Scr and Safeguarding Audit Readiness

SCR safeguarding audit readiness sits right at the intersection of safeguarding practice, governance oversight, and operational discipline. In most trusts, the people doing the work care deeply and take it seriously. The strain usually comes from volume and variation: lots of recruitment activity, different local habits across schools, and a long list of checks that must be recorded accurately every time.

When the single central record (SCR) is strong, it gives confidence quickly. When it is weak, it creates immediate doubt, even if the underlying safer recruitment practice is mostly sound. That is why the SCR matters to trustees, the designated safeguarding lead (DSL), HR, school leaders, and the audit and risk committee. It also matters because the board has clear safeguarding responsibilities, including ensuring the suitability of staff, supply staff, volunteers, contractors and the proprietor role in academies. (GOV.UK)

This guide sets out a practical readiness model for academy trusts, grounded in Keeping children safe in education 2025 (KCSIE 2025) and aligned to trust governance expectations. It focuses on what to check, how to evidence it, how to report it, and how to get ready quickly without creating a short-lived “inspection folder” that fades as soon as the pressure lifts.

What KCSIE 2025 expects from your SCR

KCSIE is clear that schools and colleges must maintain a single central record of pre-appointment checks (often referred to in regulations as “the register”). The record must cover the right groups of people. For schools, that includes all staff, teacher trainees on salaried routes, and agency and third-party supply staff, even if they only work for one day. For independent schools (and KCSIE confirms that academies and free schools fall into this category for these purposes), it includes the members of the proprietor body.

KCSIE then gets very specific about what the SCR must show. It must indicate whether key checks have been carried out, and it must record the date each check was completed or the certificate obtained. The list includes identity checks, barred list checks where relevant, enhanced DBS checks, prohibition from teaching checks, checks for people who have lived or worked outside the UK, professional qualifications where required, and the right to work in the UK. KCSIE also highlights section 128 checks for those in management positions in independent schools, which includes academies and free schools.

Two lines in KCSIE are particularly helpful for multi-academy trusts (MATs) because they address a common point of confusion. MATs must maintain the SCR detailing checks carried out in each academy. There is no requirement for a separate record for each academy, but the information must be recorded in a way that allows details for each academy to be provided separately, and without delay, including to inspectors.

That “without delay” phrase is worth sitting with. It is a strong hint about what good looks like. If your trust holds a single trust-wide spreadsheet, but cannot quickly filter by academy, or cannot quickly evidence who checked what and when, you have built a record that is hard to rely on in the moments that matter.

Audit readiness as an assurance process, not a last-minute tidy

In trusts, “audit readiness” often gets treated as a calendar event. People scramble before a review, correct what they can see, and hope the sampling does not land in the wrong place. It is understandable, but it is also exhausting, and it rarely fixes the underlying cause of errors.

A better mental model is to treat the SCR as a live safeguarding control with a routine assurance cycle. This is where governance helps. The DfE governance guide states that the purpose of governance includes accountability and assurance, and that boards have strategic and statutory responsibility for safeguarding arrangements across the trust. (GOV.UK) In other words, trustees are entitled to ask for evidence that the SCR is being maintained well, and leaders are entitled to ask for the resources and clarity of roles needed to do it properly.

My experience is that the trusts that feel most “ready” are not the ones who never find issues. They are the ones who find issues early, track them transparently, and can show that corrective action has been tested.

Designing a trust-wide SCR that stands up to scrutiny

KCSIE allows paper or electronic formats. Most trusts use an electronic record for obvious reasons, but “electronic” covers everything from a spreadsheet to a specialist platform. The format matters less than the discipline around it.

If you run a trust-wide SCR, the design needs to support three practical outcomes:

1. Clear separation by academy so you can produce academy-level outputs quickly. KCSIE expects MATs to provide details separately and without delay.
2. Consistent fields and definitions so the same check is recorded the same way in every school.
3. A workable audit trail so you can show how entries link to underlying evidence and who completed or verified key steps.

