Resources • Fire stopping • QR tags • access control

QR tags for penetrations: rollout checklist

A rollout checklist for QR tags on penetrations so a scan opens the right record on re-inspection — without losing traceability, access control, or audit evidence. The finished seal hides the build-up, so the scan is how you find the item again.

7‑day trial. No card required. Cancel anytime.

Last updated:

QR rollout

Fire Door App Block A · Tagging · QR tags Scanning
124
Tags printed
98
Placed
1
Scan = 1 penetration
Logs
Every scan
  • TAG Print run · QA passed Printed
  • PLC P-01 to P-48 · tags placed Placed
  • SCN P-02 scanned · record opened Logged
  • PLC Level 2 · placement round Placing Placed
  • ACC Public scan policy · read-only Set
98 of 124 tags placed
QR tags for penetrations

Treat tags as pointers to a penetration record —
the value comes from what the scan opens

A rollout checklist for QR tags on penetrations so re-inspections open the right record fast — without losing traceability, access control, or audit evidence. The finished seal hides the build-up, so the scan is how you find the item again. Design identity and access in from day one.

Goal 01

Outcome

Re-inspections open the right penetration record instantly — with the referenced tested system, evidence photos, and any open defects attached. No searching, no duplicates, no guessing which seal it was.

Right record · instantly
P-014 System + evidence attached Instantly

Goal 02

Access control

Decide staff vs client views before rollout, then apply login or PIN. Keep scan logs so every access event is attributed, time-stamped, and reviewable at audit.

Decided before any tag goes on a penetration
Token link No personal data Staff · login Full record Client · PIN Outputs only Scan logged Who · when ✓

Goal 03

Rollout discipline

Pilot one building, validate materials and scan speed near the seal, then scale with the same item ID scheme and placement rules. Naming conventions locked before install — they don't change afterwards.

One building first · then scale
Pilot Block A Block B Block C Block D →…

Choose QR

Use QR for easy rollout and a consistent scan habit across mixed devices — no proprietary reader needed, works on any smartphone next to the sealed item.

Roll out with QA

Generate one label per penetration, place it consistently, and spot-check scans so every tag opens the right record before the estate is fully tagged.

Control access + logs

Use PINs or logins where needed and keep scan logs — every scan is an access event that belongs in the audit record alongside the penetration history.

Rollout checklist

Five steps that reduce
the usual tag programme problems

Treat tags as pointers to a penetration record. The value comes from what the scan opens — not the tag itself. Each step keeps that link intact across every re-inspection.

Five steps before tags go on penetrations

01

Choose an item ID strategy

Pick stable item IDs and naming conventions before printing labels. If IDs change after tags are placed, every scan becomes a broken link. Agree the format, agree the location hierarchy, lock it.

Format agreed Unique per building Never changed post-install
02

Save labels to device

Generate label images, save them to the device, and print through the label printer app your team already uses. One label per penetration — QA each before placing.

One label per item QA before placing Consistent format
03

Control access

Use token verification and optional PIN protection for non-staff views. Decide what a scan should show — staff view versus client view — before any tag goes near a penetration.

Token links PIN for non-staff Staff vs client view
04

Log scans

Keep scan logs so you can answer who accessed a record and when. A scan is an access event — logs make that visible during audits and incident follow-up.

Who + when Audit access events Incident follow-up
05

Keep tags tied to the survey record

Each scan must open the correct penetration record with full history attached — the referenced tested system, photos, and any defects. Tags are most valuable when they link to a real audit trail, not a blank or placeholder record.

Full history Live evidence Not a placeholder
QR scan flow · tag → record → history P-014 L1 · Riser North Token link Tag = pointer to record Access check Staff · login Full record or Client · PIN Approved outputs Penetration record opens · P-014 System: EI 120 · cert ref 1 open defect Scan logged J. Smith · P-014 · 09:14 · 12 Jun 2026 Re-inspection · same scan · same record · full history Right record · instantly Tag Access Record Log
Before you print anything

Most QR programmes fail because
the tag is treated as the system

It's only an identifier. The quality comes from what it links to. Four decisions to lock in before a single label is printed — changing them afterwards breaks every tag already placed at a penetration.

Four decisions before printing

Decide what a scan should show

Staff view vs client view, and what evidence should be visible. A scan that shows everything to everyone is a data policy problem waiting to happen.

Agree a naming convention

Item IDs, location strings, and barrier references should not change after tags are placed. Every rename after install is a broken link across every scan from that penetration.

Define ownership

Who creates penetrations, who can edit, who can close defects, who can issue PDFs. Ambiguous ownership means records get edited by the wrong person with no audit trail of the change.

