How defensible is your care service’s data protection?

Enter your work email and answer ten quick questions. You’ll get a red / amber / green defensibility score straight away — including a real, automated check of your own domain’s email security. No install, no sales call.

We check your domain’s public email-security records and send your full report here.

Ten quick questions

Answer from memory — this takes about two minutes. “Not sure” is always a valid answer.

1.Do all staff use multi-factor authentication (MFA) on their work email?
2.Do you know every third-party app that can read your staff's mailboxes or files?
3.Has anyone tested staff with a simulated phishing email in the last 12 months?
4.Do you know which AI tools (ChatGPT, Copilot…) your staff use for work?
5.When someone leaves, is their access removed the same day by a defined process?
6.Are work devices encrypted and set to lock their screens automatically?
7.Do you have a current register of the devices and systems that hold client data?
8.Do you have a written first-hour data-breach process?
9.Do you know where client data is stored and which suppliers can access it?
10.Have you completed the DSPT — and could you evidence the answers if CQC asked tomorrow?

How we handle this data: privacy notice.