Record Keeping in Safeguarding

Practical UK guidance for clear, defensible records

Safeguarding works best when people join the dots early. Good record keeping is how you join those dots. It turns a worry that ‘felt off’ into a clear picture you can act on. It also protects children, supports staff and shows that your organisation made thoughtful decisions at the right time.

Across the UK, expectations around multi-agency working, information sharing and data protection have tightened. In England, statutory guidance such as Working Together to Safeguard Children sets clear expectations for timely, child-centred practice and effective information sharing. In education, Keeping Children Safe in Education (KCSIE) sets strong expectations for how schools and colleges manage child protection records and transfers. At the same time, the Information Commissioner’s Office (ICO) is clear that UK GDPR does not prevent justified safeguarding information sharing – it provides the framework to do it properly. 

This guide focuses on what ‘good’ looks like for safeguarding leads, DSLs, managers, frontline staff and trustees. You will find practical steps, templates and checklists you can apply immediately across paper and digital systems. You will also see links to reputable external resources so you can align your practice with recognised guidance such as Working Together to Safeguard Children, Keeping Children Safe in Education, the DfE information sharing advice and the ICO’s data sharing guidance for safeguarding children. 

Although many examples here reflect England’s statutory guidance and education practice, the principles travel well across the UK. If you work in Scotland, Wales or Northern Ireland, you should also align with national guidance and local procedures, such as Scotland’s National Guidance for Child Protection, Wales’ Safeguarding children at risk of abuse or neglect (and the Wales Safeguarding Procedures), and Northern Ireland’s Co-operating to Safeguard Children and Young People. 

Safeguarding Record Keeping Best Practice

Strong safeguarding records share a few consistent qualities. They are timely, clear, factual and easy to follow. They also link actions to decision-making, so another practitioner can understand what happened and why, even months later.

Aim for records that answer four questions without drama or guesswork:

• What did you see, hear or receive?
• What did you do next, and when?
• Why did you take that action?
• What happened after, including outcomes and review?

Good practice also depends on consistency. If every member of staff writes concerns differently, you increase risk. A DSL might miss a key detail in a busy queue. A new deputy might struggle to pick up a handover. Multi-agency partners might receive unclear information at the point risk escalates.

Build consistency by agreeing a shared ‘house style’ for safeguarding notes:

• Use plain language that a non-specialist can understand.
• Record dates and times in a consistent format (e.g. 20/01/2026, 14:15).
• Separate fact, professional judgement and action.
• Capture the child’s voice wherever possible.
• Keep each entry short, then use a chronology to show a pattern over time.

Treat record keeping as safeguarding practice, not admin. When staff feel rushed, they cut corners. When systems feel clunky, they delay write-ups. So, invest in a process that makes the right thing easy:

• Provide quick access to a concern form (paper or digital).
• Protect time to write notes after an incident.
• Give staff regular feedback through audit and supervision.
• Train everyone on information sharing and confidentiality rules.

If you want one practical ‘gold standard’ to work towards, imagine a safeguarding file landing on the desk of a new DSL in a new setting. Within ten minutes, they should be able to answer: What is the concern? What is the history? What has been done? What needs to happen next?

What to Record and When

Safeguarding records sit across a spectrum. Some notes support early help. Others record child protection concerns, referrals or strategy discussions. In every case, you want a reliable trail that shows you noticed, assessed, acted and reviewed.

Record immediately when you can, and always on the same day. If you cannot, record as soon as practicable and note the reason for any delay (e.g. emergency response, trip supervision or a late disclosure at pick-up time). Prompt recording protects accuracy. It also reduces the risk of ‘group memory’ shaping what you write later.

Record these core elements whenever a concern arises:

• The child’s identifying details (name, date of birth, address, setting, unique ID if you use one).
• The date, time and location of the concern or disclosure.
• The source of information (who saw it, who heard it, who reported it).
• The concern itself (what you observed, what was said, what you found).
• The child’s presentation (appearance, behaviour, emotional state, any changes from baseline).
• The immediate risk level (your initial view, with reasons).
• The action taken (first aid, speaking to the child, consulting DSL, contacting parents, referral).
• The rationale for decisions (why you escalated or did not escalate, and what guidance you followed).
• The outcome and next steps (who will do what, by when, and how you will review).

