This is a quick guide to registering and publishing the DSPT for care groups with multiple sites.


Register and complete

Multisite providers have two options when it comes to registering and completing the DSPT: 

  1. Register and complete one Headquarters DSPT assessment and publish for all branches OR
  2. Register and complete two or more Headquarters DSPT assessments to cover all branches 

To decide which is right for your organisation, you need to consider these questions: 

Do all your branches – 

  1. Have the same staff induction and training arrangements for data and cyber security?
  2. Have the same data protection policies and procedures?
  3. Have the same data security and data breach arrangements?
  4. Have the same IT arrangements? 

If you answered “Yes” to all of these then you can register and  complete one Headquarters Assessment on the DSPT to cover all your branches. 

If you answered “No” to any of these questions, you should register more than one DSPT submission to cover your branches. 

If your answers to these questions change over time, you can review and update your DSPT.

Find more detailed information on registering on the DSPT.



If you are publishing for multiple sites, you can choose which of your branches to include when you publish your Headquarters Assessment. The list of your branches should reflect your CQC registrations.

When you publish one Headquarters Assessment on the DSPT to cover all your branches, you will need to communicate this to your managers to make sure all sites are aware. 

Making sure staff across your branches are aware of the toolkit and information you have included in your assessment is also important. 

Find more detailed guidance on: