Local authority and NHS commissioners require the services that they commission to keep data safe.

Social care providers delivering work under an NHS contract must have reached at least Standards Met on the DSPT as it is a requirement within NHS England’s Standard Conditions Contract.

Local authorities are increasingly adding the requirement to have the DSPT in place to their contracts – and it is clearly the direction of travel.

Better Security, Better Care is working with ADASS and local authorities to explore how they can strengthen care providers’ data protection through their role as commissioners.

Including the DSPT in adult social care contracts

We worked with the North West Association of Directors of Adult Social Services (NW ADASS) to develop guidance to support Adult Social Care (ASC) Commissioners in increasing implementation of the Data Security and Protection Toolkit (DSPT)ย across the ASC market.

This is an important step that will help councils encourage adult social care providers to evaluate and improve their data security by completing their DSPT.

What’s the difference between Cyber Essentials and the DSPT?

Some local authorities might ask providers for Cyber Essentials. Cyber Essentials is a useful resource that helps organisations to protect themselves from common cyber threats. The DSPT covers the same topics as cyber essentials, but goes a little further by helping organisations to protect their data security arrangements and meet their minimum GDPR requirements.

The Local Government Association (LGA) recommends that “commissioners should support providers to complete the DSPT to Standards Met level”.ย  Other than including the DSPT in contracts, commissioners can also support providers by putting them in touch with their Local Support Organisation or signposting them to resources available from Better Security, Better Care.

Webinar recording for LA commissioners and quality assurance leads