Safeguarding rarely sits in one event. A pattern may build through ‘small’ signals:

• Low-level concerns about hunger, tiredness or lateness.
• Small injuries that do not fit the explanation.
• A child who becomes withdrawn or fearful over time.
• Repeated boundary issues with a particular adult.
• A child’s online life changing suddenly (new devices, new contacts, new secrecy).

A chronology helps you see that pattern. So, encourage staff to record smaller concerns too, not only ‘big’ incidents. Working Together emphasises early help and timely response, and careful recording supports that approach. 

A simple, realistic rule of thumb for staff is: If you would mention it to the DSL, record it. If it matters enough to talk about, it matters enough to write down.

Writing a Safeguarding Concern Note

A strong concern note reads like a calm, accurate account, not a story. It makes space for professional judgement, but it keeps judgement separate from observation.

Before you write, take a moment to gather your facts:

• Who, what, where, when.
• Any exact words you need to capture.
• Any immediate actions already taken.
• Any relevant context you already know (recent attendance issues, prior concerns, known family stressors).

Then write the note using a simple structure that staff can learn and repeat:

1) Opening line – what prompted the record
Start with the trigger, so a reader understands why this entry exists.
Example: “At 10:40 on 20/01/2026, I noticed bruising on Sam’s left upper arm during PE changing.”

2) Factual account – what you saw or heard
Use short sentences and concrete detail. Avoid adjectives that imply motive (e.g. ‘suspicious’, ‘attention-seeking’, ‘lying’).
Example: “The bruise measured roughly 3cm by 2cm. It looked purple-blue. Sam flinched when I asked if it hurt.”

3) Child’s words – record verbatim where possible
Use quotation marks and do not ‘tidy up’ language.
Example: “Sam said, ‘Dad got mad and grabbed me’.”

4) Immediate action – what you did next
Record actions in order. Include who you spoke to and when.
Example: “I informed the DSL at 10:55 and completed this note at 11:20. The DSL advised no contact with parents at this stage and contacted children’s social care.”

5) Professional judgement and rationale
State your view and the reasons. Link to risk, history and guidance.
Example: “I am concerned due to the child’s disclosure and the location of the injury. I escalated to the DSL in line with our policy.”

6) Outcome and follow-up
Close with what will happen next.
Example: “DSL will record referral outcome. I will monitor Sam’s presentation in class and report any further concerns.”

If your organisation uses a digital platform, keep the same structure in the narrative field. If you use paper, use a standard form and clear rules (date, time, signature, no correction fluid, and one line through mistakes with initials). Those small habits matter when a record needs to stand up to scrutiny.

Safeguarding Chronology Template

A chronology is the backbone of a safeguarding file. It gives a quick, defensible overview of events, decisions and outcomes. When risk escalates, it also helps you share a clear summary with multi-agency partners.

You can keep a chronology in a secure case management system, a protected spreadsheet, or a paper grid. The key is that it stays up to date and easy to scan.

Here is a practical template you can copy into your system:

Date	Time	Type of event	Summary (1-2 lines)	Action taken	Decision-maker	Outcome / response	Next review date

Tips that make chronologies genuinely useful:

• Keep each summary short and factual.
• Use consistent categories (Disclosure, Injury, Attendance, Online safety, Domestic abuse, Referral, Strategy meeting, Early help).
• Link each entry to the full note or document.
• Add outcomes, even if the outcome is “No further action – monitor”.

Chronologies also support safe handover. In education, KCSIE sets expectations for timely transfer of child protection files, and many local protocols repeat the importance of secure transfer and confirmation of receipt. A clear chronology helps the receiving DSL understand risk quickly, without digging through pages of narrative.

Recording Disclosures: Child’s Exact Words

When a child discloses harm, your record matters. It can support immediate safeguarding action, and it may later support statutory assessment, police work or court processes. Even when a case does not reach that stage, accurate recording helps you protect the child from repeated questioning.

Record the child’s words as closely as you can:

• Use quotation marks.
• Keep the child’s language, including slang and grammatical errors.
• Record any gestures that add meaning (e.g. pointing, demonstrating size or location).
• Note the context (where you were, who was present, what prompted the disclosure).

At the same time, keep your response child-centred and calm. You should not investigate. You should not press for detail. Working Together stresses effective information sharing and appropriate response, and careful recording supports a proportionate approach. 

