Utah school visitor management requirements changed significantly in 2025 and 2026, introducing new laws that directly impact how schools control access, verify visitors, and manage data. In just two years, visitor sign-in has moved from paper logbooks to mandatory ID scanning, automated background checks, and controlled campus entry systems.
Three laws drive this change:
These laws are not optional recommendations. They are legal compliance requirements with clear implementation expectations.
Each regulation focuses on a different part of campus access and visitor management. Together, they create overlapping responsibilities that schools must bring together into a single, workable system.
On top of that, schools must manage visitor data under Utah’s Government Records Access and Management Act (GRAMA). That means sensitive visitor information must be stored, protected, and handled in line with public records laws that existed long before modern digital visitor tracking systems.
Understanding how these rules work together determines whether your school’s visitor management process truly meets Utah’s legal standard - or just appears to.
Utah school visitor management requirements are a set of state laws and administrative rules that require schools to control building access, scan visitor IDs, screen against sex offender registries, conduct volunteer background checks, and manage visitor data under GRAMA.
Utah now requires all public and private K-12 schools to maintain a managed point of entry under Administrative Rule R698-13.
Schools with grades 5–12 must activate managed entry within 10 minutes of the first bell. Elementary schools (K–4) must begin 20 minutes before the first bell.
HB 40 (2025) requires schools to scan government-issued IDs and check visitors against the Sex Offender Registry before granting campus access.
HB 44 (2026) introduces background screening requirements for volunteers who have unsupervised access to students.
All visitor data must be stored and managed according to GRAMA.
Together, these regulations create a comprehensive framework for Utah school visitor management, requiring systems capable of:
The bottom line: paper sign-in sheets and manual ID checks no longer meet Utah’s legal standard. Schools need a visitor management system that can address all three laws in one place.
Administrative Rule R698-13 sets the foundation for Utah’s school access control requirements. Effective August 27, 2025, schools must limit visitor access to a single managed point of entry during regular school hours, while keeping all other exterior doors locked from the outside.
This rule is about more than locked doors. It creates a controlled entry point where schools can properly verify and screen visitors before allowing access to the building. Without that controlled entry process, requirements like ID scanning and registry checks are far less effective. Visitors could simply enter through another door.
The rule requires schools to staff or monitor the entry point so visitors can be verified before they proceed into the building.
Timing requirements differ by grade level:
Schools must maintain a managed point of entry beginning no later than 10 minutes after the first bell and continuing until the final bell.
Elementary schools must activate a managed entry no later than 20 minutes before the first bell, followed by a secured point of entry beginning 10 minutes after the first bell.
Another detail that surprises many administrators is the rule’s continuous monitoring requirement. Entry points must be actively monitored during school hours - either by staff or by a video visitor management system with live monitoring capability. Recording alone is not sufficient.
Non-compliance carries serious consequences. If a school building does not meet R698-13 standards, the commissioner or their designee can initiate an agency action to revoke or deny the school’s occupancy permit.
This requirement applies to both public and private schools.
The takeaway: R698-13 establishes the physical access control requirement that every other Utah school safety regulation builds upon.
A managed point of entry is a designated school entrance where all visitors must be identified and processed before entering the building.
Under R698-13, this entry point may be staffed by school personnel such as reception staff, administrators, or security personnel. It may also be managed through a video visitor management system that allows staff to identify and control access remotely.
What makes it “managed” is the process that happens before entry.
At a compliant entry point:
With a modern visitor management system, this process can take less than 30 seconds. That speed matters. Schools often process dozens of visitors each day - especially during drop-off, pickup, and school events.
House Bill 40 significantly changed how Utah schools verify visitor identity.
Passed in the 2025 legislative session, HB 40 requires schools to scan government-issued identification for all visitors and check those IDs against the Sex Offender Registry before allowing access to campus.
This requirement applies to all visitors, including parents.
Whether someone is dropping off lunch, attending a meeting, or completing maintenance work, the process remains the same:
Visual ID checks or handwritten sign-in sheets no longer meet Utah’s legal requirements.
The law does not mandate a specific technology. Schools may use dedicated ID scanners, camera-based readers, or tablet-based systems. What matters is the outcome: accurate data capture and real-time registry screening.
HB 40 also reinforces another safety measure: classroom doors must remain locked while students are present.
This layered approach - controlled building entry plus secured classrooms - reflects modern school safety strategies designed to reduce risk at multiple points across campus.
