{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Disclosure Scotland and PVG Scheme Policy

1. Purpose

The purpose of this policy is to ensure that {{org_field_name}} complies with current Scottish disclosure and safeguarding requirements, including the Disclosure (Scotland) Act 2020, the Protection of Vulnerable Groups (Scotland) Act 2007 as amended, the Disclosure Scotland Code of Practice, and relevant Care Inspectorate and Scottish Social Services Council requirements. This policy sets out how {{org_field_name}} ensures that people recruited, employed, contracted, or engaged in regulated roles are suitable to work with protected adults, and, where applicable, children. It also explains how we manage PVG scheme membership, Level 2 with PVG disclosures, safe recruitment, ongoing suitability, referrals, record keeping, and safeguarding responsibilities.

Our key commitments include:

• Ensuring that every person carrying out a regulated role for {{org_field_name}}, whether paid or unpaid, has the correct PVG scheme membership before carrying out the regulated role.
• Ensuring that {{org_field_name}} has received the required Level 2 with PVG disclosure before any staff member, volunteer, agency worker, contractor, or other person starts the regulated part of their role.
• Assessing each role by its duties and level of contact with protected adults, and, where applicable, children, rather than relying on job title alone.
• Keeping accurate records of role assessments, PVG applications, disclosure outcomes, applicant sharing, risk assessments, renewal dates, and decisions made.
• Ensuring that disclosure information is handled, stored, retained, and securely destroyed in line with the Disclosure Scotland Code of Practice, UK GDPR and the Data Protection Act 2018.
• Monitoring ongoing suitability to work in regulated roles and responding promptly to new information, concerns, allegations, safeguarding incidents, or fitness to practise issues.
• Making referrals to Disclosure Scotland, the SSSC, the Care Inspectorate, local authority adult support and protection services, Police Scotland, or other relevant authorities where required.

2. Scope

This policy applies to:

• All employees whose duties amount to a regulated role with protected adults, and, where applicable, children, including care workers, support workers, supervisors, managers, registered managers, and any other staff whose duties bring them within the PVG regulated roles criteria.
• Volunteers, agency workers, bank staff, students, contractors, self-employed workers, and any other person engaged by or on behalf of {{org_field_name}} where their duties amount to a regulated role.
• Recruitment personnel, and senior managers overseeing compliance.
• Managers and recruitment personnel responsible for assessing roles, processing disclosure checks, making recruitment decisions, maintaining records, and notifying or referring to relevant authorities.

3. Legal and Regulatory Framework

This policy supports compliance with the following legal and regulatory framework:

• Disclosure (Scotland) Act 2020, including the current disclosure levels, applicant sharing process, regulated roles framework, and requirements introduced from 1 April 2025.
• Protection of Vulnerable Groups (Scotland) Act 2007, as amended, including PVG scheme membership, barred lists, regulated roles, continuous monitoring, and referral duties.
• The Regulated Roles with Children and Adults (Scotland) Amendment Regulations 2025 and associated secondary legislation implementing the regulated roles framework.
• The Regulated Roles (Prohibitions and Requirements) (Scotland) Regulations 2024, including offences and requirements linked to regulated roles.
• The Level 1 and Level 2 Disclosure Information (Scotland) Regulations 2024, which support the current disclosure-level structure.
• Disclosure Scotland Code of Practice, including the handling, use, storage, retention and secure destruction of disclosure information.
• Regulation of Care (Scotland) Act 2001 and the regulatory framework for registered care services in Scotland.
• Public Services Reform (Scotland) Act 2010, under which the Care Inspectorate regulates care services.
• Social Care and Social Work Improvement Scotland (Requirements for Care Services) Regulations 2011, including requirements relating to fitness of employees, records, welfare and safeguarding.
• Scottish Social Services Council Codes of Practice for Social Service Workers and Employers 2024, including safe recruitment, fitness to practise, supervision, reporting concerns, and cooperation with investigations.
• Rehabilitation of Offenders Act 1974 and relevant Scottish exclusions and exceptions legislation.
• UK General Data Protection Regulation, Data Protection Act 2018 and Human Rights Act 1998, including lawful, fair, proportionate and confidential handling of personal and special category data.
• Adult Support and Protection (Scotland) Act 2007, where concerns indicate that an adult may be at risk of harm and requires adult protection referral or multi-agency action.

