Data & cyber security: what do new care services need to have in place from the start?
Date: Thursday 30 November 2023
Location: Online - Zoom Webinar
The DSPT is an annual self-assessment that all CQC-registered providers should complete at least once a year – regardless of service type, size, or structure.
It will help evidence your compliance with data protection legislation as well as CQC Key Lines of Enquiry (KLOEs).
You cannot publish to Approaching Standards more than once, but there is still time to reach Standards Met before the 30 June deadline.
You will need to:
You action plan will detail what you need to do to reach Standards Met, and will be different for everyone, but here are some top tips:
Question 3.2.1 – staff training
There is no compulsory or formal training course that frontline staff or specialist staff within social care providers must complete.
We know that training and measuring competency in relation to data protection is one of the most challenging issues for care providers. Together with the Institute for Public Care (IPC) we have developed, tested and published two learning tools:
These tools can be used flexibly to help care providers to meet the DSPT requirement for 95% of frontline staff with access to personal data to be competent in data security and protection.
Read more on how to use these tools to satisfy the 95% training question.
Question 7.1.2 – business continuity plan
You probably already have a continuity plan that details what you would do in the event of a floor or fire, for example. A business continuity plan that covers data and cyber security will help you to protect your business in the event of a data loss, breach or cyber incident.
We have a template policy that you can download and adapt for your organisation to satisfy this question. This template also makes suggestions on how to test your plan in the workplace which would also satisfy question 7.2.1
Question 10.2.1 – IT system suppliers
If you are using electronic care planning software, or any digital systems that help deliver care, you should speak to your supplier to check that they have cyber security certification. If you are not using digital systems in this way, you can answer ‘not applicable’ to this question.
There is free help available to get you to Standards Met on the DSPT. Get support now before the 30 June deadline:
Back to News