What's expected of you

CQC is very much outcomes focused, meaning that the regulator is looking to learn:-

  1. What you have in place to achieve positive and consistent outcomes
  2. Whether you actually achieve them
  3. What do you do when you don't
  4. How do you monitor all this
  5. How do you ensure this is managed at higher levels

From a practical point of view, you have to be compliant all the time not just March as most practices tend to do and all your staff must understand why they do what they do, always keeping proper evidence of compliance.

10 Steps to Compliance

Step 1 - Action plan

  1. Get yourself organised by allocating time to do the job and making sure key members of staff will be available to assist at that time
  2. Prepare yourself as to what do you need to do for CQC. Read the regulations, get toolkits to help (BMA has a very good toolkit, see the Resources section if you haven't already got this).
  3. Prepare GP partners for CQC
    1. What expenditure they might have to authorise for tools or staff
    2. How this is to be enforced – You need their absolute authority and support to tell staff what to do. This is now a fundamental part of your job and you will have to be prepared to issue warnings to non-cooperating staff.
    3. Make sure they understand that they are now personally liable for registration, even though a manager might be doing the legwork.
    4. They are aware of the penalties and criminal liability for non-compliance
  4. Prep your staff about the registration and new requirements
  5. Work out a time table for implementation
  6. If you have bought a complete set of tools to do this, it should take you 2-3 months to get everything done
  7. If you are designing everything yourself, this will depend on how well organised you are already. Allow 1-2 months to bring your systems up to scratch and 2-3 months to implement.

An alternative method of organising
A good way of working your way through is to concentrate on high risk items first and work your way through to lower risk items. This way, if you do not have time to get everything ready by the deadline, whatever is left to do is relatively low risk and does not reflect on your application too badly.
We recommend this method, and the sequence you could adopt is:-

  1. Premises
  2. Equipment
  3. Fire and environment
  4. Staff Management
  5. Patients - Outcomes
  6. Corporate governance

Step 2 - Update your policies

Policies are your adopted rules and intent.

Although we say that CQC is not about policies, that does not mean you don't need any. Policies are an essential first step in planning our system to decide what we are aiming for. However, this is just intent and unless you put it into practice, it has little value.

So treating this as a first stage of deciding what standards we will hold ourselves up to, it is a good idea to make sure that all policies are up to date and in place. Most practices should find this step quite easy as this is a familiar routine and they are likely to have done this exercise for QOF and contract reviews.

And remember - There aren't any special policies for CQC, your existing ones are probably fine

Step 3 - Update protocols

A protocol, process or procedure describes how we will make the policies work. At this stage you need to ensure that you have worked out what the staff members have to do to make sure we meet quality standards.

Essentially these are the steps we will follow to make sure that we meet our policy objectives. Here is how policies and processes fit together:-

A policy might read something like "Our policy is to maintain strict fire safety precautions and ensure all staff are aware of how to deal with ...... etc.“

These are some of the processes required to put this in practice:-

  • Carrying out regular risk assessments
  • Daily safety checks to ensure safety is maintained, for example that fire doors are not inadvertently blocked
  • Regular fire drills
  • Testing alarms and fire systems on a regular basis


  • Written copies of risks assessments and actions taken
  • Daily checklist completed, signed, and reviewed
  • Log of fire drill activity
  • Log of alarm tests


Even if you have protocols in place, you should review the BMA guide to CQC, which includes pro-forma protocols for each of the outcomes. See the resources section for links.

Step 4 - Plan the roll out

Once you have got the policies and procedures in place, and you are now ready to implement these and get things done.

Start by organising, scheduling and allocating routine tasks which need to be carried out daily/ weekly/ monthly/Annually.

Allocate the duties for each of the main areas, here are examples:-

  1. Daily safety checks rotating between staff where possible (this builds in redundancy and trains different members of staff at the same time)
  2. Daily infection control checks. Allocating checks for cleanliness to members of staff reinforces good practice and raises awareness.
  3. Daily security checks.

Rotating duties between staff members reinforces important safety messages, and makes them more aware of the issues. This type of training ensures that if you are inspected, each member of staff is able to demonstrate intimate knowledge of the principles as opposed to having to regurgitate what they read in a handbook 6 months ago.