4. The PVG Scheme and Disclosure Scotland Checks

The PVG scheme is managed by Disclosure Scotland and helps ensure that people who are unsuitable to work with protected adults, and where applicable children, cannot carry out regulated roles with those groups. From 1 April 2025, PVG scheme membership is a legal requirement for anyone carrying out a regulated role. From 1 July 2025, {{org_field_name}} must not offer or allow any person to carry out the regulated part of a role unless {{org_field_name}} has received the appropriate Level 2 with PVG disclosure and is satisfied that the person is suitable for the role.

4.1 Assessing whether a role is a regulated role

{{org_field_name}} will assess whether a role is a regulated role by considering the actual duties, responsibilities, activities, level of contact, and the people receiving support. The assessment will not be based on job title alone.

A role is likely to be regulated where the person carries out activities involving care, support, personal assistance, supervision, management, or direct contact with protected adults, and, where applicable, children, in circumstances covered by the PVG legislation.

{{org_field_name}} will keep a written record of each role assessment, including the reason why the role does or does not require PVG scheme membership. Where there is uncertainty, {{org_field_name}} will use Disclosure Scotland guidance, the PVG role checker, and/or seek advice before making a recruitment or deployment decision.

4.2 Types of disclosure checks

{{org_field_name}} will request the appropriate level of disclosure for the role. The main disclosure routes are:

• Level 2 with PVG disclosure — required where the person will carry out a regulated role with protected adults, and, where applicable, children. This is the required disclosure route for staff, volunteers or others carrying out regulated care at home duties.
• PVG scheme application for a new scheme member — used where the person is not already a PVG scheme member for the relevant workforce.
• Existing PVG scheme member application / disclosure — used where the person is already a PVG scheme member and a current Level 2 with PVG disclosure is required for {{org_field_name}} to confirm suitability for the specific role.
• Level 2 disclosure — used only where the role is eligible for Level 2 disclosure but is not a regulated role requiring PVG scheme membership.
• Level 1 disclosure — used only where appropriate for roles that do not involve regulated roles and where a lower-level check is lawful, necessary and proportionate.

{{org_field_name}} will not use a Level 1 or ordinary Level 2 disclosure as a substitute for a Level 2 with PVG disclosure where the role is a regulated role.

4.3 Who requires PVG scheme membership and a Level 2 with PVG disclosure?

Any person carrying out a regulated role with protected adults, and, where applicable, children, must be a PVG scheme member for the relevant workforce and {{org_field_name}} must have received the appropriate Level 2 with PVG disclosure before the person carries out the regulated part of the role.

This will normally include, where their duties meet the regulated roles criteria:

• Care workers, support workers, personal carers and community care workers.
• Supervisors, coordinators, managers and registered managers who supervise, manage, allocate or oversee regulated care and support.
• Volunteers, students, agency workers, bank staff and contractors carrying out regulated care or support duties.
• Drivers, escorts or other workers where their duties involve regulated contact or personal assistance with protected adults or children.
• Any other role assessed by {{org_field_name}} as falling within the regulated roles criteria.

5. Recruitment and Pre-Employment Screening

5.1 Safe Recruitment Process

{{org_field_name}} ensures that all new employees, volunteers, agency workers, contractors and others engaged to carry out regulated roles are subject to safe recruitment checks before starting the regulated part of their role. This includes:

• Assessing whether the role is a regulated role and recording the reason for the decision.
• Confirming the person’s identity, right to work, employment history, qualifications, training and professional registration where required.
• Requesting and receiving the required Level 2 with PVG disclosure before the person starts the regulated part of the role.
• Ensuring the applicant shares their disclosure result with {{org_field_name}} where required by the Disclosure Scotland process.
• Taking up and verifying references, including most recent employer references where appropriate.
• Reviewing employment history and exploring any unexplained gaps.
• Assessing suitability against the SSSC Codes of Practice, SSSC registration requirements and the values required for care at home services.
• Recording the recruitment decision, including any risk assessment, rationale, conditions, restrictions, or decision not to appoint.

