This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

The DSP (Data Security and Protection) Toolkit


The Data Security and Protection Toolkit Standard (DSPT) has been updated by the NHS for 2019-20. And on June 3rd, the NHS withdrew the previous version.

The new Toolkit is live and you can no longer publish against the old standard. Visit the NHS Toolkit website for further information.

The IT Governance healthcare specialists are reviewing the new requirements and adapting our products accordingly. If you are unclear about the changes or would like to speak to one of our team, please email us.

To register interest in the updated products, please complete the form below and we will contact you once they are available.

Get in touch

In April 2018, the DSP Toolkit replaced the IG (Information Governance) Toolkit as the standard for cyber and data security for healthcare organisations and their partners.

Compliance with the DSP Toolkit requires organisations to demonstrate that they are implementing the ten data security standards recommended by the National Data Guardian, as well as complying with the requirements of the GDPR (General Data Protection Regulation).

Preparing for DSP Toolkit compliance:

The deadline for completing the DSP Toolkit was 31 March 2019, although larger organisations must have completed their submissions by October 2018. Beginning the compliance journey alongside other regulatory changes, such as the GDPR and the NIS Regulations, means organisations can combine compliance projects, avoiding duplication and ultimately saving money.

DSP Toolkit Documentation Templates

Designed and developed by expert data security and governance specialists, this handy set of documentation templates has been designed specifically for small and large health and social care organisations. The toolkit provides all the documents and tools you need to ensure full compliance.

Shop now

DSP Toolkit Compliance Service

The DSP Toolkit Compliance Service is a bespoke consultancy service that delivers a detailed review of your organisation’s data protection regime, recommended corrective actions for achieving full DSP Toolkit compliance, updates to any necessary documentation, support and guidance to improve your security practices and an online submission of the DSP Toolkit to NHS Digital.

Enquire today

Download our DSP Toolkit and NIS Regulations green paper

For more information on the DSP Toolkit, what changes it introduces and why you should consider streamlining your DSP Toolkit and NIS Regulations (Network and Information Systems Regulations 2018) compliance projects, download our free green paper.

Download now

Staff awareness survey

The DSP Toolkit requires organisations to complete a staff awareness survey annually to quantify the level of preparedness for cyber incidents across the whole organisation.

The survey highlights 17 areas where employees should be adequately trained to understand their responsibilities to data security and how to maintain critical business functions within their role should a cyber incident occur.

More information on staff awareness training is available in our e-learning module >>

Cyber Essentials

Cyber Essentials is a world-leading, cost-effective assurance mechanism developed by the UK government for organisations of all sizes. The scheme stipulates five security controls that should prevent the most common cyber attacks.

Organisations with Cyber Essentials Plus certification will be able to prepopulate some criteria when completing their toolkit application, as the certification conditions surpass the expected standard of the toolkit. Achieving certification will also prepopulate many of the compliance statements within the online portal, reducing the time and cost needed to demonstrate compliance.

Click here to find out more about Cyber Essentials Plus >>

Safe data, safe care – CQC review

In July 2016 the CQC (Care Quality Commission) released its findings on safe data management in the NHS. The CQC discovered that, although there was widespread commitment to data security, staff training and suitable infrastructure were not in place to manage this in line with day-to-day needs.

The CQC recommended six areas of improvement. The first four of these – leadership; information, tools and training; IT systems; and unsupported technology – have been addressed in the assurance guidance and will be requirements of the DSP Toolkit. The final two recommendations are:

  • Audit and validation

    Arrangements for internal data security audit and external validation should be reviewed and strengthened to a level similar to those assuring financial integrity and accountability.

  • CQC assessment

    We'll amend our assessment framework and inspection approach to include assurance that appropriate validation against the new data security standards has been carried out, and make sure inspectors are appropriately trained.

Since Safe Data, Safe Care was published, it has been confirmed that the CQC will inspect DSP Toolkit submissions as part of its ‘key lines of enquiry’ (KLOEs) and rate them accordingly. The better the ratings, the better the organisation has complied with the Toolkit.