Login

SL61-Safe and Secure Business Premises Policy

{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

Safe and Secure Business Premises Policy

1. Purpose

At {{org_field_name}}, we are committed to ensuring that our business premises are safe, secure, and suitable for the needs of individuals receiving support, staff, and visitors. This policy outlines how we maintain a secure environment, comply with CQC regulations, and manage risks associated with safety and security.

This policy supports compliance with the Health and Social Care Act 2008, the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, including Regulation 12 Safe Care and Treatment, Regulation 13 Safeguarding Service Users from Abuse and Improper Treatment, Regulation 15 Premises and Equipment, Regulation 17 Good Governance and Regulation 18 Staffing; the Care Quality Commission (Registration) Regulations 2009; the Health and Safety at Work etc. Act 1974; the Management of Health and Safety at Work Regulations 1999; the Regulatory Reform (Fire Safety) Order 2005, as amended; the Fire Safety Act 2021; the Fire Safety (England) Regulations 2022 where applicable; the Control of Substances Hazardous to Health Regulations 2002; the Equality Act 2010; UK GDPR and the Data Protection Act 2018. For supported living services, this policy recognises that people live in their own homes and that housing responsibilities may sit with a landlord, housing provider or the person themselves. However, {{org_field_name}} remains responsible for ensuring that any premises, equipment, systems or working practices used by the service provider to deliver regulated activity are safe, secure, suitable, clean, properly maintained and appropriately risk assessed.

2. Scope

This policy applies to all offices, administrative bases, staff areas, storage areas, training rooms and any other premises controlled, occupied or used by {{org_field_name}} for the management or delivery of supported living services. It also applies to equipment, documents, keys, medicines-related storage, digital systems, lone working arrangements, security systems and emergency arrangements used by {{org_field_name}} in connection with regulated activity.

In supported living, people usually live in their own homes under separate tenancy, licence or occupancy agreements. {{org_field_name}} is not responsible for the landlord’s statutory repair, maintenance or housing management duties unless this is expressly agreed in writing. However, staff must report environmental, fire, security, infection prevention, accessibility or equipment risks identified in a person’s home, take immediate action where there is risk of harm, escalate concerns to the appropriate person or agency, and record actions taken.

This policy applies to all staff, agency workers, volunteers, contractors, visitors, managers and anyone acting on behalf of {{org_field_name}}.

3. Related Policies

4. Legal and Regulatory Framework

{{org_field_name}} will operate its premises, equipment and security arrangements in line with the following requirements, where applicable:

5. Principles of Safe and Secure Business Premises

5.1 Building Security and Access Control

{{org_field_name}} will maintain proportionate security arrangements for all premises it controls or uses. Security measures must protect people, staff, visitors, confidential information, property and equipment without unnecessarily restricting people’s rights, privacy, liberty, dignity or independence.

All entry and exit points to offices, staff areas, storage areas, records areas and other restricted areas must be controlled so that only authorised persons can gain access. Access codes, fobs, keys and alarm codes must not be shared with unauthorised persons.

Visitors, contractors and professionals must be asked to confirm their identity and purpose of visit before being given access to restricted areas. A visitor record must be maintained where appropriate, including name, organisation, arrival and departure time, person visited and staff member responsible for the visit.

Staff must not enter a person’s supported living home without the person’s consent, legal authority, emergency justification, or agreed care and support arrangements. Staff must respect tenancy rights, privacy and dignity at all times. Where there is a concern that access restrictions, locked doors, keypads, surveillance or other security arrangements may amount to restraint or a deprivation of liberty, this must be escalated to the Registered Manager and managed in line with the Mental Capacity Act policy and safeguarding procedures.

Keyholding arrangements must be documented. Records must identify who holds keys, fobs or access codes, the premises or property they relate to, the date issued, the date returned and any restrictions on use. Lost, stolen or unaccounted-for keys, fobs or access codes must be reported immediately, risk assessed and acted on.