5.2 Conditional Job Offers

Any offer of employment, volunteering, agency work, contract work or placement for a regulated role will be conditional on {{org_field_name}} receiving the required Level 2 with PVG disclosure and completing all suitability checks.

No person may start the regulated part of their role until {{org_field_name}} has received and considered the required Level 2 with PVG disclosure and has confirmed that the person is suitable to carry out the role.

A person whose PVG disclosure is pending may only undertake non-regulated activities, such as office-based induction, e-learning, shadowing without service-user contact, policy reading, or training that does not involve protected adults or children.

A pending PVG application must not be used to allow a person to provide care, support, personal assistance, supervision, transport, medication support, intimate personal care, or any other regulated activity with service users.

Any exception or uncertainty must be escalated to the Registered Manager or Responsible Person before the person starts any duties.

5.3 Applicant sharing of disclosure results

Under the Disclosure Scotland process, applicants are required to share their disclosure result with the accredited body or organisation that countersigned or requested the application, unless they are seeking a review of the disclosure content.

{{org_field_name}} will explain this requirement to applicants at the start of the recruitment process and will support applicants to understand what action they must take. Where the disclosure result has been issued to the applicant but has not been shared with {{org_field_name}}, the applicant must not start the regulated part of the role.

If an applicant does not share the disclosure within the required timescale, {{org_field_name}} will follow Disclosure Scotland’s current process for resolving this and will not allow regulated duties to begin until the disclosure has been received and assessed.

6. Ongoing PVG Monitoring and Compliance

6.1 Ongoing monitoring of PVG scheme membership and suitability

Disclosure Scotland continuously monitors PVG scheme members’ criminal history information. {{org_field_name}} will maintain its own internal monitoring systems to ensure that staff remain suitable to carry out regulated roles. This will include:

• Maintaining a secure PVG register for all staff, volunteers and others carrying out regulated roles.
• Recording the workforce type, PVG number where appropriate, date of disclosure, date disclosure was shared, decision made, any risk assessment, and any conditions or restrictions.
• Recording PVG membership renewal dates and ensuring that staff renew their PVG scheme membership every five years where required.
• Reviewing PVG and suitability information when a person changes role, duties, workforce type, service-user group, or level of regulated contact.
• Taking immediate action where new vetting information, allegations, safeguarding concerns, criminal charges, convictions, cautions, police information, or fitness to practise concerns arise.
• Requiring staff to notify management immediately of any matter that may affect their suitability to work in a regulated role, including criminal investigations, charges, convictions, cautions, barring information, disciplinary findings, safeguarding concerns, or restrictions imposed by a professional or regulatory body.
• Checking SSSC registration status where applicable and ensuring workers meet and maintain any registration conditions.

6.2 Five-year PVG membership and renewal

From 1 April 2026, PVG scheme membership lasts for five years. New PVG scheme members will be enrolled in five-year membership from the date they join the scheme. Existing PVG scheme members will be moved to five-year membership either when they make a PVG application after 1 April 2026 or when Disclosure Scotland transfers them to the five-year model.

{{org_field_name}} will record PVG renewal dates and will remind workers in advance that they must maintain valid PVG scheme membership for the relevant regulated role. Failure to maintain PVG membership may result in the worker being removed from regulated duties and may lead to disciplinary action or termination of engagement.

6.3 Handling disclosure information, vetting information and risk assessments

Where a Level 2 with PVG disclosure, Disclosure Scotland notification, self-disclosure, reference, allegation, safeguarding concern, police information, SSSC matter, or other information raises a concern about suitability, {{org_field_name}} will complete a written risk assessment before making or continuing any appointment or deployment decision.

The risk assessment will consider:

• The nature, seriousness and relevance of the information.
• Whether the matter involved harm, abuse, neglect, exploitation, dishonesty, violence, sexual misconduct, discriminatory behaviour, misuse of power, medication concerns, financial abuse, or breach of trust.
• The person’s explanation and any evidence of insight, learning, rehabilitation or changed circumstances.
• The time elapsed since the matter occurred.
• The relevance of the matter to the specific role, service-user group, level of responsibility and degree of contact.
• Whether restrictions, supervision, additional training, redeployment or other safeguards could reduce risk to an acceptable level.
• Whether the matter must be referred to Disclosure Scotland, the SSSC, the Care Inspectorate, the local authority adult protection team, Police Scotland or another relevant body.