A small but important design choice is how you handle “status”. Some trusts use tick boxes, others use dates only, others use a mix. KCSIE expects both whether the check has been done and the date completed or certificate obtained. If you rely on a tick without a date, you create a gap that an auditor will inevitably question.

The SCR checks that should become routine

Trusts get the biggest improvement when they stop relying on an annual “big check” and instead run small, repeatable checks that are easy to complete and easy to evidence.

A practical routine checking model usually includes:

Completeness checks Start with the basics. Are all the required fields populated for each person, and is the person included on the SCR when they should be? KCSIE is clear about coverage, including agency staff and the proprietor body.

Date logic checks These are quick to run and they catch common errors. Examples include: a DBS date after the start date where the role requires checks before starting, a prohibition check recorded with no date, or a “checked” marker without a completion date. KCSIE’s focus on recording dates makes this a core quality test.

Joiner and leaver discipline KCSIE states that details of an individual should be removed from the SCR once they no longer work at the school or college. In MATs, leavers are where records often drift, especially when staff move between academies or change roles. Leaver controls are not glamorous, but they stop the SCR becoming a historic dump rather than a live control record.

Sampling against underlying evidence This is where assurance becomes meaningful. A sample that tests whether SCR entries are supported by underlying records will quickly show where process discipline is weak. Sampling should include a mix of starters, long-standing staff, supply staff, and at least one senior role where section 128 checks are relevant.

Exceptions and explanations The goal is not to pretend there are never gaps. The goal is to identify them, explain them, and manage the risk. This is also where governance oversight becomes real: if exceptions are recurring in one academy, the trust can see it and respond.

A note on agency and third-party staff

Agency staff entries are often present, but the evidence behind them is thin. KCSIE expects schools and colleges to include whether written confirmation has been received that the employment business has carried out the relevant checks. A strong readiness approach is to sample agency confirmations termly and confirm that the written confirmation aligns to the people actually on site.

Recruitment workflow testing that prevents recurring SCR errors

It is tempting to focus on the SCR as a spreadsheet problem. In reality, SCR errors almost always come from workflow: who does what, when, and with what evidence.

KCSIE expects governing bodies and proprietors to ensure that those involved in recruitment and employment have received appropriate safer recruitment training, covering at least the content of Part Three. It also references the requirement for maintained schools and PRUs that at least one person conducting an interview has completed safer recruitment training. In academy trusts, you still want the same practical outcome: trained people are consistently involved, and the trust can evidence this as part of its recruitment control environment.

Workflow testing is about looking at the process end to end:

• Are checks completed before start dates where required, and are decisions recorded when exceptions occur?
• Is there clarity between HR, the DSL, school administrators, and leaders about who updates the SCR and who verifies it?
• Is there a reliable handover when recruitment is run centrally but induction happens locally?
• Is there a standard approach to recording section 128 checks for relevant management positions?

A trust can “clean” the SCR and still face the same issues next term if these workflow questions remain fuzzy.

Evidence retention and data protection, handled sensibly

Safeguarding readiness needs evidence, but it also needs restraint. KCSIE states that schools and colleges do not have to keep copies of DBS certificates to fulfil the duty of maintaining the SCR. It also notes that where a school or college chooses to retain a copy, there should be a valid reason, and it should not be kept for longer than six months.

This is an area where trusts sometimes overcorrect. They keep everything forever, in multiple places, because it feels safer. It rarely is. It increases data protection risk and makes it harder to retrieve the right evidence quickly. A better approach is a clear evidence standard: keep what you need, know where it is, and be able to retrieve it on request.

What trustees and committees should see

Safeguarding governance can drift into polite updates that nobody challenges, especially when teams are stretched and nobody wants to pile on. The DfE governance guide is explicit that the board has responsibility for safeguarding arrangements across the trust and that governance provides accountability and assurance. (GOV.UK) The Academy Trust Handbook also frames safeguarding as a key governance priority and highlights the board’s duty to safeguard and promote welfare and to ensure staff suitability with regard to statutory guidance. (GOV.UK)

In practice, committees tend to get better oversight when reporting includes:

• a trust-wide SCR health summary, with academy-level comparisons
• the number and type of exceptions, with timeframes for resolution
• evidence of sampling and re-check outcomes
• themes that indicate a process weakness, not just isolated errors
• escalation points where issues persist

Minutes matter too. They should show the questions asked and the decisions made, especially where risk remains open. This becomes part of your assurance trail.

