Template Policies and Resources

We have developed a range of template policies and resources to help you to improve how you keep information safe. These resources are regularly quality assured and reflect the most recent requirements.

These resources can help you to meet your obligations on data security and protection – and to complete the Data Security and Protection Toolkit (DSPT).

Pre DSPT checklist

Use this simple checklist before you start to complete the DSPT. It outlines the information and policies you need to have in place in order to complete the DSPT.

• Pre DSPT checklist.

Template policies

You must have some particular policies in place, whereas others are optional. We have provided template policies which you can adapt to suit your own organisation.

There is no set number of how many policies your organisation has to have on these topics as the different sizes and complexity of organisations means that some will have one all-encompassing policy, whilst others may have multiple policies. The important thing is that you have them – and that you follow them.

You may call your policies different things to what we have called them, for example you might call your data protection policy an information governance policy or GDPR policy.

Required policies

You must have the following policies in place in order to reach Standards Met on the DSPT.

• How to document your data processing, including template information asset register (IAR) and Record of Processing Activities (ROPA)*
• Privacy Notice Template*
• Data Protection Policy*
• Data Quality Policy – Template
• Record Keeping Policy – Template (Also known as a Data or Document Retention Policy)*
• Data Security Policy – Template*
• Network Security Policy – Template*
• Smart Phone Policy BYOD – Template OR Smart Phone Policy Template – Organisation Provided Phones*
• Contracts: what contracts you must have in place*
• Training Needs Analysis
• Data Security Audit Checklist
• Creating and Testing a Business Continuity Plan for Data and Cyber Security

*You must have these basic policies in place to reach at least Approaching Standards which is a stepping stone for care providers who cannot reach Standards Met the first time they use the DSPT.  All care providers should aim for Standards Met. You can only publish at Approaching Standards once. 

Recommended documentation

In addition to the required policies, we recommend that you consider having the following in place.

• Data Security Breach Incident Reporting Form – Template
• Mobile Devices Assignment Form – Template
• Template Suppliers List

DSPT guidance, films and webinar recordings

• Check your DSPT status
• Using the DSPT for the first time: guidance, videos and resources
• Published  DSPT before: review and republish: guidance, videos and resources
• DSPT for local authority inhouse adult social care services: Quick guide
• DSPT Big Picture Guides on NHS website (Support with meeting Standards Exceeded)
• Presentations and webinar recordings
• Video guides covering all the data security standards and DSPT questions
• Completing the DSPT – Q and A
• Workbook for small to medium sized care providers: how to complete the DSPT
• DSPT Certificate: guidance on accessing and using your DSPT certificate

Training staff

• Data Security and Protection eLearning Course
• Learning resources: Managers’ discussion tool and Assessment tool for frontline staff

Expert support

• Free, national and local support from the Better Security, Better Care programme.

Related guidance and resources

You may also find the following related guidance and resources useful.

Staff and workforce

• Data Security and Protection Responsibilities
• Staff Guidance
• Guidance on finding training for staff

Document retention and disposal

• Guidance on document retention
• Advice on contracts with third parties for secure disposal of personal data

Improving security

• Guidance on strong passwords
• Guidance on antivirus software
• Guidance on back ups
• Guidance on software updates

Mobile devices

• Protecting Mobile Phones and Tablets

National Data Opt-Out

• Guidance on the National Data Opt-Out

Guidance for commissioners

• Implementing the DSPT in adult social care contracts

External websites

The following external websites also provide very valuable information on data protection and cyber security.

• The Information Commissioner’s Office Website
• The ICO guidance on completing a DPIA
• ICO Guidance on Data Breaches
• National Cyber Security Centre
• NHSX Information Governance (IG) portal
• The Care Software Providers Association (CASPA)
• eLearning for Healthcare – Digital Learning Solutions
• eLearning for Healthcare – Data Security Awareness
• Digitising Social Care

License

This work by Digital Social Care is licensed under Attribution-NonCommercial 4.0 International 

Unless otherwise stated this licence applies to all of our content including guidance, templates and downloadable materials. This licence applies to web content, PDFs, images and videos which we have created.

If you would like to discuss the use of any materials found on our website please contact us: [email protected].

We do not accept any liability for any errors found in the materials we provide free of charge, for more details please see our Disclaimer.