The Information Governance Toolkit was replaced by the Data Security and Protection Toolkit to more closely reflect the GDPR and Data Protection Act 2018 requirements during April 2018.
Its purpose is:
- Provide time to implement the data security standards by reducing burden and duplication in the toolkit
- KPIs that leaders can recognise and utilise to change culture
- Making the first step more straightforward for smaller organisations
- Listening to our stakeholders and piloting the new toolkit
- Keeping the toolkit flexible and updated more regularly
- Develop suitable guidance
Some of the new requirements for smaller organisations:
- Leaders receive suitable data security and protection training
- Organisations undertake process reviews to identify and improve processes which have caused breaches or near misses
- NHS Organisations must act on CareCERT alerts and notifications
- Organisations must complete a specific business continuity test for data security
- Organisations must survey their software for unsupported systems
- Organisations must ensure all networking components have had their default passwords changed
CODE contacted NHS Digital Care Cert, to find out more. Here is there response:
“Dentists providing NHS treatment are welcome to register to receive our communications. If they would like to do this then they can ideally email us providing their Organisation Data Service (ODS) code, previously known as the NACS code.
Dental practices are unlikely to be connected to the NHS Transition Network, which means they will not be able to access our Information Sharing Portal. However, they will still be able to receive our weekly bulletin with a summary of the published threats.”
You can request sign-up by emailing firstname.lastname@example.org.
Find out more about the CareCert service, including response times and customer charter on the NHS Digital website: https://digital.nhs.uk/about-nhs-digital/contact-us/nhs-digital-customer-service-centre
Care Quality Commission
- CQC well-led inspections will include data security, but not fully agreed how this will work
- Use information from DSPT and other intelligence from other sources
- Data security includes more than cyber
- CODE understands that the CQC will not be inspecting on data security immediately
Until incident reporting becomes live in the DSPT, you should continue to report and data breach in the old IG toolkit.
CODE is updating the guidance to the online toolkit document called the IG Improvement Plan (M 217A) to help you complete the new Data Security and Protection Toolkit, plus we will provide any additional policies. It will be released to members in July.