Data Security and Protection Toolkit 2024/25
The Data Security and Protection Toolkit (DSPT) for 2024-25 is now live and ready to be used. There is one new mandatory question on multi-factor authentication (MFA) which you will need to answer to reach Standards Met. To access the DSPT, please click here.
The new question has been added as part of the yearly DSPT review, to ensure that it covers the issues that are essential to protecting information.
The DSPT for 2024-25 is now live. If you’ve already added information to the toolkit, don’t worry, all the data you entered will still be held within the updated one. If you’re updating and republishing your DSPT you will be prompted to answer an additional mandatory question on multi-factory authentication (MFA). If you’re publishing for the first time and want to get to Standards Met – which is what you should aim for, you’ll need to answer this new question on MFA as well.
What is MFA and why is it important?
MFA is a security measure that adds an extra layer of protection to your online accounts by requiring more than just a password to log in. This normally means you’ll receive a text message or email with a code, using a fingerprint scan, or using an authenticator app. You’ve likely already encountered MFA when using online banking or social media accounts.
What’s in the DSPT about MFA?
The new mandatory question is in the IT systems and devices sections of the DSPT and asks you to confirm:
4.5.3 Multi-factor authentication is enforced on all remotely accessible user accounts on all systems, with exceptions only as approved by your board or equivalent senior management.
Guidance around implementing MFA can be found here – Digital Care Hub – Implement Multi-Factor Authentication (MFA)
RCPA support
RCPA’s Daniel Plummer offers free DSPT support for care providers. If you have any questions around MFA or the DSPT, please contact him – daniel.plummer@rcpa.org.uk
Care Workers’ Charity release guidance and statement of expectations on responsible use of AI in social care
On the 16th of May 2024, frontline care workers from across England, Wales, and Scotland gathered at Reuben College, University of Oxford, to discuss the responsible use of generative Artificial Intelligence (AI) in adult social care. This landmark roundtable event, co-hosted by the Care Workers’ Charity, The Institute for Ethics in AI at the University of Oxford, and Katie Thorn of the Digital Care Hub, marked a critical step in ensuring that care workers have a voice in shaping the future of AI in their field.
Today, we are pleased to announce the release of the “Care Workers’ Guidance and Statement of Expectations on the Responsible Use of AI and Particularly Generative AI in Adult Social Care.” This document is the culmination of the discussions at the roundtable and sets out key principles and guidance for employers, AI developers, policy makers, local authorities, regulators, and care workers themselves. Read the document here.
The care workers who participated in this roundtable are clear in saying that while AI has the potential to support and enhance the care they provide, it must be implemented responsibly, with the needs and wellbeing of both care workers and people drawing on social care at the forefront. The statement calls for clear policies, proper training, and transparent practices around AI, ensuring that the responsibility of its use does not fall solely on the shoulders of care workers.
This statement reflects the care workers’ commitment to their profession and their desire to harness technology in a way that benefits those in their care without compromising the quality of their work or their own wellbeing. AI, while a powerful tool, must be used with caution, care, and above all, respect for the human-centered nature of social care.
The Care Workers’ Guidance and Statement of Expectations represents a significant step towards a future where AI can play a supportive role in social care, enhancing the work of dedicated care professionals and improving outcomes for those they support.
New service from the Southwest Cyber Resilience Centre – First Step Web Assessment
The First Step Web Assessment is a new service from the SWCRC that will assess your website and web services for weaknesses. The assessment will describe to you in plain language the finding and what that means for your business and any risks. The final report will include plans and guidance on how to fix any weaknesses. Please see the attachment for more information.
The Southwest Cyber Resilience Centre is free to join and offers a wide variety of support and services for organisations to help boost their cyber security. For more information, please visit their website – www.swcrc.police.uk
Workshops/events
- DSPT In-Depth – IT Systems & devices – September 24th 14:00 – 15:00
- Would you survive a cyber attack and are your email domains ready?
October 2nd 14:00 – 15:30
- DSPT In-Depth – Policies & Procedures – October 15th 14:00 – 15:00
Digital and data security at The Care Conference
The Care Conference will be hosting several events and workshops that will be focusing on digital transformation, data and cyber security.
- Daniel Plummer will be running a workshop that will help organisations consider incidents where a critical third-party software has been compromised. – National Cyber Security Centre Exercise in a Box: Supply Chain Software
- Felix Lester from Avon and Somerset Police will be hosting a ‘Cyber Escape Room’. Calling all aspiring cyber detectives! Put your investigative prowess to the test and join us for an exhilarating twist on the classic escape room experience. Dive into the captivating narrative as you work to clear the name of your colleague. Along the way, you’ll uncover top-notch cyber security tips to safeguard yourself and your organisation from the ever-looming threat of cybercrime. Can you crack the code and emerge as the ultimate cyber champion?
For more information about the conference, or to book, please click here, or contact admin@rcpa.org.uk.