Data security training

There are several training options available:

Pharmacy-specific training

Pharmacy owners can choose from the following tailored resources:

• Training for induction or refresher purposes (9 pages) (Template 3B)
• GDPR guidance for community pharmacy (short version) – Part 2 training booklet for staff

Alternative non-pharmacy-specific training options

There are also free and commercial training options available. Free resources include:

Resources

• National Cyber Security Centre (NCSC)
• Little Book of Cyber Scams (Metropolitan Police)
• NHSE’s TD IG portal
• Run your own NHS Keep I.T. Confidential cyber security campaign (NHS England)
• Cyber security awareness month (NHS England)

Videos

• Keep I.T. confidential campaign videos (NHS Digital)

Interactive courses (free)

• NHS England’s online IG training, “Data Security Awareness Level 1”, is available to pharmacists and pharmacy technicians via the Centre for Pharmacy Postgraduate Education (CPPE) and the e-Learning for Healthcare platform.
• BT Skills for Tomorrow – includes data security courses

Note: IG leads require more advanced training (see next section).

IG leads should become familiar with the following resources:

1. Our data security hub
2. Guidance for community pharmacy (Part 1) from the Community Pharmacy GDPR Working Party (produced by Community Pharmacy England, and other pharmacy organisations.

Each year, the IG lead should carry out a training needs analysis—often as part of the Data Security and Protection Toolkit submission.

This includes:

• Assessing the different training needs of team members
• Planning annual training delivery
• Setting out a training plan for new starters

To support this, use:
DSPTK Template 3D: Training options and analysis (available on the DS templates webpage).

As IG lead, consider how to make training engaging and effective for your team.

Top tips:

• Focus on the most important topics and prioritise key staff
• Ask staff what concerns them most
• Ensure staff can recognise phishing emails
• Run an annual session where staff can share concerns and ideas for reducing risks
• Reinforce key messages in different formats, such as posters
• Use visual aids to support learning
• Use your IT system to display key messages (e.g. login pop-ups)
• Include data security in your induction process

Cyber Essentials is a recognised cybersecurity certification that pharmacy owners may choose to purchase.

The Department of Health and Social Care has recommended that all formal NHS organisations meet this standard. However, NHS Digital (which manages national NHS cyber services) did not support this recommendation in 2018.

Community pharmacies are not formally classified as NHS organisations by the Department of Health and Social Care, so there is no requirement for pharmacy owners to meet this standard.

Pharmacy owners already provide IG assurances to NHS England through the Data Security and Protection Toolkit.

Previous training materials included:

1. A paper-based training booklet titled “Information Governance Training Booklet for Pharmacy Staff”, developed by Community Pharmacy England and the RPSGB in collaboration with DH Informatics.
   • This was posted to all pharmacies and PCT Medicines Management Leads in England on 22nd January 2010.
   • The booklet is still available to download.
2. Information Governance Training Booklet for Pharmacy Staff

Note: IG leads are encouraged to use the newer materials listed in the ‘Basic training’ and ‘IG lead training’ sections above, as these reflect the current data security environment.