We have developed a range of template policies and resources to help you to improve how you keep information safe.

These resources can help you to meet your obligations on data security and protection – and to complete the Data Security and Protection Toolkit (DSPT).

Template policies

You must have some particular policies in place, whereas others are optional. We have provided template policies which you can adapt to suit your own organisation.

There is no set number of how many policies your organisation has to have on these topics as the different sizes and complexity of organisations means that some will have one all-encompassing policy, whilst others may have multiple policies. The important thing is that you have them – and that you follow them.

You may call your policies different things to what we have called them, for example you might call your data protection policy an information governance policy or GDPR policy.

 Approaching Standards: required policies

You must have the following policies in place in order to reach Approaching Standards on the DSPT.

Standards Met: required policies

You must have these additional policies in place, in order to move beyond Approaching Standards and get to Standards Met on the DSPT. And remember, you can only publish at Approaching Standards once. So you will need to have these policies in place if you are reviewing and republishing your DSPT.

Recommended documentation

In addition to the required policies, we also recommend that you consider having the following in place.

DSPT guidance, films and webinar recordings

 

Related guidance and resources

You may also find the following related guidance and resources useful.

Staff and workforce
IT and software suppliers
Document retention and disposal
Improving security
Mobile devices
National Data Opt-Out

External websites

The following external websites also provide very valuable information on data protection and cyber security.