Top Level Documents:

• Copyright Licence Agreement
• DSP Documentation Toolkit Contents List
• FAQs
• Quick Start Guide
• Toolkit Guidance DSP
• UserInput

Project Tools:

• Data Flow Mapping Tool
• Document Control
• Monitoring and Measurement Register
• Staff Awareness Questionnaire

Administrative documents:

• Confidentiality Agreement Template
• Information Security Manager Job Description
• Examples of Third-Party Contract Clauses
• HR Security Policy
• Information Classification, Handling and Exchange Procedure
• Information Security Coordination
• Leavers Checklist
• Information Security Committee Meeting Agenda
• Non-disclosure Agreement (NDA)
• Outsourcing Procedure
• Data Security and Protection Training Attendance Sheet

Blank Templates

• Meeting Agenda
• Meeting Agenda: Initial Board Meeting
• Meeting Agenda: Second Board Meeting
• Meeting Minutes
• Meeting Minutes: Initial Board Meeting
• Meeting Minutes: Second Board Meeting

Leadership Objective One: People

Data Standard One

• Senior Information Risk Owner (SIRO) Job Description
• Caldicott Guardian Job Description
• Information Governance Policy
• Data Protection and Confidentiality Policy
• Data Quality Policy
• Acceptable Use Policy
• Information Security Guidance for Staff
• Access Control Policy
• Access Control Procedure
• Retention of Records Procedure
• Privacy Notice
• Subject Access Request (SAR) Procedure
• Subject Access Request (SAR) Record
• Inventory of Information Hardware Assets
• Inventory of Software Assets
• Inventory of Information Assets
• Inventory of Intangible Assets
• Risk Management Framework
• Risk Assessment Procedure
• Audit and Review Procedure
• Internal Audit Schedule
• Audit Lead Report Sheet
• Non-conformance and Observations Log
• Data Protection Impact Assessment (DPIA) Procedure
• Data Protection Impact Assessment (DPIA) Tool
• Change Control Form
• Physical Security and Media Handling Procedure
• Risk Treatment Plan Work instruction
• Risk Treatment Plan
• Systems Auditing Procedure
• Records Manager Job Description

Data Standard Two

• Induction Checklist
• Competence Procedure

Data Standard Three

• Training Needs Analysis
• Competence Matrix
• Training and Development Procedure
• Training Record

Leadership Objective Two: Process

Data Standard Four

• User Access Management
• Information Security Incident Management
• Incident Report Log
• Special Access Privileges
• User Agreement

Data Standard Five

• Refer to blank templates for meeting minutes and agenda templates

Data Standard Six

• Incident Reporting Form
• Personal Data Breach Notification Procedure
• Policy Against Malware (Malware)
• Control Against Malicious Code Procedure
• Antivirus Software Work Instruction

Data Standard Seven

• Information Security Continuity Planning
• Information Security Continuity Plan
• Information Security Continuity Testing
• Information Security Continuity Risk Assessment

Leadership Objective Three: Technology

Data Standard Eight

• Documented Procedures
• Control of Operational Software
• Change Control Procedure
• Control of Software Installation
• Software Updates and Patching Policy
• Vulnerability Management

Data Standard Nine

• Hardware and Systems Configuration Procedure
• Standard Configuration for Computers and Networked Device
• Monitoring and Measurement Policy
• System Testing Policy
• Management Review Record
• Management Review Procedure

Data Standard Ten

• Customers and Third Parties Procedure
• Log of Third-Party Suppliers
• Information Security Policy for Supplier Relationships
• Information Security Procedure for Supplier Relationships