Reaching Standards Met on the Data Security & Protection Toolkit

June 7th 2023

The deadline to complete the Data Security & Protection Toolkit (DSPT) for 2022/23 is 30 June – so the clock is ticking. If you have already published your DSPT to Approaching Standards for 2021/22 then you must reach Standards Met before the deadline otherwise your DSPT becomes invalid.

The DSPT is an annual self-assessment that all CQC-registered providers should complete at least once a year – regardless of service type, size, or structure.

It will help evidence your compliance with data protection legislation as well as CQC Key Lines of Enquiry (KLOEs).

Approaching Standards

You cannot publish to Approaching Standards more than once, but there is still time to reach Standards Met before the 30 June deadline.

You will need to:

• Review the action plan you created to get to Approaching Standards.
• Complete all the additional questions in the DSPT.
• Publish the new standard you have reached.

Reaching Standards Met

You action plan will detail what you need to do to reach Standards Met, and will be different for everyone, but here are some top tips:

Question 3.2.1 – staff training

There is no compulsory or formal training course that frontline staff or specialist staff within social care providers must complete.

We know that training and measuring competency in relation to data protection is one of the most challenging issues for care providers. Together with the Institute for Public Care (IPC) we have developed, tested and published two learning tools:

• a manager’s discussion tool
• an assessment quiz for frontline staff.

These tools can be used flexibly to help care providers to meet the DSPT requirement for 95% of frontline staff with access to personal data to be competent in data security and protection.

Read more on how to use these tools to satisfy the 95% training question.

Question 7.1.2 – business continuity plan

You probably already have a continuity plan that details what you would do in the event of a floor or fire, for example. A business continuity plan that covers data and cyber security will help you to protect your business in the event of a data loss, breach or cyber incident.

We have a template policy that you can download and adapt for your organisation to satisfy this question.  This template also makes suggestions on how to test your plan in the workplace which would also satisfy question 7.2.1

Question 10.2.1 – IT system suppliers

If you are using electronic care planning software, or any digital systems that help deliver care, you should speak to your supplier to check that they have cyber security certification. If you are not using digital systems in this way, you can answer ‘not applicable’ to this question.

Free support to reach Standards Met

There is free help available to get you to Standards Met on the DSPT. Get support now before the 30 June deadline:

• Detailed guidance on completing to Standards Met.
• Template policies and resources for the DSPT.
• Contact your Local Support Partner for direct, tailored support.
• See our comprehensive Q&A.
• Watch our webinar recording on reviewing & republishing your DSPT.

Photo by Glenn Carstens-Peters on Unsplash