Completing the DSPT - I've done this before

The Toolkit comprises a list of 77 questions of which 43 questions are marked as mandatory for Standards Met

As you have previously published, then the toolkit will mark as Mandatory all questions (43) needed to publish at Standards Met.

If you previously published at Aproaching Standards, you cannot republish again at Approaching Standards, you will need to complete all the mandatory toolkit questions

A note about Standards Exceeded

Standards Exceeded is a level above Standards Met.

You cannot achieve standards exceeded just by completing all the toolkit questions.

Standards Exceeded can only be achieved if your data policies and procedures have been externally validated by Cyber Essentials Plus

Standards Exceeded is not a contractual requirement but it does show commitment to your digital policies and procedures

Make sure you have all the following documents or policies ready before you start to complete the toolkit. If you are unsure of any of these, then visit our resources page for examples

ICO Registration Number

All companies that handle data in any form must be registered with the ICO (Information Commisioners Office)  It is an offence if you hold or process data and are not registered.

Need More Help?

Data Privacy Policy

Your data privacy policy is an overarching document which sets out how you collect personal data.  Need More Help?

Staff Data Policy

Staff must be aware of the safe and secure use of data and their individual responsibilities pertaining to its use and access.  Need More Help?

Data Register

This is a list of all the data you hold, where it is held and whether or not this is shared with other organisations. The Data Register is made up of several different documents. Need More Help?

Staff Bring Your Own Device Policy (BYOD)

If you allow staff to use their own phones/mobile devices you must have a policy outlining how this works and how it is managed. You do not need this policy if staff do not use their own devices

A Training needs analysis of data protection/security needs

A training needs analysis is a process which helps identify the data security and protection, and cyber security, training and development needs across your organisation.

Training staff annually in data security and protection and cyber security in the last twelve months

Question 3.2.1 (which is a mandatory question) is a requirement for at least 95% of staff, directors, trustees and volunteers in your organisation to have completed training on data security and protection, and cyber security, in the last twelve months. To help you with this Digital Care Hub have produced a FREE ELearning Module with can be accessed here

A document highlighting any unsupported software you use and the business need and risk (if you have unsupported software)

This document should indicate that your board or management team have formally considered the risks of continuing to use unsupported items and have concluded that the risks are acceptable.

Whether you comply with the National Data Opt Out

The National Data Opt doesn't normally effect care providers but you must be aware of it and how you inform your clients of your obligations. Need More Help?

Make sure you have the information stated above to hand before you begin the assessment questions as this will save you a lot of time. If you don't have any of these policies, examples can be found on our resources page

More Help?

The Care Association has a whole raft of FREE resources available to all CQC registered care providers to help them on their DSPT journey

Online Resources

We have collected all of the example documents and policies you need, along with videos on how to work your way through the toolkit onto one page which you can access by clicking on the

button below



Webinars

Or, if you feel you need additional help you can book one of our free webinar sessions where we offer more intensive help and can answer your questions. Details can be found by clicking the button below



One to One Support

We can also offer one to one support sessions (vurtually)

These are available throughout normal office hours and can be booked by clicking th ebutton below



Once you have done this successfully you can publish your toolkit to Standards Met level.

Once published, the Toolkit results are valid for 12 months.  You will be sent a reminder email to remind you to confirm your Toolkit status.

If you receive error messages when you try to publish then it is likely you have not completed all the questions

Multi-site publications

If you are a Head Office, you can publish your assessment to include all your satellite sites. The toolkit will prompt you to include the satellite sites it has on record.

If your satellite sites are not listed then you will either have to submit a separate publication for each site or contact the ODS helpdesk to see if they can link the sites for you

Cyber Essentials

Cyber Essentials is a government backed cyber security standard which is available to all UK businesses.  Having Cyber Essentials certifcation shows that you have met certain standards for data protection and security. 

There are two parts to the standard:

Cyber Essentials.  This is an online assessment of your data security and protection policies (not dissimilar to the DSPT). Your answers are checked and verified by a Cyber Essentials assessor.

Cyber Essentials Plus.  This extends the online assessment and your equipment is tested by the assessor for resilience against cyber attack and that you are adhering to your policies.

Cyber Essentials is not a replacement for the DSPT but the two are complementary.  Cyber Essentials Plus certification is a requirment for achieving DSPT Standards Exceeded

Price

Unlike the DSPT there is a cost involved to achieve certification and this differs depending on the company you choose to carry out the assessment. Expect to pay anything from £300-500 for Cyber Essentials and £1000-£2000 for Cyber Essentials Plus. Certification lasts 12 months and needs to be annually renewed

More details can be found here

If you are unsure as to what the differences are between the DSPT and Cyber Essentials, DIgital Care Hub have produced a useful guide

National Cyber Resilience Centre

The National Cyber Resilience Centre Group (NCRCG) is a strategic collaboration between the police, government, private sector and academia to help strengthen cyber resilience across the nation’s small and medium-sized enterprise (SME) community, in support of the government’s National Cyber Strategy.

NCRCG is a not-for-profit organisation, funded and supported by the Home Office, policing and private sector partners.

Support is often free of charge and can be accessed through a network of regional centres

More information can be found here

Contact us

If you need additional help or advice then our dedicated digital team are here to assist

They are available during normal office hours (Mon - Fri 9.00am - 5.00pm)

Phone 01384 943000 opt 1

Email enquiries@wmca.digital

(if you are not in the West Midlands, Herefordshire, Warwickshire or Worcestershire, click here to find out your Local Support Organisation)