Staff must report any unauthorised access, attempted unauthorised access, suspicious behaviour, damage to locks, missing keys, security system faults or concerns about the safety of people, staff or premises immediately to the Registered Manager or nominated senior person.

CCTV, doorbell cameras, audio recording, monitoring devices or any other surveillance must only be used where there is a lawful basis, a clear and proportionate purpose, appropriate signage or privacy information, and where less intrusive options have been considered. Surveillance must never be used in a way that compromises people’s privacy, dignity or human rights.

5.2 Fire Safety and Emergency Procedures

{{org_field_name}} will ensure that fire safety arrangements are in place for all premises it controls or occupies, in line with the Regulatory Reform (Fire Safety) Order 2005, as amended, the Fire Safety Act 2021 and the Fire Safety (England) Regulations 2022 where applicable.

A suitable and sufficient fire risk assessment must be completed by a competent person for each relevant premises. Fire risk assessments must be reviewed at least annually, following any significant change, after a fire-related incident or near miss, after building works or changes in layout, or where there is reason to believe the assessment is no longer valid.

Fire detection, alarm systems, emergency lighting, fire doors, firefighting equipment, signage, escape routes and evacuation arrangements must be appropriate to the premises and maintained in line with legal requirements, manufacturer guidance and competent contractor advice.

Fire exits and escape routes must be kept clear at all times. Staff must report blocked exits, damaged fire doors, missing signage, faulty alarms, unsafe use of extension leads, overloaded sockets or other fire hazards immediately.

Staff must receive fire safety instruction appropriate to their role and workplace. Fire drills or evacuation exercises must be carried out at planned intervals and whenever significant changes occur. Records must be kept of fire drills, alarm tests, equipment servicing, emergency lighting checks, fire door checks, staff training and actions arising.

Where staff work in a person’s own supported living home, staff must remain alert to fire risks and must report concerns to the person, landlord, housing provider, family, commissioner, fire and rescue service or safeguarding authority as appropriate. Staff must not ignore risks such as blocked exits, unsafe smoking, faulty appliances, damaged sockets, hoarding, missing smoke alarms or unsafe use of oxygen or mobility equipment.

5.3 Health and Safety Compliance

{{org_field_name}} will maintain safe systems of work and a safe working environment for staff, people receiving support, visitors and contractors. The Registered Manager or nominated competent person will ensure that health and safety risks are assessed, recorded, reviewed and acted on.

Health and safety risk assessments must cover, where relevant, slips, trips and falls; manual handling; hazardous substances; electrical safety; gas safety; water safety and legionella; infection prevention and control; lone working; violence and aggression; display screen equipment; work-related stress; driving or travel for work; storage areas; office safety; and emergency arrangements.

COSHH substances must be stored securely, labelled correctly, used only by staff who have received appropriate instruction, and accompanied by relevant safety information.

Accidents, incidents, near misses and hazards must be reported promptly, recorded accurately, investigated proportionately and used to improve safety. The Registered Manager must consider whether external reporting is required, including to the Health and Safety Executive, CQC, the local authority, safeguarding partners, commissioners, insurers or landlords.

Contractors must be checked, supervised and managed according to the level of risk. Evidence of competence, insurance, risk assessments, method statements, permits to work and completion records must be obtained where appropriate.

Staff must not use defective premises, fixtures, fittings or equipment where this creates a risk of harm. Defects must be reported immediately, made safe where possible and escalated until resolved.

5.4 Infection Prevention, Cleanliness and Waste Management

{{org_field_name}} will maintain appropriate standards of cleanliness, hygiene and infection prevention and control in all premises and areas it controls or uses. Cleaning schedules must be proportionate to the use of the premises and the level of infection risk.

Shared workstations, staff rooms, toilets, training rooms, storage areas, frequently touched surfaces and shared equipment must be cleaned at appropriate intervals. Cleaning products must be suitable for their intended use and stored safely.

