Building on the success of the on-site assessments, we are now offering a more extensive package of services: the Cyber Security Support Model (CSSM). This includes an on-site assessment and is underpinned by GCHQ-accredited training for board members. More than 160 board training sessions have been delivered. CSSM also includes technical support to address vulnerabilities and help in implementing processes and policies that will make good practice stick, and a service to embed cyber risk management into organisations. Forty per cent of trusts have already used these services.
Our Data and Security Protection Toolkit (DSPT) is another key part of our armoury. It allows organisations to self-assess their data and cyber security practices every year against rigorous standards, and replaced our Information Governance Toolkit in April 2018. We revised it in June 2019 to bring it more closely in line with external security standards including Cyber Essentials, EU NIS, Minimum Cyber Security Standard (MCSS) and the NCSC Cyber Assessment Framework.
All NHS organisations, local authorities and other bodies processing confidential health and adult social care data are required to complete the DSPT and all large NHS organisations must audit their submission every year. So far, about 28,000 self-assessments have been completed.
We are working with our partners to build the culture and widely shared expertise that we need to protect the system. In May 2019, we launched the Cyber Associates Network to bring together the community of cyber and security professionals. It currently has over 700 members from 250 organisations. It is a peer-led network that allows cyber professionals from across the system to share ideas, best practice and knowledge, while also providing us with insights into service improvement opportunities, new initiatives, and a strategic communications channel. We have two events scheduled for November 2019, which will provide members with an opportunity to discuss strategic cyber security issues and topics – such as secure digital transformation – as well as to understand more about what cyber services and products we offer to health and care.
And in September 2019 we launched a national cyber awareness campaign, which provides a package of communications materials to local organisations to drive awareness and understanding among their staff. Almost 300 individual organisations downloaded the materials in the first few weeks of the campaign.