Step 5 - Get staff onside

A fundamental problem in GP practices is that the entire burden of compliance falls on the practice manager's shoulders. Once staff gets into the frame of mind that "this is not my job" and push it on to the manager, the practice manager is forever stuck in this cycle where they feel they have to do everything, else it just doesn't get done.

Hopefully you might not have this problem, but if you do, here is a suggested agenda for how to get staff organised. This will be a tricky area as some staff may oppose change, but you need to be firm because if any member of the team does not pull their weight, the whole system suffers. If you do not take a firm stand, the end result will be that the task will end up on the manager's desk again.

  1. Give a written notice to staff about the coming changes and their role in the daily compliance regime
  2. Send a memo/guidelines about self-responsibility – The whole ethos is about self-responsibility and you cannot now leave everything to the PM. Everyone has to be competent or there is no practice and there is no job.
  3. Here are the new rules:-
      1. Our licence depends on this, so everyone has to go through training
      2. Staff need to be aware of things + need to be knowledgeable to do their jobs
      3. Competency & suitability tests now compulsory – if you cannot do the job, we are not allowed to let you do it
      4. You will have to go through a training process
      5. You will have to go through self-certification else we cannot let you log on to system and you cannot do your job:-
        1. IG Toolkit
        2. Caldicott rules and importance of confidentiality


  4. Your duties have to be modified
  5. Patient care/safety/outcomes is the most important theme – everyone likely to come into any contact with patients [including admin staff answering the odd call] must go through training and must follow the rules
  6. Allocate protected time to get things done
  7. Issue new contracts to staff
  8. Publicise the policies and processes – make sure everyone knows so there is no dispute afterwards


Step 6 - Train everyone

Steps 1-5 were the easy bits. Setting up the rules is one thing, but putting these into practice is time consuming and can be challenging as you will be dealing with staff of varying abilities and attitude.

What we want to achieve:-

  1. Ensure that every member of staff is covered.
  2. Staff has the opportunity to have repeat training if they don’t understand.
  3. That staff actually understand the content, and not just attending as a tick box exercise.
  4. Create “champions” in the team whom the staff can go to at any time. Might just be one person in a smaller organisation.
  5. Teach them how to teach. If they can teach others, generally they must have understood the subject well, and it saves you time.
  6. Rotate jobs, even for short periods, so staff learns how everyone’s jobs fit together and broadens their knowledge and understanding.

Types of training:-

  1. Informal one to one meetings.
  2. Structured one to one training.
  3. Briefs at staff meetings.
  4. Structured training at staff meetings.
  5. External courses.
  6. Vocational training
  7. Recognised qualifications.
  8. Online training.
  9. In job training.

Evidence of training - Make sure you keep evidence of who was trained and when. As well as being able to prove that training was carried out, nothing speaks louder than the impact it has on improving performance. One training session with demonstrable evidence of improvement is more powerful than 10 sessions with no improvement.

Types of evidence:-

  1. Names and dates of attendances
  2. Acknowledgement of attendance by trainee
  3. Feedback on what they learned

Step 7 - Implementation

This is the most underestimated step of all. On average, a manager can spend up to 80% of their time implementing a system.

What do we mean by implementation?

You have designed the system and trained everyone on what to do.

Now you have to make them do this every day, 365 days a year, and get it right first time every time.

You have no idea whether they absorbed what you taught them, so you have to watch over them until they are ready.

You might have to retrain some staff, and you might give up on others, which is another ball game altogether.

Each time they get it wrong, it increases your workload and stress level.

If you have the resources, delegate some of your responsibilities to others. Even in smaller organisations, you will be surprised how much you can delegate if you just assign parts of the whole job to one or two people.

This is what managing is all about.

Step 8 - Monitor processes

Monitoring processes is not exactly the same as managing and monitoring staff.

When you monitor staff, you are looking to see whether that member of staff is doing things correctly, whether they need help, and whether they are competent in that job. Your focus is on the person and their capabilities and needs. If things don't work as expected, the problem is likely to be localised to that person and you may fix it by retraining that person, offering more assistance, or in extreme cases replacing them.