Staff must follow current infection prevention and control procedures, including hand hygiene, respiratory hygiene, safe use and disposal of PPE, safe handling of waste, cleaning of reusable equipment and reporting of infection risks.

PPE, clinical waste bags, cleaning materials and infection control supplies must be stored securely, cleanly and in a way that prevents contamination, unauthorised access or misuse.

Where staff identify infection prevention concerns in a person’s own home that may affect the safety of the person, staff or others, they must report and escalate the concern in line with the person’s care plan, risk assessment, safeguarding procedures and infection prevention and control policy.

5.5 Maintenance and Equipment Safety

Premises, fixtures, fittings, furniture, IT equipment, security systems, fire systems, electrical equipment, gas appliances, water systems and any equipment used to deliver care and support must be suitable, safe, properly maintained and used only for their intended purpose.

{{org_field_name}} will maintain a premises and equipment register for items it owns, controls or supplies. The register must identify what checks, servicing, calibration, testing or replacement are required, the frequency of checks, the person responsible and the date completed.

Maintenance logs must record defects, repairs, servicing, contractor visits, actions taken, outstanding risks and completion dates. Urgent defects that may place people or staff at risk must be escalated immediately and temporary control measures must be put in place.

Gas appliances and systems for which {{org_field_name}} is responsible must be checked and serviced by a Gas Safe registered engineer at legally required intervals and in accordance with competent advice. Electrical installations, portable electrical equipment, emergency lighting and other electrical systems must be inspected and tested at intervals determined by law, risk assessment, competent advice and manufacturer guidance.

Water systems for which {{org_field_name}} is responsible must be risk assessed for legionella and other water safety risks. Control measures must be implemented, monitored and recorded. Where staff identify possible water safety risks in a person’s own home, they must report these to the person, landlord, housing provider or relevant agency as appropriate.

Equipment supplied by {{org_field_name}} for use in a person’s home must be clean, safe, suitable, properly maintained, used correctly and reviewed as part of the person’s care and risk assessment arrangements. Where equipment is owned by the person, landlord, NHS, local authority or another agency, staff must report concerns about safety, suitability or cleanliness to the appropriate responsible party and record the action taken.

5.6 Safeguarding, Human Rights and Security Measures

Security arrangements must support people’s safety, rights, dignity, privacy, independence and freedom of movement. Security must never be used as a substitute for proper staffing, person-centred support, lawful risk management or safeguarding action.

Staff must report any concern that premises, equipment, access arrangements, surveillance, staff practice, environmental risks or security measures may expose a person to abuse, neglect, discrimination, avoidable harm, organisational abuse, financial abuse or improper restriction.

Security systems such as door entry systems, alarms, call bells, key safes, CCTV, staff safety devices and emergency call systems must be risk assessed, proportionate, maintained and reviewed. The least restrictive option must be used.

Where security arrangements affect a person’s freedom, privacy or ability to leave or enter their home, staff must consider mental capacity, consent, best interests, tenancy rights, safeguarding and whether legal authorisation is required. Concerns must be escalated to the Registered Manager.

Staff must protect people’s property, money, keys and personal information in line with the relevant policies. Any loss, theft, unexplained damage, unauthorised access or suspected financial abuse must be reported immediately.

5.7 Lone Working and Staff Safety

Staff who work alone, travel between services, visit people in their own homes, open or close premises, handle keys, or work outside normal office hours must follow the Lone Working Policy and any local risk assessment.

Lone working arrangements must include check-in and check-out procedures, emergency contact arrangements, escalation steps if a staff member fails to respond, and clear instructions on when staff must withdraw from an unsafe situation.

Staff must complete dynamic risk assessments before and during visits. They must consider environmental risks, behaviour that may challenge, visitors or others present, animals, fire risks, infection risks, unsafe premises, poor lighting, travel risks and any known safeguarding concerns.

Staff must not place themselves at unnecessary risk. Where a situation becomes unsafe, staff should leave if safe to do so, seek assistance and report the incident immediately.

