Using Policies

Policies library not a tool

Don't spend too much time on perfecting hundreds of policies. it is more important to focus on whether staff understand and actually apply the priciples they have learnt.

How Important are Policies

10 Years of laws analysed for changes

Most policy "updates" are usually just tweaks in wording and grammar. We analysed 10 years of legislation to see how many substantive changes there have been since 2012

Policies 10 years of new laws


Legislation Years and Numbers Relevance
Botulinum Toxin and Cosmetic Fillers (Children) Act 2021 2021 c. 19 All Providers
Coronavirus Act 2020 2020 c. 7 All Providers
Mental Capacity (Amendment) Act 2019 2019 c. 18 All Providers
Organ Donation (Deemed Consent) Act 2019 2019 c. 7 Hospitals
Health and Social Care (National Data Guardian) Act 2018 2018 c. 31 All Providers
Mental Health Units (Use of Force) Act 2018 2018 c. 27 Hospitals
Assaults on Emergency Workers (Offences) Act 2018 2018 c. 23 Ambulance
Children and Social Work Act 2017 2017 c. 16 Adult Social Care
Immigration Act 2016 2016 c. 19 All Providers
NHS (Charitable Trusts Etc) Act 2016 2016 c. 10 Hospitals
Health Service Commissioner for England (Complaint Handling) Act 2015 2015 c. 29 All Providers
Health and Social Care (Safety and Quality) Act 2015 2015 c. 28 All Providers
Care Act 2014 2014 c. 23 All Providers
Immigration Act 2014 2014 c. 22 All Providers
Mental Health (Approval Functions) Act 2012 2012 c. 18 All Providers
CQC says they're not that interested

Is it about policies?

"Absolutely not. We are much less interested in policies and protocols than in knowing what care is like for your patients, whether staff know what to do about things like child protection, and so on. Good practices shouldn’t need to do anything they aren’t already doing."

Professor David Haslam, National Clinical Adviser to the Care Quality Commission
(Interview in Healthcare Leader News May 2012)

"We won’t normally spend a great deal of time reading policy or procedure documents, unless we need to look at them to substantiate other evidence or what staff or patients have told us about their experiences."

James Hedges, media officer at the CQC (statement to MDDUS May 2013)

This is where the CQC focus their inspections:-

  • Experiences people have when they receive care and the impact the care has on their health and well-being.
  • Talking to patients, their families and their carers.
  • Looking at records or speaking with staff and how they reach their judgements.

British Medical Association says don't bother with large numbers

Question: Is 'CQC' all about policies and protocols?

What the BMA says:

"We believe that most providers will already be compliant with the essential standards" and "CQC registration should not involve the development of large numbers of new policies and protocols."

Extracts from the BMA CQC Registration guidance for GPs.


Does the CQC have a checklist of Polices

No, nobody does.

  1. CQC does not have a list or even a recommended list
  2. Every supplier makes up their own list

What do Inspectors use?

  • The CQC does not have any central list of policies that they expect to see and does not issue any guidance to local inspectors on this.
  • So although EVERY Inspector asks to see your collection of policies and examine individual ones as they see fit, they have no central library to refer to or have any guidance on what to look for to determine what constitutes an acceptable policy.
  • Basically, every inspector makes up their own list and asks for whatever they think is necessary.

Why this matters:

The Policies are requested as evidence during the Inspection, but this varies from inspector to inspector, and effectively allows each inspector to make up their own rules on what is relevant to let you pass. This makes inspections inconsistent and creates uncertainty for Providers as to what they need to have to pass.

You don't need to customise Policies, CQC confirms

A common myth is that Providers must customise their policies

This is what the CQC says: ".....this does not mean providers must necessarily customise policies in order to comply with the regulations".
However, it does not help that Inspectors often contradict this by commenting that you should customise policies.

How people read this:
I should add my logo and name to show it is for my organisation
I should change the wording and add names of Officers so it looks customised for me

What it really means:
Customise it to your particular circumstances IF NECESSARY
Otherwise, it is ok to use the standard best practice policy template



Does the CQC have guidance on Policies to pass an inspection

When the CQC routinely asks for your list of policies, Providers are rightly intimidated into rushing to buy a massive library of policies, most of which they'll never use.

CQC again overemphasises Polices at Registration and before every Inspection
Most smaller providers are being persuaded to purchase from 300 to 600 policies under fear that any one of these may be demanded by a CQC Inspector. In the absence of a defined and definitive checklist, the time cost of maintaining such a number is estimated at in excess of £56.25 million for GPs and £187.5 million in Adult Social Care.

We asked the CQC: Do you have any guidance on essential Policies needed to pass CQC

Question: Please state if the CQC has a definitive guide as to the essential policies required for a provider to successfully pass an inspection.
Answer: CQC do not have a definitive guide as to the essential policies required

Supplementary Question: If such a guide is not available, please state whether the CQC inspectorate is prepared to enter into a mutually beneficial discussion of this initiative with our membership.
Answer: Not yet answered (since 2016)

How many policies do you need

This depends on the size of your organisation and the purpose of your policies.
This is what you should aim to have for a typical organisation with less that 50 staff:-

CQC Policies 20 to 30
 HR 5 to 10
 Health & Safety 5 to 10
 Admin 5 to 10

For larger organisations, the numbers might go up by say 20% due to the complexities of dealing with stricter and more centralised systems.

