{{org_field_name}} is committed to maintaining secure buildings that prevent unauthorised access, protect sensitive information, and ensure a safe environment for all authorised users. This is critical in protecting personal data, safeguarding vulnerable individuals, and maintaining continuity of service.

Access Control Measures
All company buildings are protected by access control measures proportionate to their function and level of risk. These include:

• Lockable doors and windows
• Key or fob entry systems for authorised staff
• Visitor sign-in and sign-out procedures
• Security-coded or locked cabinets for confidential documentation
• Staff ID badges displayed during visits and on-site activities
  Only designated staff are issued keys or fobs, and all access permissions are regularly reviewed and updated. Lost keys or fobs must be reported to the Registered Manager immediately.

Staff Responsibilities
All staff are responsible for:

• Ensuring doors and windows are securely locked when not in use
• Not sharing access codes, keys, or fobs with unauthorised persons
• Wearing ID badges visibly at all times when on duty
• Challenging any unknown or unauthorised person attempting to enter a secure area
• Reporting any security concerns, lost access items, or suspicious behaviour to the Registered Manager
  Staff must also follow lone working and safety protocols when working out of hours.

Visitor Management
Visitors to any {{org_field_name}} premises must:

• Be pre-authorised by the Registered Manager
• Sign in upon arrival and wear a visitor badge at all times
• Be accompanied by a staff member unless previously agreed
• Sign out when leaving the building
  Contractors, inspectors, or professionals accessing secure areas must provide appropriate ID and comply with all safety protocols.

Information Security in Buildings
To protect personal and sensitive data, staff must ensure that:

• Care records and personal files are stored in locked cabinets or password-protected systems
• Confidential conversations are held in private, secure spaces
• Computers are logged off when unattended
• Paperwork is not left on desks or in open areas
  This supports compliance with CH34 – Confidentiality and Data Protection Policy and reduces risk of data breaches.

Emergency Access and Lockdown
In emergencies, such as fire or lockdown situations:

• Emergency exits must remain accessible and unblocked
• All staff must be trained in evacuation and lockdown procedures
• Emergency contact numbers are displayed and accessible in key areas
  The Fire Safety Lead ({{org_field_the_fire_safety_lead_name}} – {{org_field_the_fire_safety_lead_role}}) is responsible for ensuring access control does not compromise emergency egress and that all drills include security considerations.

Out-of-Hours and Lone Working
Where access is required outside regular business hours:

• Only authorised staff may enter the building
• A record of access time and reason must be maintained
• Staff must notify the on-call person and follow lone working protocols
  Security lighting, CCTV (if installed), and emergency contact systems must be tested regularly.

Audits and Monitoring
The Registered Manager or delegated Health and Safety Lead will:

• Conduct quarterly audits of building access and security systems
• Review access permissions and logs
• Assess building layout and physical security risks
• Investigate any breaches or near-misses under CH24 – Incident Management
  All findings will inform continuous improvement plans under Regulation 17 – Good Governance​.

Contractor and Maintenance Access
Contractors must be supervised during work in secure areas. Prior to entry, they must:

• Provide valid identification and evidence of professional registration (if applicable)
• Sign in and receive a site induction if necessary
• Follow all health and safety protocols
  Work must be scheduled during operating hours where possible to minimise risk.

5. Policy Review

This policy will be reviewed annually or following any security incident, regulatory update, or operational change. The Registered Manager is responsible for implementing updates and ensuring that all staff are trained accordingly.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.