The Registered Manager must review lone working incidents, missed check-ins, assaults, threats, harassment, near misses and environmental risks to identify learning and prevent recurrence.

5.8 Confidentiality, Information Security and Data Protection

Confidential information, personal data, staff records, care records, visitor records, security logs, CCTV footage, access records, incident reports and emergency plans must be handled in line with UK GDPR, the Data Protection Act 2018 and {{org_field_name}}’s Confidentiality and Data Protection Policy.

Paper records must be stored securely when not in use. Digital records must be protected by appropriate access controls, secure passwords, encryption where required, audit trails and role-based permissions. Staff must not leave confidential information visible or unattended in offices, vehicles, shared spaces or people’s homes.

CCTV or video surveillance must only be used where it is lawful, necessary and proportionate. {{org_field_name}} must document the purpose of surveillance, lawful basis, retention period, access arrangements, signage or privacy information, disclosure arrangements and how people can exercise their information rights. A Data Protection Impact Assessment must be completed where surveillance is likely to result in a high risk to people’s rights and freedoms.

Security logs, visitor books, CCTV footage and access records must only be accessed by authorised persons and only for legitimate purposes. Data breaches, lost records, unauthorised access, misdirected information or inappropriate disclosure must be reported immediately in line with the Data Breach Procedure.

5.9 Emergency and Business Continuity Planning

{{org_field_name}} will maintain emergency and business continuity arrangements to ensure that essential care and support can continue during disruption. Plans must cover, where relevant, fire, flood, power failure, gas leak, water failure, IT or cyber incident, telephone failure, severe weather, pandemic or infectious disease outbreak, loss of premises, security breach, terrorism-related incident, transport disruption, staff shortage, supplier failure and failure of key equipment.

Business continuity plans must identify essential functions, priority people and services, emergency contacts, alternative working arrangements, communication methods, access to key records, escalation routes, roles and responsibilities, and arrangements for informing people, families, staff, commissioners, landlords, emergency services and CQC where required.

Emergency plans must be tested or reviewed at planned intervals and following any incident, near miss or significant change. Lessons learned must be recorded and used to improve future planning.

Staff must know what to do in an emergency, including how to raise the alarm, contact emergency services, support people to remain safe, access emergency contact information and escalate concerns to senior management.

5.10 Supported Living Premises, Housing Responsibilities and Escalation

People receiving supported living services live in their own homes. Their accommodation is usually provided under a tenancy, licence or other occupancy agreement that is separate from their care and support agreement. {{org_field_name}} must not present, manage or operate supported living accommodation as if it were a care home unless it is registered and regulated as such.

{{org_field_name}} is responsible for the safety of the regulated activity it provides and for equipment, records, staff practice and systems it supplies or controls. Landlords, housing providers or property owners remain responsible for their own legal duties, including repairs, housing management and landlord safety responsibilities, unless {{org_field_name}} has accepted those duties in writing.

Staff must report premises-related concerns in a person’s home, including fire risks, poor heating, unsafe electrics, gas concerns, water leaks, damp and mould, pest infestation, broken locks, unsafe flooring, inadequate lighting, infection risks, hoarding, blocked exits or equipment concerns. Reports must be made to the person, landlord, housing provider, family, advocate, commissioner, safeguarding team, environmental health, fire and rescue service or emergency services as appropriate.

Where a premises concern creates immediate or significant risk of harm, staff must take urgent action to protect the person, including contacting emergency services where needed, escalating to the Registered Manager, notifying safeguarding if appropriate, and recording all actions taken.

Staff must not arrange, approve or make environmental restrictions that limit a person’s liberty, privacy or control over their own home unless this is lawful, proportionate, care planned, risk assessed, consented to or authorised, and reviewed.

5.11 CQC Inspection, Records and Regulatory Access

{{org_field_name}} will cooperate openly and honestly with CQC and other authorised regulators. Staff must know how to verify the identity of inspectors and how to notify the Registered Manager or senior person when an inspector or authorised officer attends.

