Information Governance at the VCSA and Resources

Keeping people’s data and personal information safe and secure is extremely important for the VCS Alliance. Whether it’s staff or service users’ data, we endeavour to showcase the best Information Governance (IG) practices and support any organisation we contract with to do the same.

We keep data safe by…

  • Using protected folders and strong passwords that are updated constantly
  • Team-wide training to make sure everyone knows how to handle data responsibly
  • Business continuity plans, risk assessments, and mitigation procedures
  • Clear policies – some of which you can find on our website, and which are constantly under scrutiny

We also help others do the same by supporting organisations with their…

  • Data Security and Protection Toolkit (DSPT)
  • Data Protection Impact Assessments
  • Information Asset Registers

For the safety and security of our service users’ data, we submit a Data Security and Protection Toolkit (DSPT) every year. This toolkit provides assurance that we are practising good data security and that personal information is handled correctly. The DSPT must be reviewed and resubmitted annually.

We support other VCSE organisations to also submit their DSPT, as all organisations that have access to NHS patient data and systems must complete one. If you would like support or have any questions about the DSPT please email DSPT@thevcsalliance.org.uk

You can publicly check whether an organisation has submitted their DSPT here: Organisation Search

The VCS Alliance is proud to share this Information Governance guide, created in 2026 by VCSA staff for VCSE organisations looking to improve their Information Governance:

We’re also happy to share these resources below, for any organisation wishing to improve their Information Governance:

Free IG eLearning on Digital Care Hub

The Information Commissioner’s Office

Digitising Social Care: Unlock the benefits of digital in care

At the VCSA, we have staff posted in different roles related to Data Protection. This includes:

Ele – Senior Information Risk Owner (SIRO)

Kerrie – Caldicott Guardian

David – Data Protection Officer (E:David@thevcsalliance.org.uk)

If you have any questions or concerns about our Information Governance please reach out by contacting our SIRO Eleonora@thevcsalliance.org.uk

You can also find copies of our Data Protection Registration Certificate, and Data Security and
Protection Toolkit Certificate.

Information for NHS Patients:

Some of the health and care projects that the Alliance co-ordinates access NHS patient data.

It is important to note that the national data opt-out policy allows the public to opt out of their confidential patient information being used for purposes beyond their individual care and treatment at any time.

The public can also opt out of their data being used for research purposes.

Verified by ExactMetrics