Printed from CheckTick DSPT Compliance Documentation
Data Security & Protection Training Log: 2025/26
Policy: All staff must complete the NHS "Data Security and Protection" e-learning module annually to ensure compliance with the DSPT 95% training requirement.
| Staff Name | Role | Course Name | Completion Date | Certificate Ref |
|---|---|---|---|---|
| Dr Serena Haywood | SIRO / DPO | NHS Data Security & Protection (Level 1) | 16/1/2026 | Certificate (PDF) |
| Dr Serena Haywood | SIRO / DPO | GDPR Training | 9/1/2025 | Certificate (PDF) |
| Dr Serena Haywood | SIRO / DPO | Information Governance | 21/12/2025 | eLFH |
| Dr Serena Haywood | SIRO / DPO | Information Security, Data Protection, Freedom of Information | 24/7/2024 | eLFH |
| Dr Serena Haywood | SIRO / DPO | Caldicott Guardian | 28/3/2026 | Certificate (PDF) |
| Dr Simon Chapman | CTO | NHS Data Security & Protection (Level 1) | 28/3/2026 | Certificate (PDF) |
| Dr Simon Chapman | CTO | Information Governance | 28/3/2026 | Certificate (PDF) |
| Dr Simon Chapman | CTO | Caldicott Guardian | 28/3/2026 | Certificate (PDF) |
Internal Training Topics Covered (2025):
In addition to the NHS module, we held an internal briefing on:
- Northflank Secrets Management: Handling DB credentials securely.
- Incident Response: Walking through the "Restoration Test Log" procedures.
- Phishing Awareness: Reviewing email security protocols for the
@checktick.ukdomain.
Role: Senior Information Risk Owner (SIRO)
Appointed Individual: Dr Serena Haywood Accountable To: The Board (Founding Partners)
Primary Responsibilities:
- Accountability: Overall ownership of the organisationβs information risk policy.
- Culture: Driving a culture of data security and protection across all operations.
- Assurance: Providing board-level assurance that information risks are managed effectively.
- Incident Oversight: Acting as the final decision-maker on reporting data breaches to the ICO/DSPT.
- DSPT Submission: Final sign-off for the annual Data Security and Protection Toolkit submission.
Regular Actions:
- Monthly review of the Asset Register and Vulnerability Reports.
- Annual review of the Business Continuity and Disaster Recovery Plan.
Mandatory Training & Awareness Log: 2025/26
Target Completion: 100% | Actual Completion: 100%
1. Staff Completion Records
| Name | Role | NHS Data Security L1 | Secure Development | Last Review |
|---|---|---|---|---|
| Dr Serena Haywood | SIRO / DPO | β - | β - | March 2026 |
| Dr Simon Chapman | CTO / Cyber Lead | β - | β - | March 2026 |
2. Activity Schedule
| Activity | Interval | Description |
|---|---|---|
| NHS Data Security Awareness | Annual | Statutory requirement for all health-related staff. |
| OWASP / Secure Coding | Annual | Technical deep-dive for the CTO and developers. |
| BCDR Drill | Annual | Practical walkthrough of the disaster recovery plan. |
| Security Briefings | Monthly | Review of recent logs, alerts, and new policy updates. |
3. Monitoring & Enforcement
The SIRO performs a quarterly review of this log. In the event of a training expiry, access to administrative systems (Northflank/GitHub) is restricted until the refresher is completed and evidence is provided.