Skip to main content

IICSA published its final Report in October 2022. This website was last updated in January 2023.

IICSA Independent Inquiry into Child Sexual Abuse

The Report of the Independent Inquiry into Child Sexual Abuse

Final report

E.4: Safeguarding and child protection policies

69. Statutory guidance in England and in Wales makes clear that everyone who works with children has a responsibility for keeping them safe.[1] To achieve this, all organisations which work with children or whose members may come into contact with children should adhere to basic child protection standards and have suitable safeguarding policies and procedures in place. This will assist in protecting children from individuals in these settings who may seek to establish relationships of trust and authority with children in order to create opportunities for abuse.

70. Those who work with children, whether in the statutory, voluntary or private sectors, are in a position to identify signs of abuse or to receive disclosures or allegations of abuse from children. Policies and procedures should therefore set out the response to concerns about a child or allegations of abuse, including clear information about reporting and recording in order that allegations can be passed on to the police or children’s social services for investigation.

71. While there is a requirement for institutions in certain sectors to set policies, others are under no legal obligation to do so, despite children visiting their facilities, attending their events or otherwise being involved in the organisation. For example, a child might go to school during the day, play football with a club in the afternoon, attend a prayer group in the evening and then spend time at night on a social media platform. Of the four settings or organisations providing these activities, only the school has a legal obligation to have child protection and safeguarding policies and procedures in place.

72. A number of the Inquiry’s investigation reports considered the safeguarding frameworks of particular institutions and sectors and made recommendations for specific improvements.[2] The overarching principle, however, is that policies and procedures should be designed to optimise children’s safety and well-being, to recognise signs of abuse, to identify concerns such as inappropriate conduct of adults towards children, to respond to disclosures and to take appropriate action. They should enable adults who come into contact with children to understand their role and responsibilities. While policies or procedures cannot themselves prevent abuse, they play an important role in reducing the risk of it occurring.

Statutory obligations

73. The Inquiry encountered instances of institutions whose policies were incomplete or out of date. Some schools had policies which were not updated to reflect the latest guidance, or which did not include procedures for handling allegations of child sexual abuse by members of staff.[3] In custodial institutions for children, child protection policies were out of date and lacked clarity regarding procedures for reporting and responding to allegations against staff.[4] In some children’s homes there was a lack of policies, procedures and training for staff.[5]

74. The Children Act 2004 places named statutory bodies in England and in Wales under a duty to ensure that their functions are discharged “having regard to the need to safeguard and promote the welfare of children”.[6] These statutory bodies include local authorities, NHS organisations, the police, prisons and young offender institutions, the probation service and youth offending teams. They must follow statutory guidance, published by the Department for Education (Working Together to Safeguard Children in England and Working Together to Safeguard People in Wales).

75. Under the Education Act 2002, schools and educational establishments have a similar duty to “safeguard and promote the welfare of children”.[7] They must comply with the relevant statutory guidance, including Working Together guidance as well as Keeping Children Safe in Education (KCSIE) in England and Keeping Learners Safe in Wales.

76. Working Together to Safeguard Children and Working Together to Safeguard People place a legal obligation on statutory agencies and organisations in England and in Wales to have appropriate child safeguarding policies in place.[8] This includes procedures for responding to allegations against people who work with children. The legal requirement also applies to private or voluntary organisations if they are providing services on behalf of statutory agencies.

Other organisations and settings

77. Many organisations in the private or voluntary sectors provide a wide range of activities for children – including sports, dance and drama, orchestras and musical tuition, religious teaching, and groups such as Scouts. A number of victims and survivors have detailed appalling sexual abuse at the hands of coaches and tutors providing such activities.

78. Working Together to Safeguard Children states that, in England, voluntary, charity, social enterprise, faith-based organisations and private sector organisations that work with or around children “should” have policies in place to safeguard and protect children from harm.[9] In Wales, The Wales Safeguarding Procedures are intended to guide safeguarding practice for all those employed in the statutory, third (voluntary) and private sector in health, social care, education, the police, justice and other services.[10] However, voluntary or private organisations in England and in Wales are not legally required to follow this statutory guidance, unless they are providing services on behalf of a statutory agency.

