Care providers must have some particular policies and contracts in place in order to complete the Data Security and Protection Toolkit.
You can download and adapt these template policies to suit your own organisation. These resources are regularly quality assured and reflect the most recent requirements.
There is no set number of how many policies your organisation has to have on these topics as the different sizes and complexity of organisations means that some will have one all-encompassing policy, whilst others may have multiple policies. The important thing is that you have them – and that you follow them.
You may call your policies different things to what we have called them, for example you might call your data protection policy an information governance policy or GDPR policy.
Required policies and contracts
You must have policies or contracts in place on these issues in order to reach Standards Met on the DSPT.
- How to document your data processing, including template information asset register (IAR) and Record of Processing Activities (ROPA)*
- Privacy Notice Template*
- Data Protection Policy*
- Data Quality Policy – Template*
- Record Keeping Policy – Template (Also known as a Data or Document Retention Policy)*
- Data Security Policy – Template*
- Network Security Policy – Template*
- Smart Phone Policy BYOD – Template OR Smart Phone Policy Template – Organisation Provided Phones*
- Training Needs Analysis
- Data Security Audit Checklist
- Business Continuity Plan for Data and Cyber Security
- Third party contracts*
- Secure Disposal of Personal Data (including checklist)*
- Staff confidentiality contracts – sample clause*
*You must have these basic policies and contracts in place to reach at least Approaching Standards which is a stepping stone for care providers who cannot reach Standards Met the first time they use the DSPT. All care providers should aim for Standards Met. You can only publish at Approaching Standards once.
Recommended documentation
In addition to the required policies, we recommend that you consider having the following in place.
- Data Security Breach Incident Reporting Form – Template
- Mobile Devices Assignment Form – Template
- Template Suppliers List
- Business continuity plan audit tool
Further information
Webinar recordings on how to complete the DSPT.
DSPT Certificate: guidance on accessing and using your DSPT certificate
Find all Digital Care Hub’s guides, resources and videos in our Resources section.
DSPT Big Picture Guides on NHS website (Support with meeting Standards Exceeded)
Data security and protection training – elearning and face-to-face programmes to meet DSPT requirements
