AUDIT-006 — VERSION 1.0  |  INSTITUTIONAL MATURITY MODEL™

 SAFECHAIN™  |  DIAGNOSTIC ASSESSMENT SERIES  |  AUDIT™

AUDIT-006 — VERSION 1.0  |  INSTITUTIONAL MATURITY MODEL™

 

SAFECHAIN™ INSTITUTIONAL

MATURITY MODEL™

A Five-Level Framework for Assessing and Developing Safeguarding Governance Maturity

 

 

 

Document Reference: AUDIT-006

Series: SAFECHAIN™ Diagnostic Assessment Series (AUDIT™)

Series Position: Maturity Model — Complements AUDIT-001 through AUDIT-005

Author: Samantha Avril-Andreassen FRSA

Status: Published — First Edition

Version: 1.0

Date: June 2026

Related Documents: AUDIT-001–005; CERT-001; WHITE-003 (Governance Standards™); DEPLOY-003; NOM-001

Publisher: SAFECHAINN Ltd (Company No. 12038453)

Contact: samantha@safe-chain.org  |  safe-chain.org

 

 

 


 

What This Model Is

The SAFECHAIN™ Institutional Maturity Model™ (IMM™) is the five-level framework through which organisations assess where they currently stand in their safeguarding governance development journey, understand what progress to the next level requires, and plan the development trajectory that Foundation, Advanced, and Excellence Certification represents. It is simultaneously a diagnostic tool, a development planning framework, and a positioning instrument — giving organisations a precise language for describing their governance maturity that is consistent, nationally recognised, and independently assessable.

The IMM™ complements the AUDIT-001 through AUDIT-005 diagnostic tools — which assess specific dimensions of governance quality — by providing the overarching maturity framework within which those dimensional assessments are located. An organisation that scores Level 4 on the AUDIT-001 Governance Health Assessment may score Level 2 on the AUDIT-002 Institutional Decay Audit if specific decay indicators are present. The IMM™ provides the synthesising framework that translates multiple dimensional assessments into a single maturity level that accurately represents the organisation's overall governance condition.

The model draws on the established maturity modelling tradition in organisational governance — the Capability Maturity Model Integration (CMMI) in software development, the P3M3 model in project management, the NHS Quality and Outcomes Framework maturity spectrum — while being specifically designed for the safeguarding governance context and grounded in the documented evidence of what safeguarding governance looks like at each maturity level in UK institutions.

 

1. The Maturity Model Architecture

1.1 Five Levels, Four Dimensions

The IMM™ assesses governance maturity across four dimensions — drawn from the SAFECHAIN™ Governance Standards™ (WHITE-003) and the shared methodology of the AUDIT Series™ — at five maturity levels. The four dimensions are: Intelligence Quality (the quality of the vulnerability intelligence the organisation generates and uses); Accountability Architecture (the traceability and continuity of the organisation's safeguarding accountability); Participation Integrity™ (the genuineness of the participation of vulnerable individuals in the safeguarding processes that concern them); and Governance Culture (the orientation of the organisation's leadership and professional culture toward outcomes rather than compliance). Each dimension is assessed at each level using the same progression criteria, and the overall maturity level is the mode of the four dimensional assessments — the level at which the majority of dimensions sit.

1.2 The Progression Logic

The IMM™ is a staged model — each level builds on the preceding one, and the characteristics of each level are cumulative. An organisation at Level 3 (Integrated) demonstrates all Level 1 (Reactive) and Level 2 (Developing) characteristics, plus the specific Level 3 characteristics that define integration. This cumulative logic means that regression — the loss of previously achieved maturity characteristics — is as significant a governance event as failure to progress. The AUDIT-002 Institutional Decay Audit is specifically designed to detect regression before it becomes a maturity level drop.

 

2. Level 1 — Reactive

An organisation at Level 1 responds to safeguarding failures after they occur. It does not have the governance infrastructure to prevent them or the intelligence architecture to identify them before they reach crisis. Its safeguarding practice is characterised by individual practitioner effort rather than systemic governance design.