79. Many voluntary sector and faith-based organisations in England and in Wales are also charities. Under the Charities Act 2011, trustees must take reasonable steps to protect people who come into contact with the charity from harm.[11] The Charity Commission has published guidance called Safeguarding and Protecting People for Charities and Trustees.[12] This guidance is seen as a “starting point”, rather than a legal obligation, although the expectation of the Charity Commission is that charities will follow it.[13] Charities are not required to report safeguarding incidents to the Charity Commission unless they amount to a serious incident which results in significant harm to people who come into contact with the charity through its work, or to the charity’s reputation.[14] Allegations of child sexual abuse are considered to fall within the definition of a serious incident, which requires the matter to be reported to the Charity Commission.[15] Those that are registered with Ofsted would also be required to make a report to Ofsted.

80. Organisations which have high levels of confidence in the moral calibre of their members or leaders may find it difficult to contemplate that they may pose a risk to children. This was particularly the case with religious groups.[16] The Inquiry’s Child Protection in Religious Organisations and Settings Investigation Report found numerous examples of smaller religious organisations that had no safeguarding or child protection policies in place.[17]

81. A number of recommendations have been made by the Inquiry to improve preventive measures in religious settings.[18] This included, in May 2019, that the Anglican Church should disclose internal reviews or enquiries about individual safeguarding incidents to the national review body and the Church in Wales should adopt updated procedural guidance in relation to record-keeping.[19] In November 2020, the Inquiry recommended that the Roman Catholic Church should publish its framework for dealing with cases of non-compliance with safeguarding policies and procedures.[20] Both the Anglican and the Roman Catholic churches, as well as the Muslim Council of Great Britain, have introduced guidance, policies and procedures in response to these recommendations. It remains to be seen whether these are implemented in a manner which better protects children.

82. Similarly, in the Inquiry’s investigation into allegations of child sexual abuse linked to Westminster, institutional responses to allegations of child sexual abuse involving the late Lord Janner of Braunstone QC, and also Cambridge House, Knowl View and Rochdale, members of political parties were alleged or known to have gained access to vulnerable children in care through their role in local or national politics. Current practice should now prevent this. Although lacking in the past, most political parties now have specific safeguarding policies in place. However, the Inquiry heard evidence in March 2019 that there remained significant gaps, including political parties that had no such policies, and considerable variation in approach among the policies and procedures currently in place, with some having important deficiencies.[21]

Content of policies and procedures

83. It is critical that safeguarding and child protection policies should be clear and easy to follow and implement. They should set out how the organisation will:

  • protect children from harm;
  • ensure child protection concerns can be raised; and
  • respond appropriately to allegations or incidents, including reporting to the relevant authorities.

They should also be subject to regular review to monitor their implementation and effectiveness at least every two years, although some settings, such as schools and the secure estate, are legally obliged to review their safeguarding policies annually.[22]

84. Some institutions lacked a clear understanding of the purpose and content of child protection and safeguarding policies and procedures. Even those institutions which are legally required to have such policies have admitted to having “blind spots” and inadequacies in relation to the scope of those policies.[23] The Church of England, for example, acknowledged that some of its policies were inadequate and has since taken steps to improve them.[24] Other religious organisations had policies and procedures that were rudimentary or incomplete, referred to obsolete statutory guidance or were heavily rooted in religious and theological texts and lacked practical information.[25] Some paid ‘lip service’ to safeguarding by introducing policies and procedures without checking that these were effective, fully understood and followed.[26] On occasion, the Inquiry encountered policies which appeared to be designed primarily to protect staff from false allegations rather than to protect children from harm and to respond appropriately to concerns.[27]

85. Working Together to Safeguard Children currently lacks sufficient detail regarding the content of safeguarding and child protection policies and procedures. While the guidance applies to a diverse range of institutions and needs to allow flexibility for those institutions to tailor their safeguarding arrangements to their own requirements, clearer guidance on the appropriate content of policy and procedures is needed.

