If you previously published at Standards Met or Exceeded, all you need to do to republish is to sign into your DSPT account and check all your previous answers are still current (your previous answers will have been carried over). If you're happy, confirm each section is correct and republish.
If you previously published at Approaching Standards your previous answers will have been carried over but you won't be able to publish again at Approaching Standards. You meed to continue to Standards Met
The Toolkit comprises a list of 77 questions of which 42 questions are marked as mandatory
As you have previously published, then the toolkit will mark as Mandatory all questions (42) needed to publish at Standards Met.
If you previously published at Aproaching Standards, you cannot republish again at Approaching Standards, you will need to complete all the mandatory toolkit questions
Standards Exceeded is a level above Standards Met.
You cannot achieve standards exceeded just by completing all the toolkit questions.
Standards Exceeded can only be achieved if your data policies and procedures have been externally validated by Cyber Essentials Plus
Make sure you have all the following documents or policies ready before you start to complete the toolkit. If you are unsure of any of these, then visit our resources page for examples
ICO Registration Number
All companies that handle data in any form must be registered with the ICO (Information Commisioners Office) It is an offence if you hold or process data and are not registered.
Data Privacy Policy
Your data privacy policy is an overarching document which sets out how you collect personal data. Need More Help?
Staff Data Policy
Staff must be aware of the safe and secure use of data and their individual responsibilities pertaining to its use and access.
Need More Help?
Data Register
This is a list of all the data you hold, where it is held and whether or not this is shared with other organisations. The Data Register is made up of several different documents. Need More Help?
Staff Bring Your Own Device Policy (BYOD)
If you allow staff to use their own phones/mobile devices you must have a policy outlining how this works and how it is managed. You do not need this policy if staff do not use their own devices
A Training needs analysis of data protection/security needs
A training needs analysis is a process which helps identify the data security and protection, and cyber security, training and development needs across your organisation.
A document highlighting any unsupported software you use and the business need and risk (if you have unsupported software)
This document should indicate that your board or management team have formally considered the risks of continuing to use unsupported items and have concluded that the risks are acceptable.
Whether you comply with the National Data Opt Out
The National Data Opt doesn't normally effect care providers but you must be aware of it and how you inform your clients of your obligations.
Need More Help?
Make sure you have the information stated above to hand before you begin the assessment questions as this will save you a lot of time. If you don't have any of these policies, examples can be found on our
resources
page
The Care Association has a whole raft of FREE resources available to all CQC registered care providers to help them on their DSPT journey
We have collected all of the example documents and policies you need, along with videos on how to work your way through the toolkit onto one page which you can access by clicking on the button below
Or, if you feel you need additional help you can book one of our free webinar sessions where we offer more intensive help and can answer your questions. Details can be found by clicking the button below
We can also offer one to one support sessions (vurtually)
These are available throughout normal office hours and can be booked by clicking th ebutton below
Once you have done this successfully you can publish your toolkit to Standards Met level.
Once published, the Toolkit results are valid for 12 months. You will be sent a reminder email to remind you to confirm your Toolkit status.
If you receive error messages when you try to publish then it is likely you have not completed all the questions
If you are a Head Office, you can publish your assessment to include all your satellite sites. The toolkit will prompt you to include the satellite sites it has on record.
If your satellite sites are not listed then you will either have to submit a separate publication for each site or contact the ODS helpdesk to see if they can link the sites for you
Hopefully you've found the information on this page useful. If you feel you need further assistance by all means get in touch or book one of our regular webinar sessions
if you feel you need additional help you can book one of our free webinar sessions where we offer more intensive help and can answer your questions. Details can be found by clicking the button below
We can also offer one to one support sessions (virtually)
These are available throughout normal office hours and can be booked by clicking the button below
If you need help you can contact the Care Associations dedicated digital helpline during normal office hours on 01384 943000 (opt 1) or send us a message
For further information about Digital policies and directives effecting Care Providers please check out the Digital Care Hub
As well as completing the DSPT, there are other things you can do to support your cyber security
Cyber Essentials is a government backed cyber security standard which is available to all UK businesses. Having Cyber Essentials certifcation shows that you have met certain standards for data protection and security.
There are two parts to the standard:
Cyber Essentials. This is an online assessment of your data security and protection policies (not dissimilar to the DSPT). Your answers are checked and verified by a Cyber Essentials assessor.
Cyber Essentials Plus. This extends the online assessment and your equipment is tested by the assessor for resilience against cyber attack and that you are adhering to your policies.
Cyber Essentials is not a replacement for the DSPT but the two are complementary. Cyber Essentials Plus certification is a requirment for achieving DSPT Standards Exceeded
Price
Unlike the DSPT there is a cost involved to achieve certification and this differs depending on the company you choose to carry out the assessment. Expect to pay anything from £300-500 for Cyber Essentials and £1000-£2000 for Cyber Essentials Plus. Certification lasts 12 months and needs to be annually renewed
More details can be found here
The National Cyber Resilience Centre Group (NCRCG) is a strategic collaboration between the police, government, private sector and academia to help strengthen cyber resilience across the nation’s small and medium-sized enterprise (SME) community, in support of the government’s National Cyber Strategy.
NCRCG is a not-for-profit organisation, funded and supported by the Home Office, policing and private sector partners.
Support is often free of charge and can be accessed through a network of regional centres
More information can be found here
This support programme is part of the Better Security, Better Care programme, funded by NHSX to support data and cyber security across the adult social care provider sector
Our Partners:
West Midlands Care Association, Globe House, Park Lane, Halesowen, B63 2RA
Registered in England and Wales No 04972911
© 2022 West Midlands Care Association, all rights reserved