Intelligence Quality at Level 1

Safeguarding intelligence at Level 1 is episodic — generated in response to specific incidents rather than maintained continuously. Records describe observable behaviour at specific encounters rather than longitudinal vulnerability profiles. There is no quality standard against which intelligence is assessed — it is used as generated, regardless of the methodology, training level, or contextual richness with which it was produced. Different practitioners in the same organisation assess the same type of case using different approaches, producing intelligence that is inconsistent and incomparable across the organisation's caseload. The intelligence held by other institutions about the same individuals is invisible and inaccessible.

Accountability Architecture at Level 1

Accountability at Level 1 is retrospective and attributional — it is exercised through serious case reviews, regulatory enforcement, and complaints processes that investigate failures after they have produced harm. The accountability mechanisms that exist are process accountability — checking whether procedures were followed — rather than outcome accountability — assessing whether outcomes were protective. Omissions — the decisions not made, the referrals not completed, the intelligence not acted on — are not systematically identified. The same failures recur across cases without systemic learning, because the accountability architecture does not detect patterns rather than individual events.

Participation Integrity™ at Level 1

Participation at Level 1 is procedural — the individual is informed of decisions rather than engaged in them. Assessment processes are designed for institutional convenience rather than individual participation. Practitioners assess vulnerability from observation rather than from supported disclosure. Individual rights — to access records, to challenge assessments, to exercise consent — are nominally available but practically inaccessible. Practitioners do not have training in trauma-informed participation assessment and routinely interpret trauma responses as credibility indicators, disengagement indicators, or risk reduction indicators without understanding the neurobiological basis of what they are observing.

Governance Culture at Level 1

The governance culture at Level 1 is compliance-oriented — the organisation's leadership treats safeguarding as a regulatory obligation to be managed rather than a governance imperative to be delivered. The primary measure of success is the absence of enforcement action rather than the quality of protective outcomes. Practitioners who raise governance quality concerns are managed rather than heard. Serious case review findings are acknowledged rather than implemented. And the gap between stated governance values and actual governance practice is wide, normalised, and protected from scrutiny.

What Level 1 Looks Like in Practice

A Level 1 organisation is the organisation that appears repeatedly in serious case reviews — not because its practitioners are malicious or its leaders are incompetent, but because its governance architecture is designed for compliance rather than protection. Its practitioners know what the procedures say and often depart from them under operational pressure without this being identified. Its accountability mechanisms detect catastrophic failures and miss the pattern of incremental governance compromise that produced them. And its governance culture treats the serious case review as an externally imposed accountability event rather than as a governance learning opportunity that the culture should have made unnecessary.

 

3. Level 2 — Developing

An organisation at Level 2 has recognised the gap between its current governance and the governance its safeguarding obligations require, and has begun the development journey. It has made genuine governance commitments — not aspirational statements — and has started to build the infrastructure that the SAFECHAIN™ Institutional Framework™ requires. But it has not yet achieved the consistency, the integration, or the cultural transformation that would make those commitments reliably operational.

Intelligence Quality at Level 2

Intelligence at Level 2 is more structured than at Level 1 — the organisation has adopted an assessment framework (typically DASH, or a Care Act assessment tool, or a Consumer Duty vulnerability screening process) and is applying it with reasonable consistency. But the framework is sector-specific, and the intelligence it generates is not connected to the intelligence held by other sectors. There is no cross-institutional longitudinal record. Quality is assessed informally — experienced practitioners and supervisors make judgements about assessment quality — but there is no systematic quality standard applied consistently across the organisation's caseload. The CIF™ is being considered or is in early implementation.

Accountability Architecture at Level 2

Accountability at Level 2 is increasingly systematic — the organisation has an internal governance reporting structure that reaches board level and includes safeguarding quality as a standing item. Individual case accountability is improving — records are better attributed and more complete — but systemic accountability remains limited: omissions are not yet identified systematically, and the same failure categories recur without the learning architecture that would interrupt the cycle. The organisation is engaging with NVI-005 ITF™ requirements and building toward the PC1 through PC5 participation criteria.