A helpful way to structure a disclosure note:

• The exact words used.
• The questions you asked (if any), written verbatim.
• The child’s demeanour (tearful, flat, anxious, matter of fact).
• The immediate safety plan (supervision, medical support, contacting DSL).
• The next steps (referral, strategy discussion, early help).

Avoid common pitfalls:

• Do not paraphrase to ‘improve’ language.
• Do not interpret intent (“He was exaggerating”).
• Do not add assumptions about truthfulness.
• Do not promise confidentiality – explain you may need to share to keep them safe.

For staff who want a reminder of the wider principles, the DfE information sharing advice for safeguarding practitioners is useful because it explains why data protection does not block justified safeguarding sharing when you follow the framework. 

Recording Injuries and Body Maps

Injury recording is not a medical examination. You record what you can see, in a respectful way, and you escalate when needed. A body map helps you capture location, size and pattern over time, especially when bruising, burns or marks appear in different places.

Use these principles:

• Record injuries promptly and as privately as possible.
• Ask the child to show you the injury only if appropriate, and only if it is already visible.
• Do not ask the child to undress to show injuries.
• Do not photograph injuries unless your organisation has a clear policy and lawful basis, and you follow it consistently.
• If you provide first aid, record that separately in an accident log as well as in safeguarding notes when relevant.

A good injury record includes:

• Exact location (e.g. ‘Left upper arm – outer side’).
• Approximate size (use centimetres where possible).
• Colour and shape (‘Purple-blue, oval’).
• Any swelling, tenderness or restricted movement the child reports.
• The child’s explanation, recorded verbatim.
• Your actions and escalation.

Many safeguarding partnerships provide body map templates and guidance. For example, the Oxfordshire Safeguarding Children Board produced body map guidance and recording templates that set out practical rules (such as pen use and avoiding unnecessary examination). (oscb.org.uk) You can also see a downloadable example from the Somerset Safeguarding Children Partnership’s Body Map resource. 

A quick quality tip: when staff estimate size, encourage a consistent approach, such as measuring against a ruler (where appropriate), rather than ‘coin sized’ descriptions that vary by person and memory.

Fact vs Opinion in Records

Safeguarding records need professional judgement. However, they also need a clear separation between what happened and what you think it means. When you mix the two, you create confusion and you risk bias.

Use a simple three-part rule:

• Fact: What you saw, heard or received.
• Opinion: Your interpretation or hypothesis.
• Action: What you did, based on fact and judgement.

Examples help staff spot the difference.

Instead of: “Mum was drunk and didn’t care.”
Write: “Mum smelled strongly of alcohol at pick-up (15:35). Her speech sounded slurred. She repeated the same question three times. She did not make eye contact with staff. I asked her if another trusted adult could collect. She refused. I informed the DSL immediately.”

Instead of: “Child is neglected.”
Write: “Child arrived in the same clothes as yesterday. Clothing smelled strongly of urine. Child said, ‘I didn’t have breakfast’. Child ate two servings at snack time and asked for more. I recorded this as a concern and informed the DSL.”

Opinion still matters, but label it and back it with reasons:

• “I am concerned because…”
• “This pattern suggests…”
• “I considered early help because…”

This style protects fairness. It also helps multi-agency partners assess risk based on clear evidence instead of vague impressions.

Who Can Access Safeguarding Records?

Safeguarding records contain highly sensitive information. You should restrict access to people who need it to do their role, while still ensuring that staff can share concerns quickly.

In most organisations, these rules work well:

• All staff can submit a concern, but only the safeguarding lead team can access full safeguarding files.
• Deputies access files only when the lead is unavailable or when their role requires it.
• Senior leaders and trustees receive oversight information, not detailed case content, unless their role in governance requires deeper access.
• HR can access relevant information where it relates to staff conduct or safer recruitment, but you should still keep child protection records separate from HR records.
• Volunteers and visitors should never access safeguarding records.

Education guidance also stresses the separation of child protection records from the main pupil file, and secure transfer when a child moves settings. (Devon County Council)

Build access controls around the system you use:

• On paper: Locked cabinets, controlled keys, a log of file access.
• Digitally: Role-based permissions, multi-factor authentication, audit trails, and secure backups.

If someone requests access, record the request and your decision. If you refuse, record why. That protects both the child and your organisation.

Safeguarding Records and UK GDPR

UK GDPR does not stop safeguarding. It sets the framework so you use personal data fairly, lawfully and securely. The key is that you choose the right lawful basis and keep your processing proportionate.

