Care providers must have some particular policies and contracts in place in order to complete the Data Security and Protection Toolkit.

You can download and adapt these template policies to suit your own organisation. These resources are regularly quality assured and reflect the most recent requirements.

There is no set number of how many policies your organisation has to have on these topics as the different sizes and complexity of organisations means that some will have one all-encompassing policy, whilst others may have multiple policies. The important thing is that you have them – and that you follow them.

You may call your policies different things to what we have called them, for example you might call your data protection policy an information governance policy or GDPR policy.

Required policies and contracts

You must have policies or contracts in place on these issues in order to reach Standards Met on the DSPT.

*You must have these basic policies and contracts in place to reach at least Approaching Standards which is a stepping stone for care providers who cannot reach Standards Met the first time they use the DSPT.  All care providers should aim for Standards Met. You can only publish at Approaching Standards once. 

Recommended documentation

In addition to the required policies, we recommend that you consider having the following in place.

Further information

Webinar recordings on how to complete the DSPT.

DSPT Certificate: guidance on accessing and using your DSPT certificate

Find all Digital Care Hub’s guides, resources and videos in our Resources section.

DSPT Big Picture Guides on NHS website (Support with meeting Standards Exceeded)