Participation Integrity™ at Level 2

Participation at Level 2 is more genuine than at Level 1 — the organisation has invested in trauma-informed practice training, has adopted individual vulnerability assessment approaches, and has governance commitments to meaningful participation. But implementation is uneven: CIPID™ principles are understood by some practitioners and not others; participation quality assessment is applied in some services and not others; and the governance culture has not yet made genuine participation the default expectation rather than the aspiration. Rights facilitation is improving but is still primarily an administrative process rather than a technically enforced mechanism.

Governance Culture at Level 2

The governance culture at Level 2 is transitional — the organisation has leadership that genuinely wants to improve governance quality rather than merely manage compliance, but that leadership has not yet created the conditions in which the practitioner culture reflects the leadership aspiration. There is tension between the stated governance values and the operational culture, and that tension is felt by practitioners who may be personally committed to the organisation's direction while operating within systems and management expectations that reflect the older culture. The transition is real, but it is not yet complete.

 

4. Level 3 — Integrated

An organisation at Level 3 has achieved the integration of governance commitments into operational practice — the alignment between what the governance documentation says and what practitioners consistently do. It has implemented the SAFECHAIN™ NOM™ operating principles across its safeguarding practice and has achieved Foundation Certification through the CERT-001 assessment. Integration is the level at which governance quality becomes a systemic property of the organisation rather than a property of individual practitioners.

Intelligence Quality at Level 3

Intelligence at Level 3 meets the SAFECHAIN™ Domain 1 Governance Standard. CIF™ is implemented and operational. VVS™ verification is applied consistently, achieving Q1 or Q2 quality ratings in at least 70 percent of submissions. Continuity Records are maintained for individuals with complex or ongoing safeguarding needs. The internal QA process assesses intelligence quality — not just recording compliance — and identifies quality gaps as governance events. The organisation's intelligence is accessible, on a consent-governed basis, to other NVI™ network institutions, and the intelligence received from those institutions is used to inform safeguarding decisions.

Accountability Architecture at Level 3

Accountability at Level 3 is continuous and designed. IAR™ records are complete for every network transaction. The Trust Score across all six dimensions is in Good band. Omissions are identified through the Omission Detector architecture and treated as governance events. The board receives substantive accountability reporting rather than compliance summaries. And serious case review findings — where they occur — produce documented practice changes within defined timeframes that can be evidenced.

Participation Integrity™ at Level 3

Participation at Level 3 meets the Domain 2 Governance Standard. All frontline practitioners have completed MØPIT™ Level 1 and the CIPID™ Foundation Module. Participation Integrity™ assessments are recorded in every CIF™ submission. The T5 Trust Score dimension is in Good band. Individual rights are technically enforced rather than administratively managed. And the organisation can evidence that its participation governance produces genuine rather than notional participation in the assessment processes that generate its intelligence.

Governance Culture at Level 3

The governance culture at Level 3 has completed the transition that was underway at Level 2. Practitioners throughout the organisation experience safeguarding quality as a professional commitment rather than a compliance obligation. Governance concerns are raised through the escalation pathway without fear. The gap between documentation and practice that characterised Level 1 and persisted in Level 2 has been closed — what the governance documentation says is what practitioners consistently do. And the organisation's leadership can evidence its commitment to governance quality through its resource decisions, its responses to governance concerns, and its engagement with the accountability architecture.

 

5. Level 4 — Mature

An organisation at Level 4 has moved beyond integrated governance into mature governance — governance that is continuously improving, that contributes to the development of the national standards by which all organisations are assessed, and that demonstrates the characteristics of Advanced Certification under CERT-001. Maturity is the level at which an organisation's governance quality is not only consistently good but consistently developing toward excellent.

Intelligence Quality at Level 4

Intelligence at Level 4 consistently achieves Q1 quality ratings. The Predictive Safeguarding™ layer (SIS-006) is active — trajectory analysis is generating Trajectory Alerts that are being acted on within defined governance protocols. The organisation's intelligence contribution to the NVI™ network is recognised by partner institutions as contextually rich, methodologically sound, and consistently reliable. And the intelligence quality trend — assessed through VVS™ quality rating data over 12 months — is consistently improving rather than static.