Minimise the number of policies

  1. Focus on key policies and get them right
  2. A common sense approach to safety will cover most unusual situations
  3. It is better to invest time in developing staff and instilling common sense
  4. Do not overwhelm staff with paperwork to cover every eventuality.
What suppliers won't tell you about costs

What is available

  1. Simple downloadable package: Typically £300 or less. Gives you over 500 policies, procedures, protocols, letters, forms and template documents
  2. Online systems with staff activity logs. Typically £1,000 - £2,000 per annum with over 1,000 pages of guidance

Typical operational costs

  • Time to read every policy: Between one and three solid months, that's why most don't bother.
  • Online systems are efficient for staff tracking, but also add in time to manage and then test knowledge
  • Time to brief all the staff and testing their knowledge typically costs around £15,000 for a small organisation

Saving time and money

  • Publishers would go out of business if they told you that you only need 50 policies and that hardly anything really changes each year.
  • You do not need a policy for every occasion, common sense application of a standard policy often does the job
  • If you are buying this as a useful reference library, be discerning in how you use the material


Common Pitfalls with Policies

How providers use policies

Policy centric systems are labour intensive, and a typical manager would never spend 3 months solid to review their package.
Most providers only read a small fraction of this collection.
Yourr investment is a simple backup library in case the inspector asks. In reality they seldom do.

Purchase cost Vs Real cost

Printable package in Word or PDF format can cost as little as £250, and online systems upwards of £1,500 per annum.
If you manage these systems as intended, the typical management time cost can be around £15,000 per annum.
In reality, hardly anyone bothers to read these thoroughly, and use this purely as a resource library.

General advice

A typical provider with less than 50 full time equivalent staff does not need more than 30-40 core policies.

Best Practice

3 Stages to complacency

The more complex and verbose your policies, the more difficult it is to maintain them

Let's face it, Policies are boring! Most Managers start with enthusiasm, which fades over time

  1. Enthusiasm stage - Motivated to create the "best policies"
  2. Complacency stage - Can't find the time to go through it all again
  3. Redundancy stage - So out of date, you'll have to start all over again

Avoid this by having minimal and minimalist policies that are easy to review and update


Simplify your policies

Most organisations have a comprehensive multi-page document to cover everything. This makes it complicated to understand especially for front line staff.


  • Policies are statements of intent i.e. "What we are aiming for"
  • They do not say HOW we will do this
  • Policies generally do not require customisation

Procedures and protocols

  • These define how we will implement the policies, i.e. the rules and methodology for people to follow
  • These may be more detailed and will vary with every organisation as each works slightly differently to others

Customisation affects management side more than staff side. e.g. staff usually pass over complaints to managers, job done, whereas Managers will have to define who will handle the investigation and who will have the final say

How to simplify policies

  1. Don't complicate it for staff.
  2. The only person who really needs to know the detailed process or protocol is the line manager.
  3. For staff, differentiate between MUST know Vs USEFUL to know
Make your policies more efficient

Separate and differentiate the functions:-

Separate policies for CQC compliance Vs admin and HR  
CQC don't need to see your holidays policy 
Simplifying staff policies saves their time and makes it easier to understand and retain knowledge 
Differentiate Staff-side polices Vs Management-side policies 
Make it easier to explain and understand what we are aiming for Vs how to do things 

Restructure your policies:-

  1. Common practice is to insert the name of a responsible person in each policy. DON'T DO THIS.
  2. Enter just the job title of the person e.g. "Fire Marshall"
  3. Then, create a Responsible Persons chart and pin it on every notice board

Now you don't have to edit your policies AND you have a central chart always accessible to staff.


  1. Review the policies
  2. Customise them ONLY where appropriate
  3. Ensure staff actually absorb and understand
  4. Test staff knowledge regularly
  5. Keep a record of staff training/reading of policies
What NOT to do

Here are some 3 simple tips to keep things under control

  1. 300 policies are great as a reference library but don't treat them all as frontline policies
  2. Unnecessary policies waste time. The hundreds of cheap policies you got would take a solid 3 months to review
  3. The more policies you have, the more stressful the job becomes, minimise to essential policies only

It is not uncommon for Providers to share their policies.

Exercise care that you are not dealing with copyrighted material.
An infringement may put your professional standing at risk, threaten a criminal record, and may even risk your registration.

  • You cannot copy and distribute without permission
  • You cannot sell it to others
  • You cannot claim it is your own work, only your edits belong to you
  • Deliberate infringement of copyright may be a criminal offence.

Best Practice

  • Always ask where they got these from, and if it is subject to copyright.
  • Get your policies from a legitimate source
  • Remember that copyrighted material always belongs to the author, even when you paid for it.
Getting Started with Policies

Everyone starts with policies as this is the easiest to understand.
Yes, you do need policies but this is only the first step in your compliance. The major part is continuous compliance and evidence.

How to make policies work in CQC

  1. Prioritise important policies, review these more often
  2. Only customise them where appropriate
  3. Get staff to read and understand key policies
  4. Test staff knowledge, better done through discussions
  5. Keep a record of staff training/reading of policies
  6. Keep these up to date, and keep staff informed
How often should I update policies

Most policies will not change from year to year, and this is why:-

  • Regulations hardly change
  • There is minimal new legislation every year
  • Best practice hardly changes on most issues
  • A policy is a statement of intent, this hardly changes


It is important to review your policies on a regular basis
Focus on important and relevant topics and avoid wholesale reviews just for show.
As an example, the ban on smoking came into force on 1st July 2007, and there has been no change to the "policy" of not allowing people to smoke in your building. The number of new regulatory changes actually average less than 2 per year.