Building Safety Act Compliance Workflow Explained
The Building Safety Act 2022 doesn't just demand new documents - it demands a new evidentiary standard. The Building Safety Regulator (BSR) wants a Golden Thread of Information: every safety-critical decision traceable, dateable, and tied to a named accountable person. Most principal designers and contractors are still trying to satisfy that with SharePoint folders and email chains. This post explains what Building-Safety-Act document compliance software actually has to do, and how to build (or buy) it without rebuilding your CDE.
- Drawings, fire strategies, competence records and test certificates
- Project, building, duty-holder and gateway metadata
- Approval rules for expiry dates, standards and accountable people
- Gateway 2 / Gateway 3 evidence pack
- Golden Thread graph linking decisions to source documents
- Defensible audit trail for the Building Safety Regulator
The evidence set this workflow controls
Building Safety Act software is not just a file store. It needs to manage the evidence set behind every regulated decision:
- Design evidence: drawings, specifications, structural calculations and fire strategy documents.
- Product evidence: test certificates, declarations of performance, warranties and manufacturer data sheets.
- Duty-holder evidence: competence records, appointments, signoffs and accountable-person metadata.
- Change evidence: RFIs, approvals, revisions, superseded documents and decision history.
- Generated outputs: Gateway packs, resident handover packs, Golden Thread exports and audit bundles.
What the BSR actually wants in a Gateway 2 pack
The legal text is broad, but the operational ask boils down to four capabilities:
- Provenance for every duty-holder competence record, design decision, and material specification.
- Versioning: which document was current on the day a decision was made, who signed it off, and what changed afterwards.
- Cross-referencing: a fire-safety strategy that cites the structural drawing it relied on, that cites the test certificate for the cladding system, and so on down the chain.
- Survivability: the pack has to be defensible 30 years after handover, not just at Gateway 2.
Tools, triggers and data flow
The trigger is usually a new upload, revision, RFI, design decision or approval event inside a CDE such as Asite, Procore, Viewpoint, Autodesk Construction Cloud or SharePoint. The workflow keeps the CDE as storage, then adds validation, citations, expiry checks and structured links on top. That is why this sits between Building Safety Act compliance and compliance document automation.
Trigger
- New upload, revision, RFI, approval or gateway-pack request inside Asite, Procore, Viewpoint, Autodesk Construction Cloud or SharePoint.
Systems / APIs
- CDE API, SharePoint Graph API or scheduled evidence export
- Document extraction layer for certificates, drawings and reports
- Rules engine for duty-holder, expiry and standard checks
- Evidence graph stored in database plus PDF / archive export
Template fields
- project_id, building_id, gateway_stage, document_type
- duty_holder, accountable_person, approval_status
- standard_reference, certificate_expiry, revision_number
- decision_id, source_document_id, citation_page
Automation actions
- Classify evidence and attach it to the project / building record
- Extract citations, expiry dates and named duty holders
- Update the Golden Thread decision graph
- Generate Gateway 2 / Gateway 3 packs and audit exports
The build pattern that survives audit
Across our Building Safety Act compliance engagements, the pattern that works is to layer a document workflow on top of your existing CDE rather than replace it. The CDE keeps storing files; the workflow encodes the Golden Thread structure:
- Ingestion. Every drawing, certificate, competence record, fire strategy and structural calc lands in a typed inbox tied to the project / building.
- Extraction. Document assistance agents read scanned competence certs, BS test reports and CV-style records and return structured, citable data - including the page reference for every claim.
- Validation. Duty-holder rules, expiry tracking, BS / EN test references, accreditation lookups. Anything missing is a deliberate, logged decision - not an oversight.
- Generation. Paperless renders the Gateway 2 / Gateway 3 pack from the validated data, not from copy-paste. Multilingual sub-contractor briefs from one source.
- Audit. A per-document trail showing exactly which evidence supported which decision - exportable as a single PDF / archive on demand.
How this becomes automated
- 1Ingest drawings, certificates, competence records and fire strategies from the existing CDE.
- 2Extract structured evidence with citations to the exact source page and file version.
- 3Validate duty-holder rules, expiry dates, BS / EN references and missing approvals.
- 4Generate Gateway 2 / Gateway 3 packs from approved evidence instead of copy-paste.
- 5Maintain a Golden Thread graph linking every regulated decision to its supporting documents.
What a real Golden Thread looks like in software
Concretely: a queryable graph where every node is a regulated decision, and every edge is a citation to the source document. When the BSR asks "why was this cladding system specified", the answer is a traversal: design decision → fire strategy → product test certificate → manufacturer competence record. Each node is signed, timestamped, and tied to a named duty-holder. None of that requires ripping out your CDE - it requires a workflow on top of it.
Where to go next
If you're a Principal Designer, Principal Contractor or developer with an HRB project at Gateway 2 in the next 18 months, the time to put Building Safety Act document compliance software in place is now - retrofitting evidence after the fact is harder than building it as you go. Book a free 30-minute audit and we'll show you the smallest workflow that gets you to a defensible Gateway 2 pack.