Template Policies and Resources for DSPT

We have developed a range of template policies and resources to help you to improve how you keep information safe. These resources are regularly quality assured and reflect the most recent requirements.

These resources can help you to meet your obligations on data security and protection – and to complete the Data Security and Protection Toolkit (DSPT).

Template policies

You must have some particular policies in place, whereas others are optional. We have provided template policies which you can adapt to suit your own organisation.

There is no set number of how many policies your organisation has to have on these topics as the different sizes and complexity of organisations means that some will have one all-encompassing policy, whilst others may have multiple policies. The important thing is that you have them – and that you follow them.

You may call your policies different things to what we have called them, for example you might call your data protection policy an information governance policy or GDPR policy.

 Approaching Standards: required policies

You must have the following policies in place in order to reach Approaching Standards on the DSPT.

• How to document your data processing, including template information asset register (IAR) and Record of Processing Activities (ROPA)
• Privacy Notice Template
• Data Protection Policy
• Data Quality Policy – Template
• Record Keeping Policy – Template (Also known as a Data or Document Retention Policy)
• Data Security Policy – Template
• Network Security Policy – Template
• Smart Phone Policy Template – BYOD
• Contracts: what contracts you must have in place

Standards Met: required policies

You must have these additional policies in place, in order to move beyond Approaching Standards and get to Standards Met on the DSPT. And remember, you can only publish at Approaching Standards once. So you will need to have these policies in place if you are reviewing and republishing your DSPT.

• Training Needs Analysis
• Data Security Audit Checklist
• Creating and Testing a Business Continuity Plan for Data and Cyber Security

Recommended documentation

In addition to the required policies, we also recommend that you consider having the following in place.

• Data Security Breach Incident Reporting Form – Template
• Mobile Devices Assignment Form – Template
• Smart Phone Policy Template – Organisation Provided Phones
• Template Suppliers List

DSPT guidance, films and webinar recordings

• Check your DSPT status
• Using the DSPT for the first time: guidance, videos and resources
• Published  DSPT before: review and republish: guidance, videos and resources
• DSPT for local authority inhouse adult social care services: Quick guide
• Free, national and local support from the Better Security, Better Care programme.
• Presentations and webinar recordings
• Video guides covering all the data security standards and DSPT questions
• Completing the DSPT – Q and A

 

Related guidance and resources

You may also find the following related guidance and resources useful.

Staff and workforce

• Data Security and Protection Responsibilities
• Staff Guidance
• Guidance on finding training for staff

IT and software suppliers

• Guidance on managing software suppliers who process personal data

Document retention and disposal

• Guidance on document retention
• Advice on contracts with third parties for secure disposal of personal data

Improving security

• Guidance on strong passwords
• Guidance on antivirus software
• Guidance on back ups
• Guidance on software updates

Mobile devices

• Protecting Mobile Phones and Tablets

National Data Opt-Out

• Guidance on the National Data Opt-Out

External websites

The following external websites also provide very valuable information on data protection and cyber security.

• The Information Commissioner’s Office Website
• The ICO guidance on completing a DPIA
• ICO Guidance on Data Breaches
• National Cyber Security Centre
• NHSX Information Governance (IG) portal
• The Care Software Providers Association (CASPA)
• eLearning for Healthcare – Digital Learning Solutions
• eLearning for Healthcare – Data Security Awareness

License

This work by Digital Social Care is licensed under Attribution-NonCommercial 4.0 International 

Unless otherwise stated this licence applies to all of our content including guidance, templates and downloadable materials. This licence applies to web content, PDFs, images and videos which we have created.

If you would like to discuss the use of any materials found on our website please contact us: hello@digitalsocialcare.co.uk.

We do not accept any liability for any errors found in the materials we provide free of charge, for more details please see our Disclaimer.