Facing a Compliance Assessment: What Regulators Are Really Looking For

Facing a Compliance Assessment: What Regulators Are Really Looking For

Many organisations are familiar with the basic mechanics of a child safety compliance assessment. They understand that regulators may review policies, examine safeguarding systems, assess workforce practices, and consider how child safety is managed across the organisation. However, understanding the process is only one aspect of what a compliance assessment involves.

A question we are often asked by organisations preparing for regulatory scrutiny is: What are regulators actually looking for when they assess compliance? While policies, procedures, and training records remain important, compliance assessments have increasingly moved beyond documentation alone.

In Victoria, compliance with the Child Safe Standards is assessed against a principles-based framework. This means regulators are not simply looking for evidence that an organisation has the right paperwork. They are seeking assurance that child safety is embedded in governance, culture, decision-making, and everyday practice. The Social Services Regulator (SSR) now regulates the Child Safe Standards and the Reportable Conduct Scheme. This was previously regulated by the Commission for Children and Young People (CCYP).

Understanding this distinction can help organisations better prepare for a compliance assessment and demonstrate a genuine commitment to safeguarding and protecting children and young people.

A Shift Beyond Policies and Procedures

Historically, organisations often viewed compliance as a matter of having the right documents in place. Today, regulators are increasingly focused on implementation.

An organisation may have a comprehensive Child Safety and Wellbeing Policy, a detailed Code of Conduct, and a range of safeguarding procedures. However, if staff do not understand those documents, if leaders do not actively monitor child safety risks, or if complaints are not managed effectively, regulators may conclude that child safety has not been adequately embedded in practice.

Compliance has moved beyond what is written in documents and policies, with greater focus being placed on how safeguarding has been implemented and how it operates within the organisation in practice.

What Regulators Are Really Looking For

While every compliance assessment is different, several themes consistently emerge across regulatory guidance and safeguarding reviews.

Leadership and Governance

Child safety starts at the top. Regulators want to see evidence that boards, executives, and senior leaders understand their safeguarding obligations and actively oversee child safety within the organisation. This may include:

• Regularly reporting to boards and leadership teams;
• Oversight of safeguarding risks and incidents;
• Clear accountability for child safety responsibilities; and
• Evidence that child safety is considered during strategic decision-making.

A common misconception is that safeguarding is solely an operational responsibility. Regulators increasingly expect child safety to be treated as a governance issue.

A Genuine Child Safe Culture

A strong child safe culture is often evident in the way staff respond to concerns, engage with children, and discuss safeguarding responsibilities. One of the most challenging aspects of a compliance assessment is demonstrating organisational culture.

Unlike policies or training records, culture cannot be measured through a single document. Instead, regulators look for indicators that child safety is understood, prioritised, and discussed throughout the organisation. This may involve considering whether:

• Staff understand their safeguarding responsibilities;
• Leaders actively promote child safety;
• Concerns can be raised without fear of repercussions;
• Children and young people feel heard and respected; and
• Safeguarding is integrated into everyday practice.

Effective Risk Management

Safeguarding risks should be regularly reviewed and updated as circumstances change. Regulators expect organisations to understand where risks to children may arise and what steps have been taken to mitigate those risks. This goes beyond maintaining a generic risk register.

Organisations should be able to demonstrate that they have considered risks associated with:

• Physical environments;
• Online environments;
• Service delivery models;
• Workforce practices;
• Third-party providers; and
• Activities involving children and young people.

Complaint Handling and Incident Management

How an organisation responds when concerns arise can provide valuable insight into its safeguarding maturity. Its response to incidents is often viewed as a reflection of its overall commitment to child safety.

Regulators often examine whether organisations have effective systems for:

• Receiving complaints and concerns;
• Responding appropriately to disclosures;
• Escalating incidents where required;
• Managing reportable conduct matters; and
• Identifying opportunities for organisational learning.

Continuous Improvement

The Child Safe Standards are designed to promote ongoing improvement rather than static compliance. As a result, regulators frequently look for evidence that organisations are learning from experience and making meaningful changes over time. This may include:

• Reviewing policies and procedures;
• Updating and regularly conducting staff training programs;
• Analysing complaints and incident data;
• Conducting safeguarding audits; and
• Implementing recommendations arising from investigations or reviews.

Organisations that can demonstrate a commitment to continuous improvement are often better positioned during regulatory assessments.

The Evidence Regulators Often Request

While compliance assessments are not solely document-driven, evidence remains important. Depending on the nature of the assessment, regulators may request:

• Child safety policies and procedures;
• Codes of conduct;
• Risk registers;
• Board and committee minutes;
• Safeguarding reports;
• Training records;
• Recruitment and screening records;
• Complaints and incident registers;
• Investigation reports; and
• Evidence of policy reviews and continuous improvement activities.

The key is not simply having these documents available but being able to explain how they operate in practice.

Common Gaps Identified During Compliance Assessments

Many organisations are surprised to discover that their greatest risks are not related to missing policies. These gaps often arise where organisations focus on documentation but have not adequately embedded safeguarding into everyday operations.

More commonly, regulators identify issues such as:

• Policies that have not been reviewed for several years;
• Staff who are unaware of safeguarding requirements;
• Limited oversight by boards or leadership teams;
• Inconsistent handling of complaints and concerns;
• Poor record-keeping; and
• A lack of evidence demonstrating continuous improvement.

How Organisations Can Prepare

The most effective preparation begins well before a compliance assessment is announced.

Organisations should regularly evaluate whether their safeguarding framework is operating as intended and whether it reflects current legal and regulatory expectations. By taking a proactive approach, organisations can identify and address potential issues before they become regulatory concerns.

Practical steps may include:

• Conducting a Child Safe Standards gap analysis;
• Reviewing governance and reporting arrangements;
• Assessing safeguarding risks;
• Auditing complaints and incident management processes;
• Reviewing staff training and awareness;
• Testing safeguarding systems through practical scenarios; and
• Seeking independent advice where appropriate.

Compliance Is About More Than Passing an Assessment

A compliance assessment should not be viewed as a one-off regulatory exercise.

The Child Safe Standards framework is designed to help organisations create safer environments for children and young people. The organisations that perform best during assessments are often those that treat safeguarding as an ongoing commitment rather than a periodic compliance obligation.

When child safety is embedded into governance, culture, and practice, compliance becomes a natural outcome rather than a last-minute objective.

How Can Safe Space Legal Help?

The team at Safe Space Legal has extensive experience supporting organisations to strengthen their safeguarding frameworks and meet their legal obligations. We work with organisations across Victoria and Australia to help build a culture of safety and accountability and can assist organisations to prepare for regulatory scrutiny. We assess compliance with the Child Safe Standards, identify areas of risk, and implement practical safeguarding solutions.

Safe Space Legal provides the following services to ensure organisations meet their legal obligations:

• Drafting legally sound policies, procedures, and codes of conduct;
• Providing policy audits and developing safeguarding policies, procedures, and complaint handing processes;
• Providing root cause analysis to identify gaps in policy and/or practice which put organisations at risk of non-compliance with their sector-specific obligations;
• Conducting safeguarding investigations which are compliant with relevant state and territory legislation and regulations;
• Delivering tailored safeguarding training to ensure organisations are aware of their sector-specific requirements and obligations;
• Ensuring that complaints handling and reporting processes are compliant with legal obligations;
• Provide sound legal advice on risk mitigation.

Contact office@safespacelegal.com.au or call (03) 9124 7321 to organise a complementary discussion in relation to your organisation’s child safety and safeguarding needs.