Records relating to premises, equipment, safety, security, fire, infection prevention, incidents, maintenance, staff training, risk assessments, audits and business continuity must be accurate, complete, up to date and available when required.

CQC and other authorised bodies may request access to documents, records, premises, systems and staff as part of their regulatory functions. Staff must not obstruct a lawful inspection or request for information. Any request must be handled in line with confidentiality, data protection and regulatory requirements.

5.12 Protective Security and Martyn’s Law

{{org_field_name}} will consider protective security and emergency preparedness for premises, meetings, training sessions, events or public-facing activities it controls. This includes considering the risk of terrorism, serious violence or major security incidents where relevant and proportionate.

The Terrorism (Protection of Premises) Act 2025, known as Martyn’s Law, may apply where premises or events meet the statutory criteria, including expected numbers of people present and the type of premises or event. The Registered Manager or nominated senior person will review whether any {{org_field_name}} premises or events fall within scope when the substantive duties come into force.

Where premises or events are in scope, {{org_field_name}} will identify the responsible person, follow statutory guidance, notify the Security Industry Authority where required, and put in place appropriate public protection procedures, such as evacuation, invacuation, lockdown and communication arrangements.

Even where premises or events are not in scope, {{org_field_name}} will maintain proportionate security awareness, emergency communication arrangements and staff guidance on responding to suspicious behaviour, unattended items, threats, violent incidents or major emergencies.

6. Staff Training and Competence

All staff must receive induction and role-appropriate training before undertaking duties that may affect premises safety, security, fire safety, infection prevention, lone working, information security or emergency response.

Training and competency requirements will include, where relevant:

Staff who support autistic people or people with a learning disability must receive learning disability and autism training appropriate to their role and in line with current statutory requirements and the Oliver McGowan Code of Practice.

Training must be refreshed at intervals set by law, risk assessment, organisational policy, commissioner requirements or competent advice. Additional training must be provided following incidents, audit findings, changes to premises, new equipment, changes in legislation, changes in CQC guidance, or identified staff competency concerns.

The Registered Manager must ensure that training records are maintained, monitored and reviewed. Staff must not carry out tasks involving premises, equipment, security systems or emergency procedures unless they have received appropriate instruction and are competent to do so.

7. Monitoring, Audit and Continuous Improvement

The Registered Manager or nominated senior person will monitor implementation of this policy through planned audits, premises checks, health and safety inspections, fire safety records, infection prevention checks, maintenance logs, incident reviews, training compliance reports, staff feedback and feedback from people receiving support.

Audits must consider whether premises and equipment are clean, secure, suitable, properly used, properly maintained and appropriately located. Audits must also consider whether risks are identified, actions are completed, records are accurate, and learning is shared.

Findings from audits, incidents, complaints, safeguarding concerns, near misses, fire drills, security breaches, business continuity events and staff feedback must be reviewed and used to improve safety. Actions must be recorded, allocated to named persons, given realistic timescales and followed up until completed.

The provider will use CQC’s Single Assessment Framework, including Safe and Well-led quality statements, to review whether safety, governance, learning culture and improvement systems are effective.

Where significant risk is identified, the Registered Manager must escalate this to the nominated individual, provider, landlord, commissioner, safeguarding team, CQC, emergency services or other relevant authority as appropriate.

8. Policy Review

This policy will be reviewed at least annually or sooner if there are changes in legislation, CQC guidance, fire safety requirements, data protection guidance, supported living regulatory expectations, premises arrangements, security risks, serious incidents, safeguarding concerns, audit findings, business continuity incidents, enforcement action or organisational learning.

The Registered Manager is responsible for ensuring that this policy remains current, implemented and understood by staff. Any changes must be communicated to relevant staff and, where appropriate, people receiving support, families, advocates, landlords, contractors and commissioners.

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *