Healthcare Cybersecurity Policy Templates: DSPT-Aligned Documents for NHS Providers

Policy Templates Available for Healthcare Organisations

Kyanite Blue provides the following DSPT-aligned policy templates for healthcare organisations:

• Information Security Policy — overarching security policy framework aligned to DSPT Standard 2
• Acceptable Use Policy — staff obligations for use of IT systems, devices, and patient data
• Data Breach Response Procedure — step-by-step procedure for detecting, containing, and notifying data breaches
• Data Protection Impact Assessment (DPIA) template — for assessing new processing activities involving patient data
• Third-Party Supplier Security Assessment questionnaire — tiered assessment for clinical IT suppliers
• Business Continuity and IT Disaster Recovery Plan template — covering clinical downtime procedures and IT recovery
• Information Asset Register template — for documenting systems and data assets with risk ratings
• Records of Processing Activity (ROPA) template — for documenting all personal data processing activities

How to Get Our Healthcare Policy Templates

Our healthcare policy template pack is available free of charge to healthcare organisations that complete our Healthcare Cyber Risk Assessment. Following your assessment, a Kyanite Blue specialist will review your results and provide the template pack alongside a prioritised implementation guide. For organisations that need tailored policy support — for example, adapting templates to specific care settings or integrating with existing governance frameworks — our vCISO service provides hands-on policy development and implementation support.