Accountability Architecture at Level 4

Accountability at Level 4 extends beyond the organisation's own governance to its contribution to multi-agency accountability. The organisation actively contributes to MARAC and MASH governance at the quality standard the NSIE™ architecture requires. Its IAR™ data contributes to the network-level accountability patterns that the NVI™ Oversight Body uses for standards development. And the organisation's accountability architecture has been independently validated through the SAAF™ Level 2 audit, with findings that confirm maturity rather than identify gaps.

Participation Integrity™ at Level 4

Participation at Level 4 includes lived experience governance integration — the organisation has moved beyond procedural consultation of lived experience to genuine governance engagement. Lived experience perspectives are evidenced in governance decision records. The organisation can cite specific governance changes that resulted from lived experience challenge of its existing practice. And its T5 Trust Score is consistently in Good to Excellent band.

Governance Culture at Level 4

The governance culture at Level 4 is proactively improving — the organisation's leadership is actively seeking information about governance quality that is uncomfortable as well as information that is affirming, because it has internalised the understanding that governance improvement requires honest confrontation with governance gaps rather than management of governance narrative. Practitioners at Level 4 organisations are advocates for governance quality — they mentor colleagues, contribute to professional standards development, and participate in the NVI™ network learning architecture.

 

6. Level 5 — Leading Practice

An organisation at Level 5 is not simply meeting the national governance standard — it is contributing to its development. It holds Excellence Certification. Its practitioners are developing the next generation of SAFECHAIN™ competency holders. Its governance learning is feeding into the Standards Board's annual review cycle. And its safeguarding outcomes — the actual measurable difference its governance makes to the vulnerable individuals it serves — are demonstrably better than the outcomes produced by organisations at lower maturity levels.

Intelligence Quality at Level 5

Intelligence at Level 5 consistently achieves Q1 ratings with VVS™ verification success at 95 percent or above. The organisation's Predictive Safeguarding™ trajectory alerts are generating earlier interventions that are evidenced as producing better safeguarding outcomes. Its intelligence is the reference standard against which VVS™ verification calibration is conducted for the sector. And the organisation contributes to the development of sector-specific CIF™ standards through its participation in the NVI™ Standards Board's financial sector, healthcare, housing, or justice working groups.

Accountability Architecture at Level 5

Accountability at Level 5 is the standard against which accountability at other maturity levels is measured. The organisation's IAR™ data quality, its omission detection rate, its Trust Score stability, and its SAAF™ audit findings are used by the NVI™ Oversight Body and the Trust Authority as benchmarks for the assessment of other participants. Its accountability architecture has contributed to the Standards Board's development of accountability governance standards. And the organisation can evidence, through longitudinal Trust Score and VVS™ quality data, that its accountability architecture is generating continuous improvement rather than stable compliance.

Participation Integrity™ at Level 5

Participation at Level 5 is the model that the GUIDE Series™ draws its practice examples from. The organisation's participation governance has been independently validated through the SAAF™ Excellence Certification assessment. Its practitioners are CIPID™-qualified at Level 2 or above and are contributing to CIPID™ programme development through their operational experience. Its lived experience governance is formally evidenced in its board minutes and its governance decision records. And its T5 Trust Score is consistently in Excellent band.

Governance Culture at Level 5

The governance culture at Level 5 is the culture that the NOM-001 Six Operating Principles describe in their ideal form. Safeguarding quality is understood by every person in the organisation — from the Chief Executive to the newest frontline practitioner — as the purpose of their institutional existence, not as one priority among many to be balanced against operational convenience, financial constraint, or regulatory pressure. The organisation has faced governance challenges — Level 5 is not a condition of perfect governance, it is a condition of excellent response to imperfect governance situations — and its response to those challenges has been characterised by transparency, accountability, and systemic learning rather than by defensiveness, attribution, and managed narrative.

