Resources • Fire stopping • QR tags • access control
QR tags for penetrations: rollout checklist
A rollout checklist for QR tags on penetrations so a scan opens the right record on re-inspection — without losing traceability, access control, or audit evidence. The finished seal hides the build-up, so the scan is how you find the item again.
- QR tags
- Scan logs
- Access control
- Rollout
- Item IDs
Treat tags as pointers to a penetration record —
the value comes from what the scan opens
A rollout checklist for QR tags on penetrations so re-inspections open the right record fast — without losing traceability, access control, or audit evidence. The finished seal hides the build-up, so the scan is how you find the item again. Design identity and access in from day one.
Goal 01
Outcome
Re-inspections open the right penetration record instantly — with the referenced tested system, evidence photos, and any open defects attached. No searching, no duplicates, no guessing which seal it was.
Goal 02
Access control
Decide staff vs client views before rollout, then apply login or PIN. Keep scan logs so every access event is attributed, time-stamped, and reviewable at audit.
Goal 03
Rollout discipline
Pilot one building, validate materials and scan speed near the seal, then scale with the same item ID scheme and placement rules. Naming conventions locked before install — they don't change afterwards.
Choose QR
Use QR for easy rollout and a consistent scan habit across mixed devices — no proprietary reader needed, works on any smartphone next to the sealed item.
Roll out with QA
Generate one label per penetration, place it consistently, and spot-check scans so every tag opens the right record before the estate is fully tagged.
Control access + logs
Use PINs or logins where needed and keep scan logs — every scan is an access event that belongs in the audit record alongside the penetration history.
Five steps that reduce
the usual tag programme problems
Treat tags as pointers to a penetration record. The value comes from what the scan opens — not the tag itself. Each step keeps that link intact across every re-inspection.
Five steps before tags go on penetrations
Choose an item ID strategy
Pick stable item IDs and naming conventions before printing labels. If IDs change after tags are placed, every scan becomes a broken link. Agree the format, agree the location hierarchy, lock it.
Save labels to device
Generate label images, save them to the device, and print through the label printer app your team already uses. One label per penetration — QA each before placing.
Control access
Use token verification and optional PIN protection for non-staff views. Decide what a scan should show — staff view versus client view — before any tag goes near a penetration.
Log scans
Keep scan logs so you can answer who accessed a record and when. A scan is an access event — logs make that visible during audits and incident follow-up.
Keep tags tied to the survey record
Each scan must open the correct penetration record with full history attached — the referenced tested system, photos, and any defects. Tags are most valuable when they link to a real audit trail, not a blank or placeholder record.
Most QR programmes fail because
the tag is treated as the system
It's only an identifier. The quality comes from what it links to. Four decisions to lock in before a single label is printed — changing them afterwards breaks every tag already placed at a penetration.
Four decisions before printing
Decide what a scan should show
Staff view vs client view, and what evidence should be visible. A scan that shows everything to everyone is a data policy problem waiting to happen.
Agree a naming convention
Item IDs, location strings, and barrier references should not change after tags are placed. Every rename after install is a broken link across every scan from that penetration.
Define ownership
Who creates penetrations, who can edit, who can close defects, who can issue PDFs. Ambiguous ownership means records get edited by the wrong person with no audit trail of the change.
Plan for exceptions
Missing items, duplicate IDs, damaged tags, and "service rerouted" scenarios. If you don't have a plan for these before rollout, each one becomes a support crisis mid-survey.
Minimum data to lock in early
Four things that must be decided before any label is printed
01
Building / site list
Location hierarchy — blocks, floors, compartment lines — agreed and applied consistently before tagging starts.
02
Item ID format
Unique within a building at minimum. Format defined, no free text that changes visit to visit.
03
Tag format + encoding
Short token or URL — not free text that changes. What's encoded must not require manual updates later.
04
Access policy
Public or private scan, PIN protection, expiring links if needed — decided before tags go on penetrations.
QR rollout tips
What to decide early — before the first penetration is tagged
Make scans predictable
Keep label placement consistent so teams don't hunt for the code. Same position relative to the item, agreed before rollout.
Plan for damaged tags
Keep a manual lookup route for replacements and "service rerouted" scenarios — don't rely on the tag being the only way in.
Test before rollout
Try one building first to validate materials, readability, and scan speed before committing to a full estate.
Keep a tag register
Item ID ↔ tag ID ↔ install date ↔ installer — so replacements and spot checks stay traceable.
Tags should be consistent and durable —
but must never sit on the fire-stopping system itself
The scan needs to be fast and predictable on every re-inspection. Four placement rules keep that true without obscuring the seal, the annular gap, manufacturer markings, or any system label that has to stay readable.
Four placement rules
Place consistently
Pick one position site teams can repeat for every penetration type. Consistent placement means surveyors don't search for the code on re-inspection — it's always in the same spot, just clear of the seal.
Never on the seal itself
Do not place a tag on the fire-stopping system, the annular gap, intumescent collar/wrap, or any manufacturer or system marking. The seal must stay fully visible and undisturbed — a label on the system can hide a defect or interfere with the build-up.
Use suitable materials
Choose label stock and adhesive that matches the environment around the penetration — riser heat, plant-room moisture, dust, cleaning agents, abrasion. A label that falls off after a few months is worse than no label.
Test on one building first
Validate stickiness, readability, and scan speed before full rollout. One building of failed labels is recoverable — a full estate is not. Test materials in the actual conditions they will face.
Always follow manufacturer guidance and building owner policies for labels near fire-stopping systems. When in doubt, never attach anything to the seal — place the tag on the adjacent substrate instead.
