Visitor sign-in and safeguarding: what schools need to record

At a minimum, schools should record who each visitor is, who they are there to see, why they are visiting, and when they arrive and leave. That record needs to be accurate, available in an emergency, and stored in a way that respects the personal data it contains.

The reason this matters comes from three directions at once: safeguarding, fire and evacuation safety, and data protection. A good sign-in process serves all three. A scruffy paper book on the front desk tends to serve none of them well.

Safeguarding. Keeping Children Safe in Education expects schools to manage who has access to children. Knowing who is on site, and making sure visitors are identified and appropriately supervised, is part of that duty.

Fire and evacuation. If you have to evacuate, you need an accurate, instantly available list of everyone in the building, including visitors and contractors. A record that is locked in reception or illegible is no use at the assembly point.

Data protection. A visitor log is personal data. Under UK GDPR you should collect only what you need, keep it secure, and not retain it longer than necessary. How you capture and store it matters.

• ✓Visitor name and the organisation they represent.
• ✓Who they are visiting and the purpose of the visit.
• ✓Time of arrival and time of departure.
• ✓A visitor badge issued and returned, so visitors are identifiable on site.
• ✓Whether identity was checked, for contractors or anyone unfamiliar.
• ✓Car registration, where relevant to your site and parking.

Collect what serves a clear purpose and no more. There is rarely a good reason to capture extra personal details about a visitor that you will never use.

The traditional book has a quiet data protection flaw: every visitor who signs in can see the names, organisations and contact details of everyone who signed in before them. That is an unnecessary disclosure of other people’s personal data, and it is one of the most common avoidable issues in school reception areas.

Paper books cause practical problems too. Handwriting is often illegible, people forget to sign out so your “who is on site” list is wrong, and in a real evacuation the book may be the one thing nobody grabs. A digital sign-in keeps each visitor’s details private, captures accurate arrival and departure times, and gives you a live, exportable roll call.

Not every visitor needs an enhanced background check, but schools are expected to think about access. A visitor who has not been appropriately checked should not have unsupervised contact with children. For contractors and unfamiliar visitors, checking photo identity on arrival is good practice.

It also helps to give visitors the essentials on arrival: who the designated safeguarding lead is, what to do if they have a concern, and the basic expectations for conduct while on site. A clear sign-in process is a natural moment to share this, and to record that it was shared.

• ✓Move away from an open paper book so visitors cannot see each other's details.
• ✓Capture accurate arrival and departure times, and make signing out easy so your on-site list stays correct.
• ✓Make sure you can produce a live list of everyone on site for an evacuation, in seconds.
• ✓Check photo identity for contractors and unfamiliar visitors, and issue clearly visible badges.
• ✓Share safeguarding basics at sign-in, and set a clear retention period for visitor data.