The DSPT (Data Security and Protection Toolkit)
All organisations that access NHS patient data and systems must demonstrate their compliance with the DHSC (Department of Health and Social Care)’s data security and information governance requirements.
This is achieved by submitting a self-assessment using the DSP (Data Security and Protection) Toolkit, an online tool that replaced the IG Toolkit in April 2018.
Submissions are made annually and are due by 31 March each year, although government arm’s-length bodies and NHS trusts must have completed baseline assessments by the end of the preceding October.
DSPT standard 2019-20 (version 2)
The DSPT standard has now been updated for 2019-20 and the previous version withdrawn.
Among its changes, version 2 incorporates the requirements of the Cyber Essentials scheme, the MCSS (Minimum Cyber Security Standard) and the NIS Regulations 2018, and rationalises some of the evidence items related to the EU GDPR (General Data Protection Regulation).
A new audit programme is also being developed to validate self-assessments.
Compliance requirements vary depending on each organisation’s category. You should therefore review the new version of the Standard and begin your 2019–20 assessment now so that you can submit your self-assessment by 31 March 2020. Further guidance can be found on the NHS’s DSP Toolkit website.
IT Governance DSP Toolkit product and services
IT Governance’s healthcare specialists have reviewed the 2019–20 standard’s requirements and updated our DSPT products.
If you are unclear about the changes introduced by the new standard or would like to speak to one of our team, please email us.
Designed and developed by expert data security and governance specialists, this handy set of documentation templates has been designed specifically for Category 3 organisations. The toolkit provides all the documents and tools you need to ensure full compliance with the 2019–20 DSPT standard.
The DSP Toolkit Compliance Service is a bespoke consultancy service that delivers a detailed review of your organisation’s data protection regime, recommended corrective actions for achieving full compliance with the 2019–20 DSPT standard, updates to any necessary documentation, support and guidance to improve your security practices, and an online submission of the DSP Toolkit to NHS Digital.