Practical rollout tips
Three things that protect the tag programme after install
Keep a tag register
Item ID ↔ tag ID ↔ install date ↔ installer. When a tag is damaged or replaced, the register keeps the history intact without detective work.
Build a replacement process
Lost or damaged tag → reprint → reassign → keep history intact. Teams need to know the process before the first tag falls off, not after.
Run spot checks
Randomly scan 10 items per area to catch mis-tags early — a tag opening the wrong penetration is harder to fix at audit than it is during rollout.
Scanning a penetration record is an access event —
treat it like one
If you share links externally, you need a simple policy that balances usability with traceability. Decide who can see what, use tokenised links, and log every scan before tags go on penetrations.
Four access rules before rollout
Decide who can see what
Internal users typically need full evidence — the referenced tested system, evidence photos, notes. External users may only need approved outputs and status. Decide the split before any tag goes on a penetration — not after a client sees something sensitive.
Use tokenised links
Avoid embedding personal data in the tag itself. Keep the tag as a pointer to the record — the QR encodes a signed link that only resolves to that one penetration, and access to the record can be gated behind a per-survey PIN.
Protect where necessary
Use PIN protection for non-staff views when the building owner policy requires it. PINs add a layer without requiring a full login — practical for client access to approved outputs.
Record on-site verification
Every scan by a signed-in team member is timestamped against the penetration, so the record shows when it was last verified on site — useful for confirming a tag was checked without relying on memory or email threads.
Starter access policy
Simple and practical — four scan scenarios
Staff scans
Full penetration record + evidence
Typically requires login. Full outcomes, tested system, photos, notes, and history visible.
Client scans
Approved outputs only
Survey PDFs and exports — not raw notes or unissued findings, unless policy allows it.
PIN protection
When policy requires it
Use for non-staff access when building owner policy mandates it. Not always needed.
Scan logs
Every scan is an access event
Review logs during audits and incident follow-up — not just when something goes wrong.
If a tag is copied or shared
Three steps to contain it without losing history
Gate the record with a PIN
Set or change the survey's 4-digit PIN. Anyone scanning must enter it before the record opens, and changing or removing the PIN takes effect immediately — previously granted sessions are revoked on the next scan.
Reissue the exposed tag
Generate a new tag for the penetration and reprint the label. Once it is reassigned, the old QR no longer resolves to the record — and the penetration's history is unaffected.
Keep the penetration record history intact
Only replace the tag pointer. The penetration record, survey history, tested system reference, and evidence are unaffected. Reprint and reassign the tag to the same item if the physical label needs replacing.
Quick answers on offline scanning, client access,
and where tags add real value
Four questions that come up most often during rollout planning and the first few weeks on site. Deeper guidance is in the related guides.
Connectivity & client access
Tags open a link to a record, so viewing the full penetration record in real time requires a connection. However, Fire Door App's fire stopping module supports offline capture — surveyors can keep capturing findings as drafts when signal drops in a riser or plant room and sync when they're back on a stable connection.
In practice, most teams scan to confirm they're on the right penetration, then capture findings in the app regardless of live connectivity. The scan opens the record; the draft captures the findings. Sync everything at the end of the day.
Sometimes — it depends on your client relationship and what the scan should show. Decide the staff vs client view split before rollout, then use access controls (login or PIN) so sensitive evidence isn't shared unintentionally.
A reasonable baseline: clients see approved outputs — survey PDFs, status, completed evidence — but not raw notes, unissued findings, or internal team comments. If client scans are out of scope entirely, use login-only access so unauthenticated scans show nothing.
Tags & value
Treat tags as pointers to the record, not the system itself. If a survey holds sensitive detail, gate the scanned record behind a 4-digit PIN you set per survey — anyone scanning has to enter it, and changing or removing the PIN takes effect immediately. To retire a specific tag, generate a new one for that penetration and reprint the label.
If a physical label is damaged or falls off, reprint and reassign a tag to the same item ID — the penetration record and its history stay intact; only the tag pointer changes. Every scan by a signed-in team member is timestamped against the penetration, so the record shows when it was last verified on site.
Re-inspections and re-seals. On a first survey of a new estate, tags save minimal time because surveyors are building the register anyway. The value compounds on every subsequent visit — the finished seal hides the build-up, so a scan opens the right penetration record instantly instead of hunting for which item it was, and reduces the risk of creating a duplicate for a penetration that already has history.
Tags also add value for handovers between surveyors or when a different team takes over a building — the scan always opens the same penetration record, with its referenced tested system and photos, regardless of who's holding the tablet, removing reliance on institutional memory.
Quick facts
QR tagging for penetrations at a glance
What a tag is
A pointer to a penetration record — not the audit trail itself. Value comes from what the scan opens
Lock in first
Stable item IDs, naming convention, access policy, and ownership — before printing labels
Offline
Capture works offline — scan to confirm item, draft findings, sync at end of day
Scan logs
Every scan is an access event — who, when, which record — for audit and incident follow-up
Control access
Gate the scanned record behind a per-survey 4-digit PIN — change or remove it any time. History stays intact
Most value
Re-inspections and team handovers — scan opens the right penetration record instantly, no duplicate risk
Get started
Roll out tags on one building first
Generate labels, tag a small set of penetrations, and test the scan flow end-to-end before committing to a full estate.
Roll out tags on one building first.
Then test scan flow end-to-end before the full estate.
Generate labels, tag a small set of penetrations, and confirm every scan opens the right record — with its tested system, photos, and defects — under access rules and logs you can defend in an audit.