Please find a roundup of the latest news and resources we think may be of interest to you.
Somerset Council contractual requirements notice:
It has been brought to our attention that some providers are concerned about contractual requirements concerning Cyber Essentials. The full guidance issued by Somerset Council, recommends that providers have a current Cyber Essentials certificate, are working towards gaining it, or meet the technical requirements prescribed by Cyber Essentials.
As most providers have completed the Data Security & Protection Toolkit (DSPT), which is a free assessment covering data and cyber security, there have been concerns raised about the need to do both. Completing both the DSPT and Cyber Essentials will ensure that your business has the necessary controls in place to defend against a cyber incident, while also being compliant with data protection legislation and regulatory requirements.
RCPA has had confirmation from commissioners that if a provider is compliant with the Data Security & Protection Toolkit (DSPT) and republishes this on an annual basis, then this will be sufficient to meet the technical requirements prescribed by Cyber Essentials.
Data Security and Protection Toolkit (DSPT) review and republish
The DSPT is an annual assessment that is designed to be resubmitted annually by social care providers. The deadline for republishing is the 30th June. Review your DSPT now to ensure you have enough time to fully meet the requirements.
Why republish the DSPT
- Legal requirements – The DSPT assertions change each year with changing legislation, completing the DSPT yearly will ensure you meet those requirements.
- Best practice – The DSPT assertions provide best practice for data and cyber security, allowing you to review your organisations approach and skills.
- CQC requirement – As part of the single assessment framework, CQC now asks provides if they have a completed and updated DSPT.
- NHS requirements – As part of the NHS standard contract you must have a fully published DSPT for the current year.
- Somerset Council ASC requirements – As part of Somerset Council’s contract they expect all social care providers to take data and cyber security seriously, recommending the DSPT or Cyber Essentials.
RCPA’s Daniel Plummer provides free support for the DSPT, please contact him at daniel.plummer@rcpa.org.uk
Business Continuity Plan – New Audit Tool
Digital Care Hub have released a new business continuity plan audit tool for care providers.
Having a business continuity plan will help prepare your organisation in the event of a data breach or service disruption.
Digital Care Hub also have a template and resources for creating a business continuity plan that focus on digital and cyber security.
For more information, please visit www.digitalcarehub.co.uk/new-resource-business-continuity-plan-audit-tool-dspt/
National Cyber Security Centre guidance:
The NCSC has recently published a new guide for CEOs, “Responding to a cyber incident – a guide for CEOs” the guidance sets out steps that can be taken at the start and throughout a cyber incidents.
Online events:
NCSC Active Cyber Defence Tools – 10th April 13:00 – 14:00
Digital Care Hub DSPT online events:
Digital Switchover – what do care providers need to know – April 11th 13:00 – 14:00
Completing the Data Security and Protection Toolkit for the first time – April 9th 15:00 – 16:00
Completing the Data Security and Protection Toolkit for the first time – May 7th 15:00 – 16:00
Completing the Data Security and Protection Toolkit for the first time – June 11th 15:00 – 16:00
Review and Republish your Data Security and Protection Toolkit – April 16th 15:00 – 16:00
Review and Republish your Data Security and Protection Toolkit – May 21st 15:00 – 16:00
Review and Republish your Data Security and Protection Toolkit – May 21st 15:00 – 16:00
Cyber Security in Social Care survey:
A survey of adult social care providers is taking place to understand more about how cyber security is currently managed within the Adult Social Care sector. This is part of a project conducted by Ipsos, an independent research company, and the Institute of Public Care (IPC) at Oxford Brookes University, to research the state of cyber resilience in adult social care. Ipsos and IPC are conducting this project on behalf of the Department of Health and Social Care.
Please keep an eye out for the survey that will be sent directly to your email address.
More information about the survey can be found here – www.digitalcarehub.co.uk/an-opportunity-for-care-providers-to-share-their-views-and-experiences-of-managing-cyber-security/