 

7. Using the Maturity Model

7.1 Self-Assessment

The IMM™ self-assessment process uses the AUDIT-001 through AUDIT-005 diagnostic tools to generate dimensional assessments, which are then synthesised against the level descriptions above to produce an overall maturity level. The synthesis is not mechanical — the dimensional assessments provide the evidence, and the maturity level is the honest governance judgement about what that evidence shows. An organisation that scores Level 4 on Intelligence Quality but Level 1 on Governance Culture is a Level 1 organisation whose intelligence infrastructure has developed faster than its culture — and which faces the specific development challenge of building the cultural conditions that will sustain the intelligence infrastructure it has built.

7.2 Development Planning

The IMM™ development planning process uses the level descriptions to identify the specific characteristics that the organisation needs to develop to progress from its current level to the next. The DEPLOY-003 Institutional Implementation Roadmap™ maps the IMM™ levels onto the implementation journey — showing which development activities correspond to which maturity level transitions and in what sequence they should be undertaken. The CERT-001 certification pathway maps directly onto the IMM™: Foundation Certification readiness corresponds to Level 3; Advanced Certification corresponds to Level 4; Excellence Certification corresponds to Level 5.

7.3 External Communication

The IMM™ provides organisations with a precise, nationally recognised language for communicating their governance maturity to commissioners, regulators, partners, and service users. An organisation that can say 'we are at Level 3 — Integrated, on the SAFECHAIN™ Institutional Maturity Model™, holding Foundation Certification' is communicating something specific and verifiable — not a generic claim to 'good safeguarding practice' but a defined governance standard that has been independently assessed and publicly recorded on the SAFECHAIN™ Trust Register. The IMM™ level, combined with the CERT-001 certification status, is the most precise governance quality signal available to any institution in the UK safeguarding landscape.

 

Conclusion: Where Are You Now?

The SAFECHAIN™ Institutional Maturity Model™ exists to answer the question that every organisation that takes safeguarding seriously eventually asks: where are we now? Not where do we claim to be, not where we aspire to be, but where we demonstrably are — assessed honestly against a defined national standard, with a clear picture of what the next level requires and a development pathway that gets there.

The answer to that question is the beginning of the development journey. Level 1 organisations that honestly acknowledge their maturity level have made the most important governance decision available to them — to see their governance as it is rather than as they claim it to be. That decision, honestly made and honestly acted on, is the foundation of everything that follows.

Use this model. Use it honestly. The people whose safety depends on your governance deserve nothing less.

 

AUDIT-006 should be read alongside the full AUDIT Series™ (AUDIT-001–005), CERT-001, WHITE-003 (Governance Standards™), and DEPLOY-003 (Institutional Implementation Roadmap™). Contact: samantha@safe-chain.org

 

 

COPYRIGHT NOTICE

© 2026 Samantha Avril-Andreassen. All rights reserved.

SAFECHAINN Ltd (Company No. 12038453).

 

SAFECHAIN™, and all associated series, frameworks, models, architectures, engines, standards, competency frameworks, certification systems, economic models, deployment frameworks, technical architectures, and intellectual constructs are proprietary intellectual property authored and developed by Samantha Avril-Andreassen.

 

No reproduction, implementation, adaptation, deployment, AI training, machine learning ingestion, commercialisation, derivative development, institutional adoption, regulatory implementation, governmental implementation, software development, systems development, framework replication, architecture replication or operational implementation of any component of the SAFECHAIN™ ecosystem may occur without the prior written permission of Samantha Avril-Andreassen and SAFECHAINN Ltd.

 

The SAFECHAIN™ Master Publication Register™ remains the sole authoritative source of publication status, architecture lineage, governance authority, terminology control, implementation hierarchy, version control and intellectual property provenance.

Previous
Previous

REPORT-001 — VERSION 1.0  |  ANNUAL REPORT FRAMEWORK™

Next
Next

DEPLOY-003 — VERSION 1.0  |  INSTITUTIONAL IMPLEMENTATION ROADMAP™