Mastering the DSPT for Multisite Social Care Providers

Are you a multisite social care provider? Are you confused about how the DSPT can work for you? Do you need help or support with applying the toolkit within your organisation?

Don’t fear, we have a small but dedicated team of professionals available to help you!
Whether you don’t know where to start, want support with some of the contents, or are baffled about how to apply one toolkit completion to multiple sites, we can help.

Registration

Can I complete one toolkit and apply it to multiple sites?

Multisite providers have two options when it comes to registering and completing the DSPT:

  1. Register and complete one Headquarters DSPT assessment and publish it for all branches OR
  2. Register and complete two or more Headquarters DSPT assessments to cover all branches

To decide which is right for your organisation, you need to consider these questions:

  • Do all your branches:
    1. Have the same staff induction and training arrangements for data and cyber security?
    2. Have the same data protection policies and procedures?
    3. Have the same data security and data breach arrangements?
    4. Have the same IT arrangements?

If you answered “Yes” to all of these, you can register and complete one Headquarters Assessment on the DSPT to cover all your branches. If you answered “No” to any of these questions, you should register more than one DSPT submission to cover your branches, reflecting the different ways that they work. If your answers to these questions change, you can review and update your DSPT.

Still confused? Contact us for a chat.

If you are publishing for multiple sites:

You can choose which of your branches to include when you publish your Headquarters Assessment. The list of your branches should reflect your CQC registrations.

Multi-sites but not a headquarters: If your organisation is not flagged as a headquarters, but you previously published on behalf of other sites in your last DSPT, you will see the option to select sites within your CQC registration and any other sites you asked the DSPT helpdesk to add in the previous year. This will enable you to publish on behalf of all or selected sites.

Multiple head offices: If you have multiple registered head offices within your organisation, the best thing to do is CONTACT US and we can discuss the options for registration.

Completion

Once you’ve registered, you can work your way through completing the toolkit questions. We have resources available to help you HERE. Or contact our dedicated team for help.

Don’t forget to add as much detail as possible to your answers, as well as uploading evidence items. Where possible, involve managers from each site to input into the toolkit submission.

 

After Publication

The DSPT is an amazing tool for guiding you through your data and cyber security arrangements and making sure you have everything in place. But remember, it will only do its job in keeping information safe if the policies and processes are embedded in practice. Do your sites know about the toolkit? Do they know about the policies that you have in place? Do they know what is expected of them? Is there a good culture within each setting?

Follow our top tips checklist for data and cyber security success at every site:

Tell your managers:

    • Managers should know that you have completed the toolkit on their behalf and understand what you have said in your DSPT. When you have published your assessment, you can download your DSPT responses and share it with them.
      • Open your assessment and click on the ‘Download assessment’ link that is below the Progress bar.
      • This will download your assessment as a spreadsheet. Note: it won’t include any of the files you have uploaded as evidence – just the responses you have given.
    • It’s good practice to discuss the submission with each manager, either individually or as a group. Talk them through the documents, the policies, and the processes and ensure they know what is expected of them locally.
    • Remember to inform new managers of this too. Perhaps include the DSPT in your management induction programme.

Print your certificate:

    • Care providers who reach Standards Met or Standards Exceeded can download a certificate which includes the standard they have reached, the year of their DSPT and the date they published. We have published a short guide on how to access your DSPT certificate.
    • Display it on your premises.
    • Upload it to your website.
    • Share it with people seeking care.
    • Use it as evidence where relevant for CQC, commissioners, NHS partners, bids, data suppliers, etc.

Share your expertise at site level

  • Remember that you may know much more about data and cyber security than those working operationally – share this knowledge!
  • Keep data and cyber security on people’s minds. Perhaps a relevant HO staff member could attend regular team meetings, provide updates via newsletters or monthly videos, deliver internal webinars, training sessions, audits, or quizzes. Whatever it is, don’t let it slip people’s minds!
  • Support sites with the implementation of audits, BCP testing, and policy implementation to ensure it really is embedded. Can any of this be done centrally? Can sites collaborate?

Encourage relevant managers:

    • To attend the ‘Introduction to the DSPT’ webinar with the Digital Care Hub.
    • To read the registered manager checklist (LINK) which will give guidance on relaying the relevant information to staff and embedding practices locally.
    • To be involved in the DSPT completion/review process where possible. Encourage them to feedback issues, ideas, or challenges that they are facing in reality, so the processes, policies and procedures can be amended accordingly at HO level.
    • Conduct regular training sessions on data protection and cyber security for all employees. Use the free training developed specifically for care staff available HERE.
    • To understand what is expected of them at local level. What is covered by Head Office and what do they need on site? This might include:
      • Phishing simulations and other practical exercises to enhance awareness.
      • Scheduling regular internal audits to ensure compliance with data protection policies.
      • Completing BCP testing
    • Keep detailed records of all data protection activities, including training sessions, audits, and incident responses.
    • Ensure all relevant staff members understand the data and cyber security elements of their Business Continuity Plan, know where to find it, and know when and how to implement it.
    • Ensure that documentation is easily accessible for review by regulatory bodies.
    • Develop a communication plan to inform stakeholders, including employees, clients, and regulatory bodies, in the event of a data breach.
    • Ask the relevant HO contact for help and support with anything they don’t understand.

We can help you!

Contact us if you would like bespoke support upskilling sites about the DSPT.