Digital Security and Confidentiality Audit - Supported Living

Answered 0 / 28(0% complete)

Note: This is the "clipboard" version of the audit. Only allocate tasks to users once you are satisfied that the audit is complete and accurate. Once saved, it is added to your Compliance Calendar as the final version for that month, where you can allocate tasks, upload evidence, and manage actions.

Score

0%

N/A counts as Yes (full credit). Unanswered reduces the score until completed.

Breakdown

0 Yes 0 No 0 N/A 28 Unanswered

0%100%

Answers Overview

0%Score (Yes + N/A)
Yes
0
No
0
N/A
0
Unanswered
28

Questions

0/28 answered
  • Q1 | Unanswered

    Is there a digital security and data protection policy that staff understand and apply in supported living practice?

    Evidence to check

    • Digital security and data protection policy is current and aligned with GDPR and the Data Protection Act 2018
    • Policy covers mobile working, shared accommodation, tenant homes, digital care records, photos, messaging and remote access
    • Staff can explain how they protect confidentiality during visits and in shared settings
    • Policy is reviewed after breaches, system changes or new digital tools
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q2 | Unanswered

    Are staff trained to protect confidentiality and handle digital information securely during real supported living work?

    Evidence to check

    • Training records for confidentiality, GDPR, cyber security and digital systems
    • Staff can answer practical scenarios about mobile devices, shared homes and information sharing
    • Refresher training is completed where required
    • Supervision or team meetings reinforce learning after breaches or near misses
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q3 | Unanswered

    Are phones, tablets, laptops and other devices used to access care records protected against unauthorised access?

    Evidence to check

    • Devices are password, PIN, biometric or multi-factor protected where appropriate
    • Device encryption or approved security controls are in place
    • Devices lock automatically when not in use
    • Lost or stolen device procedures are understood and followed
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q4 | Unanswered

    Are electronic care records restricted to authorised staff, with access based on role and need?

    Evidence to check

    • Access permissions are role-based
    • Staff only access records for tenants they support or manage
    • Managers review access rights periodically
    • Unauthorised access concerns are investigated
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q5 | Unanswered

    Where paper records are used, are they stored securely in tenant homes, offices or shared settings so confidentiality is protected?

    Evidence to check

    • Paper records are stored in locked or restricted-access locations where required
    • Records are not left visible to visitors, co-tenants, relatives or contractors
    • Staff know how to transport paper records securely
    • Archived or outdated paper records are removed or stored according to policy
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q6 | Unanswered

    Is personal data shared only with the tenant’s consent, lawful authority or clear safeguarding/legal basis?

    Evidence to check

    • Consent to share information is recorded and current
    • Rationale is recorded where information is shared without consent due to risk or legal duty
    • Information shared is relevant, proportionate and secure
    • Staff understand confidentiality does not prevent safeguarding escalation
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q7 | Unanswered

    Are care records regularly reviewed so information is accurate, relevant, respectful and limited to what is needed?

    Evidence to check

    • Care record audits include accuracy and data minimisation
    • Outdated, duplicated or irrelevant information is corrected or archived
    • Records use respectful and factual language
    • Tenant information is updated after changes in needs, risks, consent or preferences
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q8 | Unanswered

    Are electronic communication platforms used securely and in line with approved service protocols?

    Evidence to check

    • Approved email, care system and messaging platforms are identified
    • Staff know which systems may and may not be used for tenant information
    • Sensitive information is shared using secure methods
    • Communication records are retained where required
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q9 | Unanswered

    Are data breaches and near misses reported promptly, investigated and used for learning?

    Evidence to check

    • Data breach and near-miss records
    • Immediate containment actions are recorded
    • Investigation identifies cause, impact and whether external reporting is required
    • Learning is shared and practice changed where needed
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q10 | Unanswered

    Is confidential information protected from being shared through insecure platforms such as personal email, personal phones, unapproved messaging apps or social media?

    Evidence to check

    • Staff understand prohibited or restricted communication methods
    • No tenant-identifiable information is sent through unapproved channels
    • Managers check and act on unsafe communication practices
    • Clear guidance exists for urgent communication where secure systems are unavailable
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q11 | Unanswered

    Are tenants’ consent preferences for data sharing documented, understood and respected in practice?

    Evidence to check

    • Consent records state who information can be shared with and for what purpose
    • Support plans reflect communication preferences and restrictions
    • Staff check consent before speaking with family, advocates, housing providers or professionals where required
    • Consent is reviewed when circumstances or relationships change
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q12 | Unanswered

    Do staff understand how to securely delete, archive or dispose of digital and physical records?

    Evidence to check

    • Records retention and disposal policy
    • Confidential waste arrangements are used for paper records
    • Digital records are deleted or archived only through approved processes
    • Staff do not store tenant records on personal devices or unapproved drives
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q13 | Unanswered

    Are records backed up securely and regularly so essential information can be recovered during system failure or emergency?

    Evidence to check

    • Backup arrangements for digital care systems and key documents
    • Backups are secure and access-controlled
    • Business continuity plan includes digital system downtime
    • Recovery or backup access is tested or confirmed by provider assurance
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q14 | Unanswered

    Are electronic systems kept updated and monitored to reduce security vulnerabilities?