In safeguarding contexts, organisations often rely on bases such as legal obligation, public task or vital interests, rather than consent. The ICO’s guidance on lawful bases helps you choose appropriately. Consent can feel tempting, but it rarely works well in safeguarding because it must be freely given, and you may need to share information even when a person refuses.

Safeguarding records often contain special category data (health, ethnicity, sexuality, religious belief) and sometimes criminal offence data. The ICO explains that for special category data you need both an Article 6 lawful basis and an Article 9 condition. 

In many safeguarding situations, you may rely on conditions linked to ‘substantial public interest’ under the Data Protection Act 2018. The ICO also explains that many of these conditions require an ‘appropriate policy document’ that outlines compliance measures and retention. 

Practical steps that strengthen UK GDPR compliance in safeguarding:

• Map your safeguarding records processing in a simple record of processing activities.
• Write a clear retention policy for safeguarding files, including destruction steps.
• Train staff on minimisation: record what you need, not everything you know.
• Keep records secure and limit access.
• Document your lawful basis decisions, so you can explain them later.

For child-specific considerations, the ICO also provides guidance on children and the UK GDPR. 

Information Sharing and Confidentiality Rules

Confidentiality matters, but it does not mean secrecy. Safeguarding often requires sharing information with the right people at the right time. The law supports this when you have a clear safeguarding purpose and you share proportionately.

The DfE’s information sharing advice for safeguarding practitioners sets out practical guidance for frontline decision-making. The ICO’s safeguarding FAQs reinforce that you can often rely on lawful bases such as public task, legal obligation or legitimate interests in safeguarding contexts, rather than consent. 

In day-to-day practice, confidentiality works best when you explain it clearly:

• Tell children and families that you keep information private within the safeguarding team.
• Explain that you may need to share information with other agencies to keep someone safe.
• Share only what is relevant, and record what you shared, with whom, and why.

Use a simple decision test before you share:

• Is there a clear safeguarding purpose?
• Do we need consent, and if not, why not?
• Who needs to know, and what do they need?
• Can we share the minimum necessary?
• Have we recorded the decision and the sharing?

If you feel unsure, seek advice early. Many safeguarding partnerships promote a ‘think, share, record’ mindset because delay can increase risk, while rushed sharing without a record can create confusion later.

How Long Should Records Be Kept?

Retention is one of the more complex areas because different sectors hold different types of records. A school child protection file is not the same as a charity case file, and local authority records follow different statutory rules again. However, you can build a defensible approach by combining clear principles with sector-specific guidance.

Start with a simple principle: keep safeguarding records for as long as you need them to protect the child, support accountability and meet legal obligations. Then set a retention schedule that fits your context.

In education, widely used guidance for child protection files often recommends keeping records until the child’s 25th birthday (often described as seven years after the school leaving age). Some local authority and partnership guidance reflects this approach, referencing Information and Records Management Society (IRMS) retention guidance. (Lambeth School Services) KCSIE also expects safe transfer of child protection files when pupils move settings, which links to the idea that the record needs to follow the child. 

For broader organisational contexts, the NSPCC provides guidance on retention and storage of child protection records and stresses that organisations should set clear policies, procedures and secure destruction processes. This helps you build a policy that stands up to scrutiny, even when your organisation does not sit within school retention norms.

When you set retention, also plan for exceptions:

• Ongoing investigations, civil claims or criminal proceedings.
• Historical abuse allegations.
• Looked-after children or complex multi-agency histories.
• Serious safeguarding incidents or learning reviews.

In practice, you can phrase your policy like this:

• “We keep child protection records for at least [X] years or until the child turns [Y], unless an exception applies. The safeguarding lead reviews exceptions case by case and records the rationale.”

If you work in a regulated setting, check whether your regulator provides retention expectations. Also check insurer requirements, as they sometimes influence risk management. Even then, avoid ‘keep everything forever’ approaches. Over-retention increases privacy risk and can undermine trust.

Secure Storage: Paper vs Digital

Secure storage is about more than a locked drawer. It is about a system that keeps information confidential, available when needed, and protected against loss or misuse.

Paper storage works when you manage it carefully:

• Keep files in a locked cabinet in a locked office.
• Control keys and log access.
• Separate child protection files from general pupil or client files.
• Use a clear file structure (chronology, concern notes, referrals, meeting minutes, plans).
• Avoid loose papers on desks or in staff bags.

