CQC Documentation Requirements: What Regulation 17 Actually Demands

Ask most care managers what CQC looks for and they'll mention inspections, staff observations, and resident conversations. What often gets underestimated is documentation — and yet it sits at the very heart of CQC's legal framework. Regulation 17 of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, known as Good Governance, places specific and enforceable requirements on every registered provider about what records you must hold and how they must be maintained.

What Regulation 17 Actually Requires

CQC's guidance on Regulation 17 sets out that records relating to the care and treatment of every person using the service must be kept and must be "fit for purpose." The regulation specifies in precise terms what fit for purpose means. Records must be complete, legible, indelible, accurate and up to date, with no undue delays in adding and filing information. They must include an accurate record of all decisions taken in relation to care and treatment, including references to discussions with the person, their carers, and those lawfully acting on their behalf. This includes consent records — and critically, records of when consent changes, why it changed, and what alternatives were offered.

Records must be accessible to authorised people as necessary to deliver care that meets the person's needs and keeps them safe — both internally and to external organisations. They must be created, amended, stored and destroyed in line with current legislation, including the Data Protection Act 2018. Decisions made on behalf of a person who lacks capacity must be recorded with evidence that they were taken in line with the Mental Capacity Act 2005.

Records Beyond Individual Care

Regulation 17 also covers records relating to the management of the regulated activity. CQC's guidance describes these as covering anything relevant to the planning and delivery of care and treatment — including governance arrangements such as policies and procedures, service and maintenance records, audits and reviews, and action plans in response to risk and incidents. These are not optional extras; they form part of the legally required record-keeping framework. Records relating to people employed in the regulated activity must also be held, covering information relevant to their employment and meeting the requirements under Regulations 4 to 7 and Regulation 19.

The Governance Requirement: Audits Must Lead to Action

CQC's guidance under Regulation 17(2)(a) is explicit: providers must have systems and processes such as regular audits, and these must assess, monitor and improve the quality and safety of the service. Crucially, systems must enable you to identify where quality or safety is being compromised and to respond appropriately and without delay. The guidance further states that information should be up to date, accurate and properly analysed by people with the appropriate skills to understand its significance — and where required, results must be escalated and appropriate action taken.

An audit that sits in a folder with no documented follow-up does not satisfy this regulation. The documentation trail needs to show the audit, the findings, the action taken, by whom, and by when.

Seeking and Acting on Feedback

Regulation 17(2)(e) requires providers to actively seek and act on feedback from people using the service, those acting on their behalf, staff and other stakeholders. The guidance is clear that all feedback — whether informal or formal, verbal or written — should be listened to, recorded and responded to. Providers must be able to show how they have analysed feedback, acted on it, and communicated to people how their feedback has led to improvements. This means complaint records, compliment logs, satisfaction survey results, and evidence of what changed as a result all form part of your required documentation.

What "Contemporaneous" Means in Practice

The word used in the regulation is "contemporaneous" — meaning records must reflect care at the time it was given, not reconstructed hours or days later. This is one of the most common failures CQC identifies during assessments. A note written retrospectively, or copied forward from a previous entry without genuine current observation, does not meet this standard and may indicate to an inspector that care is not being monitored in real time.

Key Documents Your Service Must Be Able to Produce

• Personalised care plans based on assessed needs and preferences, reviewed regularly and following any significant change — required under Regulation 9 (Person-Centred Care)
• Risk assessments that are current and evidenced as acted upon — required under Regulation 12 (Safe Care and Treatment)
• Medication administration records that are accurate, complete and countersigned where corrections are made — required under Regulation 12
• Contemporaneous daily care records and observation notes — required under Regulation 17(2)(c)
• Incident and accident logs with evidence of investigation, learning, and prevention — required under Regulation 12
• Safeguarding records including referrals and outcomes — required under Regulation 13
• Staff training records, supervision logs, and appraisal records — required under Regulation 18
• Policies and procedures, version-controlled and showing date last reviewed — required under Regulation 17
• Audit records with completed action plans — required under Regulation 17(2)(a)
• Complaints records with evidence of response and improvement — required under Regulation 16 and 17(2)(e)
• Consent records and Mental Capacity Act documentation where relevant — required under Regulation 11

Disclaimer: Recordsafe provides AI-assisted guidance only and does not constitute professional regulatory or legal advice. All regulation references are to the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014. Always refer to cqc.org.uk for the current regulatory text and guidance.