    Evidence to check

    • Software updates, patches and security controls are managed
    • Antivirus or endpoint protection is used where appropriate
    • Unsupported systems or outdated devices are identified and replaced or risk-assessed
    • Cyber security concerns are escalated promptly
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q15 | Unanswered

    Are care planning, rostering, communication or scheduling apps approved and reviewed for data protection compliance before use?

    Evidence to check

    • Approved systems list or procurement checks
    • Data protection impact assessment or supplier assurance where required
    • Access, storage, audit logs and data hosting arrangements are reviewed
    • Unapproved apps are not used for tenant records or sensitive communication
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q16 | Unanswered

    Is there clear guidance for using digital devices in tenants’ homes, including mobile phones, photos, remote log-ins and screen visibility?

    Evidence to check

    • Mobile working or device-use policy
    • Staff protect screens from visitors, co-tenants and others in the home
    • Photos or recordings are taken only where authorised and consented to
    • Staff maintain professional boundaries when using phones in tenants’ homes
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q17 | Unanswered

    Are tenants supported to understand how their information is used and to access their records where they wish to do so?

    Evidence to check

    • Privacy notice or data information is available in accessible formats
    • Tenants are told what information is kept and why
    • Subject access or record access requests are managed appropriately
    • Advocacy or communication support is offered where needed
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q18 | Unanswered

    Are staff careful not to discuss confidential information in public areas, shared accommodation, during travel or where others may overhear?

    Evidence to check

    • Staff can explain confidentiality risks in shared homes and community settings
    • Observation or feedback confirms confidential conversations are handled discreetly
    • Staff avoid discussing tenants in corridors, cars, public places or shared areas
    • Concerns about overheard information are recorded and addressed
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q19 | Unanswered

    Are staff access rights removed or changed promptly when staff leave, change roles or no longer support specific tenants?

    Evidence to check

    • Leaver and role-change checklist
    • System access is revoked promptly after leaving
    • Access rights are updated after role or service changes
    • Managers audit inactive users and unnecessary access
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q20 | Unanswered

    Are remote and hybrid working arrangements secure, including staff logging into care systems away from the office?

    Evidence to check

    • Remote working policy and security guidance
    • Staff use approved devices, secure networks and multi-factor authentication where required
    • Records are not downloaded, printed or stored insecurely at home
    • Confidential conversations and screens are protected when working remotely
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q21 | Unanswered

    Where CCTV or video monitoring is used in shared areas, entrances or communal spaces, is it lawful, proportionate, clearly explained and reviewed?

    Evidence to check

    • CCTV policy, signage and privacy information
    • Purpose, lawful basis and retention period are documented
    • Tenant rights, privacy and consent or consultation are considered
    • CCTV is not used in private areas or in a way that unnecessarily restricts tenants
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q22 | Unanswered

    Are digital tools, sensors or assistive technologies used with consent, clear purpose and appropriate safeguards?

    Evidence to check

    • Support plan records the purpose of digital tools or assistive technology
    • Consent, capacity or best-interest decision is recorded where relevant
    • Privacy, proportionality and least restrictive options are considered
    • Technology is reviewed to ensure it still benefits the tenant
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q23 | Unanswered

    Is there a system to audit access to care records and sensitive information so inappropriate access can be identified?

    Evidence to check

    • System audit logs are available and reviewed where possible
    • Unusual access patterns are investigated
    • Staff understand that record access may be monitored
    • Access audit findings are reported through governance where relevant
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q24 | Unanswered

    Are confidentiality breaches used for learning and reported through governance so risks are reduced across the service?

    Evidence to check

    • Governance records include data breach themes
    • Lessons from breaches are shared with staff
    • Policies, training or system controls are updated after breaches
    • Repeat breaches trigger stronger action and senior oversight
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q25 | Unanswered

    Is digital security included in risk assessments, audits and quality reviews, including risks specific to supported living environments?

    Evidence to check

    • Digital security included in audit programme
    • Risk assessments consider mobile working, shared accommodation, tenant homes and assistive technology
    • Quality reports include data protection and confidentiality themes
    • Actions from digital security audits are tracked and completed
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q26 | Unanswered

    Are tenants’ digital rights, privacy and online safety supported where staff assist with phones, tablets, internet use, online accounts or apps?

    Evidence to check

    • Support plans record digital support needs and boundaries
    • Staff do not access tenant accounts without consent and clear purpose
    • Online safety, scams, passwords and privacy are discussed where appropriate
    • Tenant independence and choice are promoted rather than staff taking control
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q27 | Unanswered

    Are staff clear about boundaries when using personal phones, social media or messaging in relation to tenants?

    Evidence to check

    • Social media and professional boundaries policy
    • Staff do not add tenants, relatives or advocates on personal social media unless explicitly permitted by policy and risk-assessed
    • Photos, videos or messages involving tenants are not stored on personal devices
    • Boundary breaches are recorded, investigated and acted on
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.
  • Q28 | Unanswered

    Are digital audits checking real practice, not only policy compliance, including device use during visits, confidentiality in shared settings and staff understanding?

    Evidence to check

    • Digital security audit includes staff questioning and spot checks
    • Audit reviews mobile device security, record access, messaging and confidentiality risks
    • Tenant feedback is considered where digital tools affect them
    • Actions from audits lead to visible improvements
    Supporting Notes
    No notes yet.
    Notes are stamped with your name, date and time.

Your score and completion will update instantly.