The operational challenge for schools is speed. Visitor processing must be fast enough to avoid delays during high-traffic periods like morning drop-off or parent-teacher conferences.
House Bill 44, introduced in the 2026 legislative session, adds another layer of school visitor compliance - this time focused on volunteers.
Many volunteers work closely with students, often on a recurring basis. This includes classroom helpers, field trip chaperones, coaches, and activity coordinators. HB 44 requires schools to conduct background checks on volunteers who may have unsupervised access to students, as outlined in Section 53G-11-402.
This means schools must distinguish between one-time visitors and recurring volunteers. A parent attending a classroom party has different requirements than a parent volunteering every week in the school library.
Volunteers who complete background screening and monitoring may qualify as pre-approved volunteers, allowing schools to streamline their check-in process.
HB 44 also strengthens data protection requirements. Local Education Agencies (LEAs) must manage visitor data in compliance with GRAMA, including:
The law includes enforcement provisions as well. Intentionally sharing private or controlled visitor information with unauthorized individuals is classified as a Class A misdemeanor.
The takeaway: visitor management systems must now support volunteer screening workflows, credential tracking, and secure data management - not just visitor check-ins.
The Government Records Access and Management Act (GRAMA) governs how Utah government entities manage records - including visitor data collected by schools. Because public schools are government institutions, visitor management data must follow GRAMA requirements.
GRAMA classifies records into different categories based on who can access them:
Public records: Information such as timestamps, visitor counts, and general access logs may be available upon request.
Private records: Personally identifiable information -including names, identification numbers, and scanned images - is typically classified as private.
Controlled records: Sensitive information such as background check results or security alerts is typically classified as controlled or protected.
For school administrators, this creates several operational responsibilities. Visitor management systems must include secure storage and role-based access controls. Not every staff member should have access to the same level of information.
Schools must also be prepared to respond to formal GRAMA records requests. District records officers determine what information can legally be released.
Retention rules add another layer of complexity. Visitor logs must often be retained for defined periods under state archive rules, while sensitive screening information may require additional protections.
It is also important to note that student records fall under FERPA, not GRAMA. Visitor records and student records are governed by separate laws.
In summary: how visitor data is stored and managed matters just as much as how visitors enter the building.
When you combine R698-13, HB 40, HB 44, and GRAMA, a clear picture emerges of what Utah schools need from a visitor management system.
A compliant system should support the following:
Schools must scan driver’s licenses, passports, or state IDs and automatically extract visitor data.
Each visitor must be checked against national and state sex offender registries in real time.
Schools need a live record of who is currently inside the building.
Badges provide quick visual verification for staff throughout the school.
Systems should track volunteer approval status and background check expiration dates.
Visitor data must be stored securely with role-based access controls and defined retention policies.
Staff should be notified automatically when their visitor arrives.
Administrators must be able to instantly generate a list of everyone in the building during emergencies.
Utah’s regulations require visitor management systems to handle multiple responsibilities at once. If a system cannot meet all of these requirements, it creates a compliance gap.
Across Utah, districts are adapting their visitor management processes to meet these new regulations. In many elementary schools, visitors now enter through a secure vestibule where front office staff manage the single controlled entry point required by R698-13.
Staff scan IDs through the visitor management system, which checks registry databases before printing a visitor badge. At the same time, volunteer workflows are changing.
A parent volunteering for a field trip may require a background screening under HB 44, even if that same parent previously checked in for a short visit without issue.
Larger districts face the added challenge of standardizing visitor processes across multiple schools.
A visitor should have the same experience whether they enter an elementary school, middle school, or high school in the district. That consistency requires a centralized visitor management platform capable of district-wide reporting and watchlist management.
Budget considerations also play a role. Schools must invest in:
Districts that implemented visitor management before HB 40 may now need to upgrade systems to support mandatory ID scanning.
These real-world scenarios highlight how Utah’s layered regulations create different requirements depending on visitor type, role, and access level.
To meet Utah school visitor management requirements, schools should:
Utah’s layered approach to school visitor management create a clear framework:
Together, they create a system where manual visitor processes are no longer sufficient.
A modern visitor management platform can help schools meet these requirements in one place - scanning IDs, screening visitors, printing badges, tracking occupancy, managing volunteer approvals, and storing data securely.
If your school or district is evaluating visitor management solutions, see how Sign In App helps Utah schools meet compliance requirements while keeping visitor check-ins simple and efficient. Learn more about Sign In App or book a demo here.