A safeguarding evidence pack that is worth maintaining

A good evidence pack is simple enough to keep current and structured enough that you can hand it over confidently during internal scrutiny, external review, or inspection.

Most trusts benefit from keeping:

1. A current SCR extract for each academy, date-stamped.
2. A sampling log showing what was tested, when, by whom, and what evidence was seen.
3. An exceptions tracker with owners, due dates, and re-check results.
4. A short process map that clarifies who updates the SCR and who verifies it.
5. Committee papers and minutes that show oversight and challenge.

If you build this gradually across the year, it reduces stress and improves quality. It also means your readiness is based on habits, not heroics.

A practical 30-day SCR and safeguarding readiness plan

If your trust needs to raise confidence quickly, a sprint works best when it is focused and honest about what can be achieved.

1. Days 1 to 5: Baseline and triage

   • Pull academy-level SCR extracts and run completeness and date logic checks.
   • Identify any critical gaps linked to KCSIE’s required checks and coverage.

2. Days 6 to 12: Fix and stabilise

   • Correct high-risk data errors.
   • Tighten joiner and leaver updates, including removal of leavers as KCSIE expects.
   • Confirm section 128 checks are recorded for relevant management roles.

3. Days 13 to 18: Align workflow and roles

   • Confirm who does the checks, who records them, and who signs off exceptions.
   • Reinforce safer recruitment training expectations for those involved in recruitment processes.

4. Days 19 to 24: Independent sample re-check

   • Re-sample a set of records across several academies.
   • Test agency confirmation evidence and proprietor body coverage where relevant.

5. Days 25 to 30: Governance reporting and cadence

   • Report what was found, what was fixed, and what remains open.
   • Agree a termly full check and monthly targeted checks during peak recruitment windows.
   • Log residual risks and any interim controls.

The sprint only lands well if you end with clarity. Leaders should be able to say where confidence is high and where further work is needed, and trustees should be able to see that this is being managed as a safeguarding control.

Sustaining readiness across the year

The trusts that sustain readiness tend to do three things consistently.

They standardise the SCR structure and definitions across all academies, which reduces error and reduces debate. They build a small assurance routine, so issues surface early. They keep governance involved in a practical way, with reporting that highlights themes and recurring issues rather than burying them.

KCSIE’s MAT requirement about providing academy-level details without delay is a useful benchmark for maturity. If you can meet that expectation calmly at any point in the year, you will feel the difference in confidence across the organisation.

How internalscrutiny.co.uk can help

internalscrutiny.co.uk helps trusts strengthen SCR and safeguarding assurance with practical testing models and governance-ready reporting. We focus on data quality, workflow discipline, and evidence integrity across trust and school settings, so your safeguarding assurance story stands up to challenge and supports real risk reduction.

To align this with your compliance programme, visit safeguarding and GDPR support, request targeted work through bespoke audits, or start planning via Book Audit.

Sources

Checked on 24 February 2026.

• Department for Education, Keeping children safe in education 2025 (effective from 1 September 2025). (GOV.UK)
• Department for Education, Academy trust handbook 2025: effective from 1 September 2025 (updated 22 October 2025). (GOV.UK)
• Department for Education, Academy trusts: governance guide (published 19 November 2025). (GOV.UK)

https://www.gov.uk/government/publications/keeping-children-safe-in-education--2
https://assets.publishing.service.gov.uk/media/68add931969253904d155860/Keeping_children_safe_in_education_from_1_September_2025.pdf
https://www.gov.uk/government/publications/academy-trust-governance-guide
https://www.gov.uk/government/publications/academy-trust-handbook/academy-trust-handbook-2025-effective-from-1-september-2025