FAQs

What policies do we need to have in place to complete the Data Security and Protection Toolkit?
What data security and protection roles should care providers have?
Does completing the DSPT mean that we are compliant with the Data Protection Act 2018 and UK-GDPR?
How does the DSPT help care providers with COVID19?
Do commissioners expect care providers to use the DSPT?
How often do we need to complete the DSPT?
What do I need to access shared health and care systems: NHSmail or the Data Security and Protection Toolkit?
How does the Data Security and Protection Toolkit help with cyber security?
Is there a best practice way to mitigate time-bomb ransomware attack attempts – especially if auto-backups are used?
How do you suggest implementing two-factor authentication (2FA)/multi-factor authentication (MFA) when users only have access to a single (work) device?
What security standards should software companies in the care sector have in place?
Do we have to use the DSPT if we don’t use NHSmail or shared records?
How should care providers back up their data?
What training is available on cyber security for care staff?
How do I register for NHSmail? – non-CQC registered organisations
How do I register for NHSmail? – CQC registered organisations
Does the DSPT cover all of Great Britain or the UK?
How can I get help and advice with the DSPT?
Will organisations applying for NHSmail have to complete the DSPT first?
How will completing the DSPT help me with my CQC inspection?
Does the DSPT apply to adult social care services that are run directly by local councils?
Can people check whether my service has completed the DSPT?
What does “publishing” mean on the DSPT?
What does Approaching Standards mean?
When should I complete the DSPT?
Who should complete the Data Security and Protection Toolkit (DSPT)?