Digital storage can strengthen security and consistency, but only when you configure it well:

• Use role-based access and remove access quickly when staff leave.
• Enable multi-factor authentication.
• Use encryption at rest and in transit where possible.
• Keep audit logs so you can see who accessed what and when.
• Back up securely and test restores, so you can recover after an incident.

Digital also introduces new risks:

• Staff may save screenshots or export files to local devices.
• People may email sensitive information without encryption.
• Shared passwords can destroy accountability.

Set clear rules to reduce these risks:

• Never email safeguarding documents to personal accounts.
• Use secure transfer methods for inter-agency sharing.
• Use approved devices and approved storage only.
• Report data breaches quickly and follow your incident plan.

In education transfers, local protocols often emphasise secure transit, separate transfer from the main file, and obtaining confirmation of receipt. (nscp.nottinghamshire.gov.uk) Those principles also help outside education: secure transfer, named recipient, confirmation, and a record of what you shared.

Common Safeguarding Record Keeping Mistakes

Most record keeping problems come from everyday pressures. Staff feel busy, emotionally affected or unsure about what to include. These mistakes often look small in the moment, but they can create serious risk later.

Common mistakes include:

• Delayed write-ups that rely on memory rather than fresh detail.
• Vague language such as ‘seemed strange’ without describing what happened.
• Missing dates, times or names of those involved.
• Mixing fact and opinion so the reader cannot separate evidence from interpretation.
• Recording too much irrelevant personal detail, which increases privacy risk.
• Failing to capture outcomes, so the file has ‘cliff-hanger’ entries.
• Keeping safeguarding information in multiple places (emails, notebooks, phone photos).
• Storing files in the main pupil or client file without restricted access.
• Forgetting to update the chronology, making patterns harder to see.
• Handing over cases verbally without documenting key decisions.

You can reduce these issues with three practical habits:

• Give staff a simple template and train them to use it.
• Audit files regularly and give feedback.
• Create a culture where staff report concerns early, even when unsure.

If you spot repeated issues, treat them as system problems, not personal failings. Often the fix is simpler than it looks: clearer prompts on the form, better training on what ‘fact’ looks like, or protected time for staff to write up concerns before they go home.

Safeguarding File Audit Checklist

Auditing does not need to feel punitive. Use it as quality assurance and coaching. A good audit helps you check consistency across teams, spot training needs and strengthen defensibility.

Use this checklist at least termly in schools, and at an agreed frequency in other settings (for example, quarterly). Sample a mix of open and closed cases.

File structure and completeness

• The file has a clear front sheet with identifiers.
• The file contains an up-to-date chronology.
• Each note is dated, timed and attributed to an author (signature or digital author tag).
• The file shows actions and outcomes, not only concerns.
• The file includes copies of key referrals and responses.

Quality of recording

• Notes separate fact, judgement and action.
• Notes include the child’s words where relevant.
• Notes avoid jargon and unexplained acronyms.
• Notes show rationale for decisions, especially when no referral was made.
• Notes record follow-up, including monitoring and review dates.

Information sharing and consent

• The file records what was shared, with whom and why.
• The file records decisions about consent and confidentiality.
• The file shows proportionate sharing (minimum necessary).

Data protection and security

• Access controls are clear and appropriate.
• Paper files show an access log if used.
• Digital records show an audit trail if the system provides one.
• Sensitive attachments (photos, reports) are stored securely and consistently.
• Retention and destruction dates are defined for closed files.

Supervision and oversight

• Safeguarding supervision notes exist where required.
• Escalation routes are clear (referral, LADO or equivalent, early help, police).
• The file shows management oversight on high-risk cases.

After each audit, record actions:

• What you will change.
• Who owns the action.
• When you will review progress.

Keep audits practical. If your checklist is so long that nobody uses it, it will not improve practice. It is better to audit ten key points consistently than forty points occasionally.

Conclusion

Safeguarding record keeping is not about perfect paperwork. It is about protecting children through clear, accurate, timely information that supports action and accountability. When your records capture facts, the child’s voice, decisions and outcomes in a consistent way, you reduce missed risk and strengthen multi-agency working.

If you want to improve quickly, start small: standardise your concern note structure, build a live chronology, tighten access controls, and run a friendly audit. Then keep going through training, supervision and review. Over time, good records become part of your safeguarding culture – and that culture helps children stay safer.