The CSCS card tracking problem
The Construction Skills Certification Scheme (CSCS) is the industry standard for proving that a construction worker has the right qualifications and training for the work they do on site. While CDM 2015 does not explicitly mandate CSCS cards, the HSE's Approved Code of Practice (ACoP L153) recognises them as appropriate evidence of competence, and virtually every principal contractor in the UK requires valid CSCS cards as a non-negotiable condition of site entry.
The challenge is not checking a single card. Any site manager can look at a card, note the expiry date, and wave someone through the gate. The challenge is tracking expiry dates across an entire workforce, across multiple sites, across a supply chain that may include dozens of subcontractors each with their own workers.
Consider a principal contractor running five live projects with 400 workers across all sites. Those workers hold different card types with different expiry periods. Workers rotate between sites. New workers arrive via subcontractors with no prior relationship. Some workers hold cards that have been reported lost or revoked but still carry the physical plastic. Others have renewed but not yet received the replacement card.
Most companies attempt to manage this with spreadsheets. A site manager records the card number, type, and expiry date in a shared Excel file when a worker first arrives. This approach has several predictable failure modes:
- Data entry errors. Card numbers are 10-digit strings. One transposed digit means the record is useless for verification. Expiry dates are entered in different formats by different people.
- Stale data. Once a card is recorded, nobody checks again until the worker returns months later. If the card was revoked between visits, the spreadsheet still shows it as valid.
- No alerts. Spreadsheets do not send reminders. Unless someone manually reviews the file and filters by date, cards expire silently.
- Supply chain blind spots. Subcontractor workers may never appear in the PC's spreadsheet at all. The PC relies on the sub to manage their own workers' cards, with no visibility of the actual data.
- Audit failure. An HSE inspector asking "show me the CSCS status of every worker currently on site" cannot be answered from a spreadsheet in any reasonable timeframe. The data is scattered, incomplete, and unverified.
The fundamental problem is that spreadsheets record what someone said about a card at a single point in time. They do not verify that the card is genuine, they do not track changes in status, and they do not alert anyone when action is needed.
What happens when a CSCS card expires on site
When a worker's CSCS card is found to be expired during a site check or gate audit, the consequences cascade quickly:
Immediate removal from site. Under most principal contractor access policies, the worker must leave site immediately. They cannot work, even if they are qualified and competent, because the PC's insurance and CDM 2015 obligations require documented evidence of competence. An expired card is not evidence.
Lost production. The worker was presumably assigned to a task. That task now has a gap. If the worker is a specialist (a crane operator, an electrician, a confined space entrant), the gap may not be fillable at short notice. The work stops until a replacement is found.
Cost to the subcontractor. The sub still owes the worker a day's pay in many cases, depending on their contract terms. The sub may also face a back-charge from the PC for the disruption. The worker needs to book a Health, Safety and Environment (HS&E) test, potentially attend a training course, and wait for the new card to arrive. This can take 4 to 8 weeks.
Cost to the principal contractor. Programme delays, additional supervision time spent managing the gap, and the administrative burden of the incident report. If the expired card is discovered during an HSE inspection rather than an internal check, the PC faces potential enforcement action for failing to ensure worker competence under CDM 2015 Regulation 13.
Repeat offenders. Without a system that tracks which workers have had card issues in the past, the same problem recurs. A worker whose card expired on Project A arrives at Project B three months later with a card that is about to expire again. Nobody knows because the data is siloed in a spreadsheet on the Project A site manager's laptop.
Real cost example: A Tier 2 civils contractor with 200 direct workers and 100 supply chain workers estimated they were losing 12 productive days per month to expired CSCS cards discovered at the gate. At an average daily rate of £250, that is £3,000 per month in direct lost production, not counting the admin time, programme disruption, or replacement labour costs.
CSCS card types and expiry periods
Not all CSCS cards are equal. Different card types have different validity periods, different renewal requirements, and different implications for site access. Understanding the card types is essential for any tracking system:
| Card type | Colour | Validity | Renewal requirement |
|---|---|---|---|
| Skilled Worker | Blue | 5 years | NVQ/SVQ + valid HS&E test |
| Advanced Craft | Gold | 5 years | NVQ Level 3+ or equivalent |
| Experienced Worker | Red | 1 year (non-renewable) | Must achieve NVQ within validity period |
| Trainee / Apprentice | Red | 5 years | Registered apprenticeship or NVQ programme |
| Provisional (Labourer) | Green | 5 years | HS&E test only |
| Manager (Black) | Black | 5 years | NVQ Level 6 or equivalent management qualification |
| Academically Qualified Person | White | 5 years | Degree or equivalent + HS&E test |
The Experienced Worker (red) card is particularly problematic for tracking because it has only a one-year validity and cannot be renewed. If the worker has not completed their NVQ by the time it expires, they must leave site. This is the card type most likely to catch people out, and the one where early warning is most critical.