Plan for exceptions

Missing items, duplicate IDs, damaged tags, and "service rerouted" scenarios. If you don't have a plan for these before rollout, each one becomes a support crisis mid-survey.

Decisions locked early → chain stays intact Before printing Scan view Naming Ownership Excp. Generate labels · QA before placing P-014 Standard label P-014 · Riser North QA ✓ Tags placed · naming locked P-014 Locked ✓ L1 · Riser North Consistent ✓ Token Encoded ✓ Scan → right record · instantly P-014 Full history attached ✓ vs rename after install → broken link Pen-014 ✗ 404 P-014 · intact ✓

Minimum data to lock in early

Four things that must be decided before any label is printed

01

Building / site list

Location hierarchy — blocks, floors, compartment lines — agreed and applied consistently before tagging starts.

02

Item ID format

Unique within a building at minimum. Format defined, no free text that changes visit to visit.

03

Tag format + encoding

Short token or URL — not free text that changes. What's encoded must not require manual updates later.

04

Access policy

Public or private scan, PIN protection, expiring links if needed — decided before tags go on penetrations.

QR rollout tips

What to decide early — before the first penetration is tagged

Make scans predictable

Keep label placement consistent so teams don't hunt for the code. Same position relative to the item, agreed before rollout.

Plan for damaged tags

Keep a manual lookup route for replacements and "service rerouted" scenarios — don't rely on the tag being the only way in.

Test before rollout

Try one building first to validate materials, readability, and scan speed before committing to a full estate.

Keep a tag register

Item ID ↔ tag ID ↔ install date ↔ installer — so replacements and spot checks stay traceable.

Placement & durability

Tags should be consistent and durable —
but must never sit on the fire-stopping system itself

The scan needs to be fast and predictable on every re-inspection. Four placement rules keep that true without obscuring the seal, the annular gap, manufacturer markings, or any system label that has to stay readable.

Four placement rules

Place consistently

Pick one position site teams can repeat for every penetration type. Consistent placement means surveyors don't search for the code on re-inspection — it's always in the same spot, just clear of the seal.

Never on the seal itself

Do not place a tag on the fire-stopping system, the annular gap, intumescent collar/wrap, or any manufacturer or system marking. The seal must stay fully visible and undisturbed — a label on the system can hide a defect or interfere with the build-up.

Use suitable materials

Choose label stock and adhesive that matches the environment around the penetration — riser heat, plant-room moisture, dust, cleaning agents, abrasion. A label that falls off after a few months is worse than no label.

Test on one building first

Validate stickiness, readability, and scan speed before full rollout. One building of failed labels is recoverable — a full estate is not. Test materials in the actual conditions they will face.

Always follow manufacturer guidance and building owner policies for labels near fire-stopping systems. When in doubt, never attach anything to the seal — place the tag on the adjacent substrate instead.

Penetration · placement zones Fire-stopping system System label EI 120 · cert ref Avoid — the seal, annular gap, system markings P-014 Good zone ✓ Consistent clear of seal Good zone — adjacent substrate (clear of the system) Alt. zone below seal Near the item Same position · every item · every visit Fast scan · no hunting

Practical rollout tips

Three things that protect the tag programme after install

Keep a tag register

Item ID ↔ tag ID ↔ install date ↔ installer. When a tag is damaged or replaced, the register keeps the history intact without detective work.

Build a replacement process

Lost or damaged tag → reprint → reassign → keep history intact. Teams need to know the process before the first tag falls off, not after.

Run spot checks

Randomly scan 10 items per area to catch mis-tags early — a tag opening the wrong penetration is harder to fix at audit than it is during rollout.

Access control & verification

Scanning a penetration record is an access event —
treat it like one

If you share links externally, you need a simple policy that balances usability with traceability. Decide who can see what, use tokenised links, and log every scan before tags go on penetrations.

Four access rules before rollout

Decide who can see what

Internal users typically need full evidence — the referenced tested system, evidence photos, notes. External users may only need approved outputs and status. Decide the split before any tag goes on a penetration — not after a client sees something sensitive.

Use tokenised links

Avoid embedding personal data in the tag itself. Keep the tag as a pointer to the record — the QR encodes a signed link that only resolves to that one penetration, and access to the record can be gated behind a per-survey PIN.

Protect where necessary

Use PIN protection for non-staff views when the building owner policy requires it. PINs add a layer without requiring a full login — practical for client access to approved outputs.

Record on-site verification

Every scan by a signed-in team member is timestamped against the penetration, so the record shows when it was last verified on site — useful for confirming a tag was checked without relying on memory or email threads.

