A door code that hasn’t been changed in three years. The code is written on a Post-it note in the staff room. Three former employees still know it. And the last CQC inspection flagged it under ‘safe’, not because it was acceptable, but because nobody quite knew which framework to put it under.
This is the quiet dysfunction at the heart of access control in UK adult social care. It is simultaneously a security issue, a safeguarding issue, a data governance issue, and a care quality issue, and because it sits at the intersection of all four, it tends to fall through the cracks of all of them.
The Myth: Access Control Is an Estates Decision
The dominant assumption in many care organisations is that keypad entry systems and access control belong to the facilities manager’s to-do list. You install a door entry system when you build or refurbish. You set a code. You move on. The technology is treated as infrastructure, like the boiler or the fire alarm, rather than as an active component of care delivery and risk management.
This framing is wrong, and it has consequences.
Access control in a care home is not passive infrastructure. It determines who can enter a dementia unit at 2am. It governs whether a vulnerable resident can leave unsupervised. It creates an audit trail, or fails to, when a safeguarding incident is investigated. It shapes the daily experience of staff, residents, and families in ways that a boiler simply does not.
When access control is treated as an estates decision, it gets procured on cost, installed once, and forgotten. When it is treated as a care quality decision, it gets reviewed, updated, integrated with other systems, and held to account.
What Modern Access Control Actually Offers
The gap between what most care homes have and what is now available is significant. Contemporary access control and keypad entry systems are not simply electronic locks. The better platforms offer individual staff credentials – fobs, cards, or biometrics – rather than shared codes, meaning every entry and exit is attributable to a named person. They integrate with electronic care records and nurse call systems, creating a unified picture of movement and response across a building. They generate audit logs that are genuinely useful in a safeguarding investigation, not just a list of timestamps.
Some systems now offer time-restricted access profiles, so agency staff can only access certain areas during their contracted hours, and access is automatically revoked when a contract ends. Others integrate with visitor management platforms, replacing the paper sign-in book with a digital record that captures ID, purpose of visit, and duration.
None of this is frontier technology. Most of it has been standard in NHS settings and corporate environments for years. The question is why it remains the exception rather than the norm in care homes.
The Safeguarding Blind Spot
Consider what happens when a safeguarding allegation is made against a member of staff. One of the first questions any investigating body will ask is: who was in the building, and when? In a care home with a shared door code and a paper visitor book, the honest answer is often: we don’t really know.
This is not a hypothetical risk. The Independent Inquiry into Child Sexual Abuse, the Winterbourne View review, and numerous subsequent serious case reviews in adult social care have all highlighted failures of access governance as contributing factors in abuse going undetected. The ability to reconstruct who was where, and when, is not a bureaucratic nicety, it is a fundamental safeguarding tool.
Yet the Care Quality Commission’s inspection framework, for all its emphasis on ‘safe’ environments, does not currently mandate digital access audit trails. Providers are left to determine their own standards, and many default to the minimum: a code on a keypad, changed occasionally, known by too many people.
The Integration Opportunity
The strongest argument for upgrading access control is not security in isolation, it is integration. A modern access control system that talks to your electronic care records, your nurse call platform, and your visitor management system creates something genuinely valuable: a real-time, auditable picture of your building’s activity.
For a registered manager preparing for a CQC inspection, that audit trail is evidence. For a safeguarding lead investigating an incident, it is essential. For a provider group managing multiple sites, it is the foundation of meaningful oversight.
The technology to achieve this is not expensive relative to the risks it mitigates. A mid-sized care home can implement a credentialed access control system with full audit logging for a fraction of the cost of a single safeguarding investigation, let alone the reputational and regulatory consequences of a serious incident.
A Question of Ownership
The real barrier is not cost or technology, it is ownership. Until care providers explicitly assign responsibility for access control governance to a named senior leader, with clear standards, regular review cycles, and integration into the wider quality framework, it will continue to be treated as an afterthought.
The door code on the Post-it note is not an estates failure. It is a governance failure. And in a sector where the consequences of that failure can be measured in harm to some of the most vulnerable people in the country, it deserves to be treated accordingly.
