CQC Inspection Preparation Checklist for Workforce Compliance

Your Staff Files Will Be the First Thing Inspectors Open

A CQC inspector arrives at your service. Before they observe a single interaction or review a care plan, they pull a selection of staff files. Gaps in recruitment documentation and expired professional registrations are the findings that appear most often across the Safe domain. Supervision records that are missing or inconsistent follow closely behind. Together, these are the reason providers score 1 or 2 in that domain with alarming regularity.

Between April and December 2025, the Care Quality Commission completed over 5,000 assessments. That represents a 50% increase on the same period in 2024, according to the CQC's own January 2026 update. The regulator is on track for 9,000 assessments by September 2026, averaging 456 reports per month against a target of 500.

More inspections means more providers will face scrutiny this year. This CQC inspection preparation checklist covers the workforce compliance areas that generate the most findings, so your team can identify gaps before an inspector does.

What CQC Inspectors Flag Most in Workforce Files

The Single Assessment Framework organises CQC assessments around quality statements rather than the previous key lines of enquiry. But the evidence inspectors request has not changed as much as the structure around it.

Across the Safe domain, the most common workforce findings fall into three categories.

Recruitment documentation gaps. Missing references, incomplete employment histories, absence of evidence that references were verified before the person started in post. Regulation 19 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 sets out the requirements. Inspectors check whether the provider followed the regulation, not whether they intended to.

Expired credentials going undetected. Professional registrations with the General Medical Council, the Nursing and Midwifery Council, or the Health and Care Professions Council that lapsed between annual checks. DBS certificates that were never rechecked or monitored through the Update Service. Mandatory training that expired months ago without anyone flagging it.

Missing or inconsistent supervision records. Staff working without documented clinical supervision, or supervision records that do not match the frequency stated in the provider's own policy.

These are not edge cases. They are the patterns that appear in published inspection reports month after month.

CQC Inspection Preparation Checklist: Workforce Compliance

Use this as an operational checklist. Each item maps to evidence that CQC inspectors routinely request under the Safe and Well-Led quality statements.

Recruitment and pre-employment checks

• Written application or CV on file for every staff member, including agency and bank workers
• Two references obtained and verified before the start date, with evidence of verification method
• Enhanced DBS check on file, dated and at the appropriate level for the role
• DBS Update Service status checked at least annually (or more frequently per your policy)
• Right to work documentation verified and copied, with follow-up dates set for time-limited permissions
• Proof of identity verified against the original document
• Full employment history reviewed, with gaps explored and documented
• Occupational health clearance or fitness-to-work assessment on file
• Disclosure of any disciplinary history or fitness to practise proceedings
• Evidence that all checks were completed before the individual had unsupervised access to people using the service

Professional registration and revalidation

• Current professional registration confirmed through primary source verification (GMC, NMC, HCPC, GPhC, or GDC register)
• Registration expiry dates recorded and monitored, with alerts set in advance of renewal deadlines
• Revalidation status tracked, including appraisal dates and evidence submissions
• Scope of practice documented and matched to the role being performed
• Any conditions, warnings, or undertakings on the registration identified and managed
• Fee payment dates monitored (NMC registration lapses if fees are not paid on time, regardless of whether clinical requirements are met)

Mandatory training and competency

• Training matrix maintained, showing required training by role
• Completion dates and expiry dates recorded for each staff member
• Expired or overdue training flagged and acted on, with evidence of follow-up
• Induction records on file for all new starters, including agency and temporary staff
• Competency assessments documented where required (medication administration, moving and handling, safeguarding)

Supervision and appraisal

• Supervision schedule in place that matches the provider's own stated policy
• Supervision records on file for each relevant staff member
• Records include actions agreed and evidence of follow-up
• Annual appraisals completed and documented
• Probationary reviews completed within the stated timeframe

Safeguarding

• All staff trained to the appropriate safeguarding level for their role
• Designated Safeguarding Lead identified and trained
• Safeguarding concerns log maintained and up to date
• Evidence of safeguarding referrals made when appropriate

Staffing levels and deployment

• Staffing rotas retained and available for inspection
• Evidence that staffing levels are reviewed against dependency and acuity
• Agency and temporary staff usage documented, including compliance checks
• Evidence that agency staff receive a local induction before working on site

The Regulator Is Digitising. Most Providers Have Not

One detail from the CQC's November 2025 update is worth noting. The regulator confirmed it is piloting its own AI and automation tools to increase inspection productivity. The CQC is investing in technology to process more assessments, faster.

For providers still managing compliance through spreadsheets and shared folders, this creates an asymmetry. The regulator is scaling its capacity to inspect. Providers relying on manual processes are not scaling their capacity to be ready.

The 50% year-on-year increase in assessment volume is not a temporary surge. The CQC has stated its target and is building the operational capability to meet it. Providers who were previously inspected every two to three years may find that cycle shortening.

Where Workforce Compliance Breaks Down in Practice

The checklist above covers what should be in place. The operational challenge is keeping it in place across a workforce that changes constantly.

Staff join and leave. Registrations expire on different dates. DBS checks age out. Training certificates lapse between annual audits. A new agency nurse arrives for a weekend shift and nobody checks whether their NMC registration is current.

For a single-site provider with 30 staff, a spreadsheet might hold. For a multi-site organisation or one with a significant bank and agency workforce, the volume of credential expiry dates, renewal cycles, and verification checks exceeds what manual tracking can reliably manage.

The providers who score well in the Safe domain are not the ones with the best intentions. They are the ones with systems that surface expiring credentials before they lapse and flag documentation gaps before an inspector finds them.

Building CQC Workforce Compliance Into Daily Operations

Compliance teams that treat CQC readiness as an annual event will always be caught out. The providers that perform well under the Single Assessment Framework are the ones where compliance monitoring runs continuously, not in the weeks before an expected inspection.

That means automated checks against primary source registers, so a lapsed NMC registration is flagged the day it happens rather than at the next quarterly review. It means expiry alerts that trigger weeks before a credential lapses, giving time to resolve it. It means audit-ready reports that can be generated on demand, not assembled from multiple spreadsheets over several days.

Credentially's platform is built around these CQC-aligned workflows. The system runs daily automated re-checks against GMC, NMC, HCPC, and other registers, issues expiry alerts before credentials lapse, and generates instant compliance reports filterable by site, role, or department. Onboarding workflows follow Regulation 19 requirements, and the compliance dashboard gives registered managers real-time visibility of their workforce compliance status.

For providers preparing for CQC assessment, the practical difference is this: instead of assembling evidence reactively, the evidence already exists in a format inspectors can review.

What to Do Before Your Next Assessment

Start with the checklist above. Pull a random sample of ten staff files and check every item. If more than one file has a gap, the same gap likely exists across your workforce.

Then assess your monitoring. When was the last time you checked the professional registration status of every clinician working in your service? If the answer is more than a month ago, a lapse may already have occurred without your knowledge.

The CQC's inspection volume is increasing. The regulator's own tools are becoming more sophisticated. Providers who treat workforce compliance as a continuous operational discipline, rather than an inspection preparation exercise, will be better positioned when the assessment arrives.

Download the CQC compliance checklist to share with your team and use as an operational audit tool.

---

1. Credentially CQC compliance features page
2. Blog on credential expiry management
3. Platform demo page