Token flow · scan → verify → access → log Token link No personal data Scan event Token verification verify Token valid ✓ + PIN opt. Staff view Full record + evidence Client view Approved outputs only Scan log J. Smith · Staff · P-014 · 09:14 Staff ✓ Acme Ltd · Client · P-014 · 11:22 Client ✓ Every scan · attributed · time-stamped Auditable access trail

Starter access policy

Simple and practical — four scan scenarios

Staff scans

Full penetration record + evidence

Typically requires login. Full outcomes, tested system, photos, notes, and history visible.

Client scans

Approved outputs only

Survey PDFs and exports — not raw notes or unissued findings, unless policy allows it.

PIN protection

When policy requires it

Use for non-staff access when building owner policy mandates it. Not always needed.

Scan logs

Every scan is an access event

Review logs during audits and incident follow-up — not just when something goes wrong.

If a tag is copied or shared

Three steps to contain it without losing history

1

Gate the record with a PIN

Set or change the survey's 4-digit PIN. Anyone scanning must enter it before the record opens, and changing or removing the PIN takes effect immediately — previously granted sessions are revoked on the next scan.

2

Reissue the exposed tag

Generate a new tag for the penetration and reprint the label. Once it is reassigned, the old QR no longer resolves to the record — and the penetration's history is unaffected.

3

Keep the penetration record history intact

Only replace the tag pointer. The penetration record, survey history, tested system reference, and evidence are unaffected. Reprint and reassign the tag to the same item if the physical label needs replacing.

Common questions

Quick answers on offline scanning, client access,
and where tags add real value

Four questions that come up most often during rollout planning and the first few weeks on site. Deeper guidance is in the related guides.

Connectivity & client access

Tags open a link to a record, so viewing the full penetration record in real time requires a connection. However, Fire Door App's fire stopping module supports offline capture — surveyors can keep capturing findings as drafts when signal drops in a riser or plant room and sync when they're back on a stable connection.

In practice, most teams scan to confirm they're on the right penetration, then capture findings in the app regardless of live connectivity. The scan opens the record; the draft captures the findings. Sync everything at the end of the day.

Tags open a link Capture works offline Sync at end of day
Fire stopping evidence & audit trail

Sometimes — it depends on your client relationship and what the scan should show. Decide the staff vs client view split before rollout, then use access controls (login or PIN) so sensitive evidence isn't shared unintentionally.

A reasonable baseline: clients see approved outputs — survey PDFs, status, completed evidence — but not raw notes, unissued findings, or internal team comments. If client scans are out of scope entirely, use login-only access so unauthenticated scans show nothing.

Decide view split first Login or PIN controls Approved outputs by default
Access control guidance

Tags & value

Treat tags as pointers to the record, not the system itself. If a survey holds sensitive detail, gate the scanned record behind a 4-digit PIN you set per survey — anyone scanning has to enter it, and changing or removing the PIN takes effect immediately. To retire a specific tag, generate a new one for that penetration and reprint the label.

If a physical label is damaged or falls off, reprint and reassign a tag to the same item ID — the penetration record and its history stay intact; only the tag pointer changes. Every scan by a signed-in team member is timestamped against the penetration, so the record shows when it was last verified on site.

PIN-gate the record Reprint + reassign label History stays intact
See the full copied-tag steps

Re-inspections and re-seals. On a first survey of a new estate, tags save minimal time because surveyors are building the register anyway. The value compounds on every subsequent visit — the finished seal hides the build-up, so a scan opens the right penetration record instantly instead of hunting for which item it was, and reduces the risk of creating a duplicate for a penetration that already has history.

Tags also add value for handovers between surveyors or when a different team takes over a building — the scan always opens the same penetration record, with its referenced tested system and photos, regardless of who's holding the tablet, removing reliance on institutional memory.

Re-inspections — biggest gain Team handovers No duplicate records
Evidence & audit trail

Quick facts

QR tagging for penetrations at a glance

What a tag is

A pointer to a penetration record — not the audit trail itself. Value comes from what the scan opens

Lock in first

Stable item IDs, naming convention, access policy, and ownership — before printing labels

Offline

Capture works offline — scan to confirm item, draft findings, sync at end of day

Scan logs

Every scan is an access event — who, when, which record — for audit and incident follow-up

Control access

Gate the scanned record behind a per-survey 4-digit PIN — change or remove it any time. History stays intact

Most value

Re-inspections and team handovers — scan opens the right penetration record instantly, no duplicate risk

Get started

Roll out tags on one building first

Generate labels, tag a small set of penetrations, and test the scan flow end-to-end before committing to a full estate.

7-day trial No card required Cancel anytime
Get started

Roll out tags on one building first.
Then test scan flow end-to-end before the full estate.

Generate labels, tag a small set of penetrations, and confirm every scan opens the right record — with its tested system, photos, and defects — under access rules and logs you can defend in an audit.

7‑day trial No card required Cancel anytime