No person will be permitted to carry out a regulated role where they are barred from the relevant workforce or where {{org_field_name}} has not received the required Level 2 with PVG disclosure.

6.4 When a worker stops carrying out a regulated role

When a PVG scheme member stops carrying out regulated work or a regulated role for {{org_field_name}}, the Registered Manager or delegated responsible person will update internal records and, where required, notify Disclosure Scotland so that {{org_field_name}} no longer receives information about a person where it has no lawful entitlement to it.

This applies when a worker leaves employment, changes role, stops volunteering, stops agency work, moves to a non-regulated role, or otherwise no longer carries out regulated duties for {{org_field_name}}.

7. PVG Scheme Referrals and Reporting Obligations

7.1 Legal duty to make a referral to Disclosure Scotland

{{org_field_name}} has a legal duty to make a referral to Disclosure Scotland where the referral criteria are met. This includes where a person doing regulated work or a regulated role has harmed a protected adult or child, placed a protected adult or child at risk of harm, engaged in inappropriate conduct involving a protected adult or child, or otherwise behaved in a way that indicates they may be unsuitable to carry out regulated roles, and {{org_field_name}} has taken or would have taken removal action.

Removal action includes dismissal, permanent transfer away from regulated duties, suspension pending investigation where appropriate, removal from volunteering, ending an agency or contract arrangement, or a decision that the person would have been removed had they not resigned, retired, been made redundant, or otherwise stopped working before the investigation or disciplinary process concluded.

Resignation, retirement, settlement agreement, expiry of contract, sickness absence, or the person leaving before the end of an investigation does not remove {{org_field_name}}’s duty to consider and make a referral where the referral criteria are met.

7.2 Reporting to the Care Inspectorate, SSSC and other authorities

{{org_field_name}} will notify or refer to the appropriate authority in line with legal, regulatory and contractual requirements. Depending on the nature of the concern, this may include Disclosure Scotland, the Care Inspectorate, the SSSC, local authority adult support and protection services, Police Scotland, commissioners, placing authorities, insurers, or other professional regulators.

Concerns about a registered worker’s fitness to practise will be considered under SSSC referral guidance. Where appropriate, {{org_field_name}} will inform the worker that a referral has been made, unless doing so would place a person at risk, prejudice an investigation, or conflict with legal advice or statutory guidance.

Safeguarding incidents, allegations, referrals, notifications, decisions and outcomes will be recorded clearly and reviewed as part of governance, quality assurance and safeguarding oversight.

8. Data Protection, Confidentiality and Handling Disclosure Information

{{org_field_name}} will handle all disclosure and PVG information lawfully, fairly, securely and confidentially in line with the Disclosure Scotland Code of Practice, UK GDPR and the Data Protection Act 2018.

{{org_field_name}} will:

• Use disclosure information only for the purpose for which it was obtained, including recruitment, suitability assessment, deployment, safeguarding and legal compliance.
• Limit access to disclosure information to authorised people who need it for recruitment, safeguarding, compliance, regulatory or legal purposes.
• Store disclosure information securely and protect it from unauthorised viewing, copying, transmission, storage, printing, alteration, loss or misuse.
• Not keep photocopies, screenshots, scanned copies, photographs or unnecessary images of disclosure certificates or disclosure information.
• Record only the information necessary to evidence compliance, such as the disclosure type, date received, date shared by the applicant, PVG number where appropriate, workforce type, recruitment decision, risk assessment outcome, and any agreed restrictions or safeguards.
• Retain disclosure information only for as long as necessary and in line with {{org_field_name}}’s retention schedule.
• Securely destroy disclosure information when it is no longer needed.
• Provide privacy information to applicants and workers explaining how disclosure and PVG data will be used, stored, retained and destroyed.
• Ensure that disclosure information is not disclosed to unauthorised persons, used for unrelated purposes, or retained where {{org_field_name}} no longer has a lawful reason to hold it.