Allied scheme cards (ECS, JIB, CPCS, CISRS, and others) are also verified through the CSCS Smart Check system and have their own expiry periods. A comprehensive tracking system must handle all card types, not just CSCS-branded cards.
How digital CSCS management works
Digital CSCS card management replaces the spreadsheet with a system that verifies cards against the live CSCS database, tracks expiry dates automatically, and alerts the right people before cards expire. The workflow typically involves three components:
1. API verification at point of entry. When a worker is added to the system (either by an admin entering their details, by the worker scanning their card via a mobile app, or during a CSV import of a new subcontractor's workforce), the system sends the card number and surname to the CSCS Smart Check API. The API returns the card type, trade, expiry date, and current status. This is a live check against the CSCS database, not a visual check of the physical card. If the card has been reported stolen, revoked, or is otherwise invalid, the API will flag it even if the physical card looks fine.
2. Automated expiry monitoring. Once a card is verified and its expiry date is recorded, the system monitors that date continuously. No one needs to remember to check. When a card enters the alert window (typically 90, 60, and 30 days before expiry), notifications are sent automatically to the worker, their employer, and optionally the site manager. The notifications include guidance on how to renew: which test to book, which training centre to contact, and what the expected processing time is.
3. Access rules integration. The CSCS card status feeds directly into the site's access rules engine. When a worker attempts to clock in, the system checks their card status as part of the access evaluation. If the card has expired, the worker is blocked with a clear message explaining why, and their employer is notified. This happens before the worker reaches the gate, not when they are standing in front of a security guard.
The key difference from a spreadsheet is that the data is verified, current, and actionable. A spreadsheet tells you what someone typed in six months ago. A digital system tells you the status right now, verified against the source database.
Confidence scoring: knowing how reliable your data is
Not all competency records are equally reliable. A CSCS card verified via the Smart Check API is more trustworthy than one where a site manager glanced at the physical card and typed the number into a spreadsheet. A competency certificate uploaded by a supply chain admin is less certain than one verified against the issuing body's database.
Confidence scoring solves this problem by tagging every competency record with a score that indicates how it was verified. AttendIQ uses a six-level scale:
| Level | Source | Example |
|---|---|---|
| C6 - Verified | External API verification | CSCS Smart Check, EUSR, Gas Safe Register |
| C5 - PC API | Principal contractor's ERP or API | Data pushed from the PC's workforce system |
| C4 - PC Admin | PC admin manual entry or CSV import | Site manager records card details after visual check |
| C3 - SC API | Supply chain company's ERP or API | Subcontractor pushes data via integration |
| C2 - SC Admin | Supply chain admin manual entry | Sub's office manager enters card details |
| C1 - Worker | Worker self-declared | Worker claims to hold a card with no evidence uploaded |
The confidence score is assigned automatically by the system based on how the record was created. It cannot be manually overridden. This means that when a site manager looks at a worker's competency record, they can immediately see whether the CSCS card was verified via the API (C6) or simply typed in by a subcontractor admin (C2).
Access rules can use confidence scores as thresholds. For example, a high-security site might require C4 or above for all competencies, meaning that supply chain admin entries (C2) and worker self-declarations (C1) would not be sufficient for site access. This gives the principal contractor granular control over the quality of evidence they accept.
Supply chain CSCS visibility
For principal contractors, the hardest part of CSCS management is not their own direct workforce. It is the supply chain. A Tier 1 contractor might have 20 subcontractors on a single project, each with their own workers, their own HR systems (or lack of them), and their own approach to card tracking.
Without a shared platform, the PC has two options: trust the subcontractor to manage it (and accept the risk), or manually check every worker at the gate (and accept the bottleneck). Neither is satisfactory.
A digital platform solves this by giving the supply chain company their own workspace where they manage their workers' records. The SC admin enters or verifies card details for their workers. That data is then visible to every PC the SC is connected to, scoped to the relevant project. The PC can see:
- Which SC workers have valid, verified CSCS cards
- Which SC workers have cards expiring in the next 90 days
- Which SC workers have expired or unverified cards
- An overall supply chain compliance percentage per subcontractor
This pre-arrival visibility means that problems are identified and resolved before a worker arrives at the gate, not when they are standing there with their tools in the car park. The subcontractor has time to renew cards, arrange training, or send a different worker. The site manager is not put in the position of turning someone away at 7am and disrupting the day's programme.
