Better Security, Better Care Programme
The Department of Health and Social Care are imminently looking to renew the Better Security, Better Care Programme Grant. This four year grant will provide onward funding to local care associations to build cyber security standards in the adult social care sector. We are looking for organisations who have expertise within the adult social care sector and have experience delivering national projects, with a particular focus on digital and cyber security. We are looking to understand both the market’s interest in this grant, but also to help shape the future specification for the grant when it is released. We welcome responses from small/medium enterprises and encourage partnerships; one or more of the organisations must represent or deliver services within the adult social care sector.
- Opening date:
- Closing date: (Midnight)
Contents
Summary
THIS IS AN EXPRESSION OF INTEREST, THERE IS NO FUNDING ATTACHED TO THIS APPLICATION.
Better Security, Better Care has been running from April 2021, delivered through the National Care Association, the sector-based model has been successful in building compliance with the cyber security and data protection assessment across health and social care, the Data Security and Protection Toolkit (DSPT). There are now over 20,000 organisations within the care sector completing the toolkit.
The Department for Health and Social Care and NHS England in 2023 published their cyber security strategy for health and social care to 2030. This strategy outlines five outcome-based pillars for which cyber security across the health and care system is prioritised against. To achieve the outcomes laid out in this strategy a programme of support is required for adult social care to ensure that it gets equal focus to the NHS and that care providers have the necessary support in place. This is again reiterated in the ministerial foreword provided as a part of the report into the state of cyber security in adult social care.
In line with this strategy last year, for large NHS organisations we introduced the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF), into the DSPT. This gave organisations more flexibility when it came to meeting cyber security and information governance standards. We as the department are now in the process of embedding the CAF into the DSPT for other organisations including adult social care; whilst this won’t introduce the same level of flexibility it will mean that standards are significantly increased. To enable this increase we require a programme of support within the sector; the Better Security, Better Care programme grant will provide this support.
The grant will provide funding for a national programme who will deliver onward grants to local care associations across England. The programme will be responsible for maintaining compliance with the DSPT whilst the department and NHS England raise the standards that the toolkit is built on. The programme will own the relationships between the local care associations and will be responsible for finding suitable organisations. This will require consistent management across England but should be understanding of the differences in locality and the needs of care providers across different areas – different approaches may be required to meet the same outcomes.
The programme will also be required to build cyber expertise within the care associations to enable them to understand the new standards and present them to care providers in a manner that is easily understood.
The programme will provide a link into the sector from the department, facilitating engagement and allow the standards to be built in proportion to the needs and capacity of the sector. This engagement approach whilst providing an appropriate link in for the department, should create a national presence for the programme so that care providers across England have a point of contact for cyber security within the adult social care sector.
The programme will maintain awareness and collaborate with other national, regional and local organisations to ensure that cyber security is embedded both into the wider digital landscape but also the care sector as a whole.
Further details as to the objective of the grant can be found in the ‘Further Information’ section.
The department is now requesting information from interested organisations to both understand the size of the market beyond our current knowledge, but also so that interested organisations are able to shape the specification for the grant. This request for information will be open for 15 calendar days and will be followed shortly by the grant advertisement, those organisations who complete this request for information will be notified by the department when the grant tender goes live on the Find a Grant platform.
Eligibility
We are seeking interested not-for-profit organisations who work within the adult social care sector. As the responsibility for adult social care is devolved, we are only welcoming bids from organisations based in England.
We welcome bids from SME organisations or partnerships where one of the organisations is based within or services the adult social care sector.
The intended grant would be made under Section 149 of the Health & Social Care Act 2008. Applicants will need to be eligible to apply under the conditions outlined in Sections 149 and 150 of that legislation.
Objectives
Maintain and build cyber capabilities at a system-wide level in the adult social care sector, and:
· Help to reduce risk in adult social care providers from cyber threats and achieve a common understanding of risks.
· Improve cyber resilience in adult social care providers, including:
o Meeting a yearly DSPT compliance target towards the aim of comprehensive DSPT completion in adult social care.
o Providing cyber security training to care associations to enable them to provide cyber specific support to providers.
o Creating a framework to be able to assure the DSPT returns.
o Enabling the development of standards at a national level by providing support to providers through the provision of onward grants.
o Tackling distinct national challenges in DSPT completion through national-led activities.
o Providing an adult social care sector link that allows for the implementation of the Cyber Assessment Framework (CAF) through the DSPT.
o Leading cyber security engagement across the adult social care sector to support and drive the implementation of the Health and Social Care Cyber Strategy.
o Providing agile and adaptable support during cyber incidents.
Enable the digital transformation of adult social care:
· Supporting access to information through DSPT compliance and system engagement and collaboration.
· Supporting and upholding public trust through clear commitment and progress in cyber and data protection support.Working closely and in partnership with digital and cyber programmes in DHSC and NHSE, collaborating on opportunities to support mutual aims (e.g., digital skills).
Dates
This expression of interest closes on the 8th July 2025 at 23:59, the Department will use the returns to shape the specification for the final grant.
How to apply
Applicants should complete the next stage of questions and submit it through this application page by 23:59 on the 8th July 2025.
Supporting information
The state of cyber security in adult social care - GOV.UK – This report outlines the current state of cyber security in adult social care and the challenges the sector faces when it comes to cyber security.
Cyber security strategy for health and social care: 2023 to 2030 - GOV.UK – This strategy outlines the Departments’ and NHS England’s approach to cyber security across health and social care.
Data Security and Protection Toolkit – The DSPT is the toolkit that measures cyber resilience across the health and social care system.Cyber Assessment Framework - NCSC.GOV.UK – The CAF is the standard that is being adopted across government and is the standard that the Department and NHS England are looking to introduce into the DSPT.