9. Staff Training and Responsibilities

9.1 Training on PVG and Safeguarding

All relevant staff will receive induction and refresher training appropriate to their role. This will include:

• The legal requirement for PVG scheme membership for regulated roles.
• The meaning of regulated roles and protected adults, and, where applicable, children.
• The requirement that regulated duties must not begin until {{org_field_name}} has received and assessed the required Level 2 with PVG disclosure.
• Applicant sharing of disclosure results and the need to follow up promptly where an applicant has not shared their result.
• How to identify and report safeguarding concerns, allegations, harm, abuse, neglect, exploitation and fitness to practise concerns.
• The worker’s duty to notify {{org_field_name}} and, where applicable, the SSSC of any matter that may affect their suitability or fitness to practise.
• Confidential handling of disclosure information and data protection responsibilities.
• Whistleblowing, professional boundaries, duty of candour, adult protection and escalation procedures.

9.2 Responsibilities of Management

Management is responsible for:

• Assessing and recording whether roles are regulated roles.
• Ensuring the correct disclosure route is used for each role.
• Ensuring that no person starts regulated duties until the required Level 2 with PVG disclosure has been received, reviewed and approved.
• Maintaining accurate PVG, recruitment, suitability and renewal records.
• Ensuring that disclosure information is handled in line with this policy and the Disclosure Scotland Code of Practice.
• Completing and recording risk assessments where disclosure or suitability information raises concern.
• Escalating safeguarding, adult protection, regulatory, fitness to practise and barring concerns promptly.
• Making required notifications and referrals to Disclosure Scotland, the Care Inspectorate, SSSC and other authorities.
• Auditing compliance with this policy and taking corrective action where gaps are identified.

10. Monitoring and Continuous Improvement

To maintain compliance, {{org_field_name}} will:

• Conduct regular audits of recruitment files, PVG records, role assessments, applicant sharing, risk assessments, renewal dates and referral decisions.
• Check that no worker has started regulated duties before the required Level 2 with PVG disclosure has been received and approved.
• Review whether role assessments remain accurate when job descriptions, duties, service-user groups or service models change.
• Monitor Disclosure Scotland, Care Inspectorate, SSSC and Scottish Government updates and amend this policy promptly where legal or regulatory requirements change.
• Review learning from safeguarding incidents, complaints, whistleblowing concerns, disciplinary matters, SSSC referrals and inspection feedback.
• Report audit findings to the Registered Manager, provider or senior leadership team and record actions taken.

11. Recruitment decisions, convictions and other relevant information

{{org_field_name}} will consider disclosure information fairly, proportionately and in line with the Rehabilitation of Offenders Act 1974, relevant Scottish exclusions and exceptions legislation, the Disclosure Scotland Code of Practice, safer recruitment requirements and safeguarding duties.

A criminal conviction, caution, police information or other disclosure matter will not automatically prevent appointment unless the person is barred from the relevant regulated role or the information makes them unsuitable for the role. Each case will be assessed individually.

Where disclosure information is relevant, {{org_field_name}} will consider:

• The nature and seriousness of the matter.
• Its relevance to the role and the people receiving care and support.
• The time elapsed since the matter occurred.
• The person’s age and circumstances at the time.
• Whether there is a pattern of behaviour.
• Evidence of insight, rehabilitation, training, changed behaviour or reduced risk.
• Any legal, regulatory, professional or contractual restrictions.
• Whether safeguards, restrictions or supervision would be sufficient and appropriate.

Decisions will be recorded with reasons. Where appointment is refused, restricted or withdrawn because of disclosure information, the applicant will be informed in a fair and lawful way, unless legal advice or safeguarding considerations require otherwise.

12. Related Policies

This policy should be read alongside:

• Safe Recruitment and Selection Policy.
• Safeguarding and Adult Protection Policy.
• Whistleblowing Policy.
• Regulatory Compliance with the Care Inspectorate Policy.
• Training and Development Policy.

13. Policy Review

This policy will be reviewed at least annually and sooner where there are changes to Disclosure Scotland requirements, PVG scheme rules, regulated roles guidance, SSSC requirements, Care Inspectorate expectations, data protection law, adult support and protection requirements, or organisational practice. The Registered Manager or Responsible Person will ensure that staff are informed of material changes and that relevant procedures, templates, audits and training are updated.

---

Responsible Person: {{org_field_registered_manager_first_name}}{{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.