Business processes

You will have to change some of the ways you work to make best use of CP-IS. This area of work is about understanding what your current safeguarding processes are and ensuring that the introduction of new processes is as smooth as possible. 

It is important to map out what your current safeguarding processes are in each setting. This will help you to see what changes are needed further down the line, and who needs to be told about them. Sketch out what currently happens if a safeguarding concern is raised what action is taken and who is involved. 

Decide where you want to see benefits and take a baseline measure of the things you want to improve, for example, process times around managing lists, coordination with social workers, or tracing children with missing NHS Numbers.

You might also be able to identify where your current safeguarding gaps are, to target improvements for example, children who are not from your immediate local authority area, limitations of existing paper-based processes.

Map out the new safeguarding and business processes to include the viewing of CP-IS information in the settings where it will take place. Define the roles and responsibilities within the process so it is clear:

• who will be performing the patient trace and checking for the CP-IS Alert tab/flag
• who will click on the tab/flag (which triggers an automatic notification to the child’s local authority) and what they will do with the data.
• who will ultimately view the data and what they will do with it. 
• that 24/7 access is available for staff to check CP-IS (or if not, the accepted mitigation)
• any subsequent or supplementary actions that may be required.
• who will conduct routine checks to see how the Childcare Alert and the information it provides is being used 
• how processes will be adapted for maternity/UCPPs

You should update your organisation’s Standard Operating Procedure document accordingly.  It is advisable to set a future date for a review of CP-IS business processes to ensure that they are working as expected and that processes remain fit for purpose and fulfil relevant policy requirements for safeguarding, information governance, data protection and privacy. In particular, business processes should be reviewed following any organisational or CP-IS service changes (for example, you may wish to review any routine local paper based processes once local CP-IS implementation is complete).

Put in place the reporting you will need to manage performance against the baselines you have taken so you can realise the benefits you want from CP-IS.

When you finish step 16, you should have identified the staff in the unscheduled care settings who will check and view the Child Care Alerts. 

• allocate Smartcards to the staff you have identified that do not currently hold them (see task 9 in Access and Smartcards section). This can take time so please start as soon as you can, so it doesn’t lead to delays later
• add the relevant access codes to staff Smartcards to enable them to view the Child Care Alert (see task 10 in Access and Smartcards section)
• review existing administration processes for the allocation of Smartcards (to ensure that CP-IS usage is considered)
• determine who within the organisation has audit manager, privacy officer or Caldicott Guardian Smartcard permissions (as they will be able to view reports of CP-IS usage)
• agree how often CP-IS access requirements should be reviewed to minimise the likelihood of inappropriate access to the service

Use different scenarios and process flows to think through or test your proposed safeguarding processes and ensure that the correct people in the process are notified and take the appropriate safeguarding action.

Identify who needs to be trained in the new processes, how this training can best be delivered, and the materials you will need to ensure the training is delivered effectively. Design and deliver training covering:

• how CP-IS works and why it’s needed
• CP-IS business processes including checking flag, viewing data, follow up actions (including maternity staff and processes)
• who to contact if they have a query about CP-IS
• flag only viewed when the child presents
• benefits of the CP-IS service and how the data supports better safeguarding or patient care
• reminder that the Access to Service Notification (ASN) is not a referral but is there to support existing safeguarding processes and decision making
• the need for routine checks to monitor how staff are using the service, obtain feedback and update business processes accordingly
• update new starter processes to include CP-IS training and access (including obtaining RBAC codes)

See Appendix C for the CP-IS NCRS user guide which can be used to help train staff in using CP-IS. See Appendix D for the CP-IS SRS guide for audit in NCRS which can be used to advise staff on audit functionality for CP-IS.

Consider how best to ensure that all relevant staff are trained in using CP-IS (this includes staff inductions, training to support a change of role and any routine staff training).  Any existing safeguarding training should be updated to reference the new safeguarding process including checking the Child Care Alert. You should ensure that training requirements are refreshed as or when the needs of the service change, and that staff are re-retrained at appropriate intervals.  It might be useful to set an annual review of CP-IS training to ensure it is still fit for purpose.

Ensure that CP-IS is added to your business continuity and disaster recovery plans.  You may wish to consider:

• liaison with local authorities in your area  how quickly could they reinstate paper lists
• what is the criticality period for service downtime
• how will safeguarding policy be upheld during downtime

Engage with your organisational information governance lead or Caldicott Guardian to identify the existing IG policies, procedures and training materials that need to be updated to include CP-IS.  The CP-IS National Data Sharing Agreement sets out the legal basis for sharing information for the purposes of this service (copy available on request from your Implementation Manager). A local agreement is not needed for data in scope of CP-IS, however you should ensure that your usage & sharing of the information is documented and is in line with GDPR regulations. We cannot provide direct guidance on GDPR, but your organisation’s Caldicott Guardian should be able to advise you. This does not replace local sharing agreements and any sharing of additional supporting information should be governed by each local authorities own IG approach.  

You may also need to update your Standard Operating Procedure (SOP) and privacy statement and any other relevant documents, to ensure that it does not exclude CP-IS data (for example by referring to solely to local data or paper record sharing, whereas CP-IS includes national data and electronic data sharing).   

Ensure that policies on the security of sensitive patient data are extended to incorporate CP-IS data.