For the supply chain company, this visibility is also valuable. A subcontractor working across multiple PCs can see all their workers' card statuses in one place, rather than maintaining separate records for each client's requirements. When a worker's card is verified for one PC, that verification carries across to all connected PCs automatically.
The AttendIQ approach
AttendIQ integrates CSCS card management into the core workforce compliance workflow. Rather than treating card tracking as a separate process with its own spreadsheet and its own admin burden, CSCS status is part of every worker's profile from the moment they are added to the system.
CSCS Smart Check API integration. AttendIQ connects directly to the CSCS Smart Check API to verify cards in real time. When a card number is entered or a worker uploads a card photo via the mobile app, the system verifies it against the live database and records the result with a C6 confidence score. Manual visual checks by a site manager are recorded at C4. This distinction is visible on the worker's profile and feeds into access rules.
Three-stage expiry alerts. AttendIQ sends automated notifications at 90, 60, and 30 days before card expiry. The 90-day alert goes to the worker and their employer by email, giving them maximum lead time to arrange renewal. The 60-day alert adds a push notification if the worker has the mobile app. The 30-day alert escalates to the site manager and flags the worker's record in the admin dashboard. All alert timings are configurable per organisation.
Access rules integration. CSCS card status is one of the rules evaluated by the access rules engine every time a worker clocks in. If a card has expired, the worker is blocked. Critically, the access rules engine evaluates all rules and returns all failures at once. A worker with an expired CSCS card and a missing induction is told about both problems in one response, not sent away to fix one problem only to be blocked again by the second.
Worker self-service. Workers can upload their CSCS card via the mobile app. They take a photo of the front of the card, and the system extracts the card number and submits it for API verification. This removes the admin burden from site managers and subcontractor offices. Once verified, the record is tagged C6, the same confidence level as a site manager's API check.
Supply chain compliance dashboard. Principal contractors can see CSCS compliance across their entire supply chain from a single dashboard. Each subcontractor has a compliance percentage based on the proportion of their workers with valid, verified cards. Drilling down shows individual worker status, card type, expiry date, and confidence score. The same data is available to the supply chain company for their own workforce planning.
Nightly re-verification. For cards approaching expiry, AttendIQ runs a nightly re-verification job against the CSCS API. If a card has been revoked, reported lost, or otherwise invalidated between visits, the system picks it up automatically. The worker's record is updated and their employer is notified. This catches the edge case that no manual check ever would: a card that was valid last week but is not valid today.
CSV import with validation. When a subcontractor is onboarded with a batch of workers via CSV import, CSCS card numbers in the import file are verified against the API automatically. Invalid or expired cards are flagged in the import validation report. The import still proceeds (workers are not blocked from being created), but the compliance issues are surfaced immediately rather than discovered at the gate weeks later.
No hardware required. AttendIQ runs on the devices your workforce already has. Workers use their own phones. Site managers use the admin web portal. There are no biometric scanners to install, no turnstiles to maintain, and no tablets to replace when they get dropped in the mud. You can be live the same day.
Frequently asked questions
How do I check if a CSCS card is still valid?
You can verify a CSCS card using the CSCS Smart Check app or API. Enter the card number and the worker's surname. The system checks the card against the live CSCS database and returns the card type, expiry date, and current status. Manual visual checks are unreliable because cards can be reported lost or revoked without the physical card being collected.
What happens if a worker's CSCS card expires while they are on site?
Under most principal contractor access policies, a worker with an expired CSCS card must be removed from site immediately. They cannot return until they hold a valid card. This means lost working time, disruption for the subcontractor, and potential project delays. If discovered during an HSE inspection, it can also trigger enforcement action for failing to verify worker competence under CDM 2015.
Can subcontractor workers upload their own CSCS card evidence?
Yes. With AttendIQ, workers photograph and upload their CSCS card via the mobile app. The platform then verifies the card against the CSCS database automatically. This removes admin burden from site managers and ensures the record is verified rather than self-declared. Each record receives a confidence score so you can see how it was verified.
How far in advance should I be alerted about CSCS card expiry?
Best practice is a three-stage system: 90 days (first notice), 60 days (follow-up), and 30 days (urgent alert). CSCS renewal can take 4 to 8 weeks depending on the card type and whether a new HS&E test is required. Starting at 90 days gives workers enough time to book tests, complete training, and receive replacement cards before the old one expires.