86. There are, however, a number of sources of useful information. The UK government has recently published additional guidance on safeguarding to assist organisations in the voluntary sector, in furtherance of its Tackling Child Sexual Abuse Strategy.[28] Government agencies have also partnered with voluntary bodies to provide this advice. For example, the work of the NSPCC Child Protection in Sport Unit – a partnership between the NSPCC, Sport England, Sport Northern Ireland and Sports Wales – seeks to promote safety for children in sport.[29] Guidance on safeguarding children in the third sector is available from the NSPCC, as well as from many other training, advisory and consultancy organisations.[30] The policies of other institutions may also provide a starting point for a new policy. For example, the Scouts Association has designed a ‘Young people first’ yellow card, designed to fold up and be carried in a pocket or bag for ease of reference.[31] This sets out, briefly and clearly, the code of behaviour for all adults in the Scouts to follow, including what to do if there are concerns that a young person is at risk of harm.[32]

87. Variation between organisations is inevitable, given that the types of settings and institutions working with children vary widely. It would not be realistic or helpful to propose one single set of safeguarding and child protection policies for all institutions to apply, but this is a matter on which the Child Protection Authorities recommended by the Inquiry could assist institutions further in due course.


88. Organisations may have appropriate policies and procedures in place but struggle to implement them in their everyday practice. Regular refresher training is key to effective implementation of safeguarding and child protection policies. It helps to ensure that everyone within the institution is familiar with policies and procedures and knows how to respond to and report allegations or concerns about a child.

89. However, some witnesses were frank about the gap between policy-setting and implementation within their organisation.[33] For example, the leader of one religious community commented that “honestly, hand on heart, it is probably put in an office file and kept in the office there to refer to”.[34]

90. As noted in the Inquiry’s research regarding child sexual abuse in contemporary institutional contexts, staff often did not consistently apply safeguarding policies and had narrow understandings of safeguarding responsibilities.[35] On occasion, allegations were not appropriately reported due to a lack of knowledge or understanding of individuals’ responsibilities under existing procedures.[36] There were also failures to implement procedures when disclosures of sexual abuse were made by children.[37]

91. The Inquiry’s investigations identified a number of failures by organisations and individuals within them to adhere to policies and procedures. Examples included failures to:

  • follow vetting procedures in relation to staff members;[38]
  • make relevant policies or procedures known to staff;[39]
  • recognise clear signs of abuse or inappropriate staff conduct; and[40]
  • investigate allegations of sexual abuse by staff or report them appropriately.[41]

92. The safeguarding policies and procedures of institutions providing statutory services (such as schools, children’s homes and young offender institutions) are inspected and evaluated by the relevant regulators or inspectorates to assess compliance with current regulations and guidance. Whether or not an organisation is in the statutory sector and subject to mandatory inspection, auditing or reviewing safeguarding policies and procedures to ensure that they are effective, well understood and properly implemented is the responsibility of the organisation itself. The Inquiry saw examples of institutions which undertook no internal review and relied solely on external inspections for quality assurance of their safeguarding arrangements, as well as institutions which conducted internal reviews of safeguarding but permitted no external scrutiny or independent review.[42]

93. Policies and codes of conduct will not be effective unless they can be translated into changed behaviour and compliance monitored. Leaders retain overall responsibility for safeguarding and child protection within their institutions and must ensure that they have sufficient knowledge and awareness to exercise effective oversight. It is not acceptable, as the Inquiry saw in one school, to say that safeguarding and child protection was not within the headteacher’s remit but primarily the responsibility of a designated staff member.[43] All staff and volunteers must recognise the importance of safeguarding, know and follow policies and procedures, and understand their role within those procedures. It is important that leaders at all levels understand the context in which policies will be implemented, and have the competence and determination to convey the organisation’s ethics and values to staff, so that safeguarding is seen as part of the culture of the institution.[44]

94. In the Inquiry’s hearings about effective leadership in child protection, leaders were asked how they ensure that policies and guidance are being implemented and understood by those delivering child protection on the front line. Witnesses spoke about the “implementation gap”, explaining that legislation and guidance can just “clutter the landscape” for workforces and complicate things. Ensuring that attention is paid to the conditions and support that workforces require to enable legislation and guidance to be put into effective practice was considered to be of equal importance to training the workforce.[45] Both are essential for effective implementation of safeguarding arrangements.


Back to top