Monitoring processes means managing the system and making sure that the rules you set and the training you gave are proving to be right and working properly. Any weaknesses in the process translate as a weakness in the system, and this means that everyone who is following that process is getting it wrong. Process weaknesses can be more serious, have more widespread effect, and might be more difficult to fix.

Indicators of process weaknesses:-

  • When outcomes are not being achieved
  • Recurring mistakes - Same error happening over and over
  • High level of customer/patient complaints
  • Accidents and serious untoward incidents
  • Lack of confidence by staff

Types of process weaknesses:-

  • Poor training – results in poor system
  • Poor recruitment – results in poor performers
  • Flawed processes – results in flawed results
  • Poor risk management – leads to avoidable mistakes and adverse events
  • Uncertainty and hesitation by staff in decision making – combination of above

Step 9 - Monitor outcomes

Why outcomes matter

BP oil disaster of 2010.
This is the largest accidental marine oil spill in the history of the petroleum industry.
The accident was blamed on a series of cost-cutting decisions and the lack of a system to ensure well safety. It was also concluded that the spill was not an isolated incident caused by "rogue industry or government officials", but that "The root causes are systemic and, absent significant reform in both industry practices and government policies, might well recur".
BP also had the highest number of explosions and other incidents at its US refineries.
A single outcome can destroy an organisation, and a number of smaller incidents can be indicative of serious underlying problems.

About outcomes

  • The entire performance of an organisation is often judged on outcomes alone.
  • Smaller problems may be indicative of bigger underlying problems.
  • An entire year’s work or even many years of work can be overshadowed by a single incident.
  • The CQC inspections are outcomes focused.

Managing outcomes

  • Dealing effectively with smaller incidents helps promote better safety and prevents bigger more serious problems.
  • Any negative outcome needs to be dealt with quickly and effectively. Festering problems will escalate and more problems may be occurring during any delay.
  • Regular reviews and interviews of staff and patients are useful to catch anything your system might have missed. A despondent patient might have given up on complaining because the complaints system in itself is so badly managed, they don’t think it is worth it. This means that problems get hidden and out of sight for longer.
  • Regular reviews of what goes wrong and how to fix it are essential.
  • Celebrating what goes right is equally important to allow us to play on strengths, and reinforce good practices.
  • Managing risk and managing outcomes must be the cornerstone of your compliance system.


"The man who makes no mistakes does not usually make anything"

About outcomes:-

  • No one can guarantee that nothing will go wrong.
  • It is about minimising negative outcomes not necessarily eliminating them altogether.
  • If something goes wrong, you must know about it and do something about it.
  • The acid test for all legal action will be whether you took reasonable steps.
  • Record positive outcomes. How many times you got it right is just as important.

Step 10 - Regular reviews

It is obvious that organisations must carry out regular reviews of processes, events and outcomes.
It might be easier to manage and understand this if broken down into broader and more familiar headings.

Events and incidents
Reviewing how we coped with specific incidents, complaints, near misses, and significant events forms a good basis for learning and celebrating good practice.

Exploring good practices and developing strategies for improvement are preventative techniques. Examples are conducting a clinical significant event audit; Clinical improvement meetings; and business planning.

Management performance
In most organisations, this is most often measured in terms of financial performance; customer/patient satisfaction; staff satisfaction; and efficient delivery of services.

Staff performance
Regular staff appraisals are a review tool to help staff focus on career development and performance improvement. This also affords the management better intelligence on performance issues at an early stage. Regular job description and competency reviews help refocus objectives as well as strengths and weaknesses.

System performance
Efficiency reviews force a review of processes and their effectiveness. One of the easiest ways of doing this is to talk to staff at the “coal face” who will be able to pinpoint problems and bottlenecks straight away as they deal with them day in day out. Independent audits can also be useful as it is easy to lose objectivity when you are immersed in a job and have got used to doing things a certain way.

Repeat every year

Now that you have completed the implementation, you should repeat the process every year, if not more regularly, to keep everything up to date. Even when you have done something thoroughly, you often find things you missed the first time or ways of doing things better when you revisit the topic.

In theory, the reviews should be a lot quicker because you have already done the hardest bit, which is implementing change.


Login with username OR email

Contact us

0845 680 9204

Contact us

Get CQC Updates

Stay informed on essential CQC requirements
You will receive updates on CQC changes and latest offerings on our CQC toolkits