The DSP (Data Security and Protection) Toolkit
All organisations that access NHS patient data and systems must demonstrate their compliance with the DHSC (Department of Health and Social Care)’s data security and information governance requirements.
This is achieved by submitting a self-assessment using the DSP (Data Security and Protection) Toolkit, an online tool that replaced the IG Toolkit in April 2018.
Submissions are made annually and are normally due by 31 March each year, although government arm’s-length bodies and NHS trusts must have completed baseline assessments by the end of the preceding October.
However, in light of the COVID-19 pandemic, the deadline for 2020 submissions has been pushed back to 30 September – although organisations must still maintain their patching regimes.
DSPT standard 2019-20 (version 2)
The DSPT standard has now been updated for 2019-20 and the previous version withdrawn.
Among its changes, version 2 incorporates the requirements of the Cyber Essentials scheme, the MCSS (Minimum Cyber Security Standard) and the NIS Regulations 2018, and rationalises some of the evidence items related to the EU GDPR (General Data Protection Regulation).
A new audit programme is also being developed to validate self-assessments.
Compliance requirements vary depending on each organisation’s category. You should therefore review the new version of the Standard and begin your 2019–20 assessment now so that you can submit your self-assessment by 30 September 2020. Further guidance can be found on the NHS’s DSP Toolkit website.
IT Governance DSP Toolkit product and services
IT Governance’s healthcare specialists have reviewed the 2019–20 standard’s requirements and updated our DSPT products.
If you are unclear about the changes introduced by the new standard or would like to speak to one of our team, please email us.
DSP Toolkit Templates
Designed and developed by expert data security and governance specialists, this handy set of documentation templates has been designed specifically for category 3 organisations. The toolkit provides all the documents and tools you need to ensure full compliance with the 2019–20 DSPT standard.
DSP Toolkit Compliance Service
The DSP Toolkit Compliance Service is a bespoke consultancy service that delivers a detailed review of your organisation’s data protection regime, recommended corrective actions for achieving full compliance with the 2019–20 DSPT standard, updates to any necessary documentation, support and guidance to improve your security practices, and an online submission of the DSP Toolkit to NHS Digital.
DSP Toolkit FastTrack
The DSP Toolkit FastTrack™ consultancy service is designed to help small category 3 and 4 organisations new to the toolkit’s requirements, apply for registration with NHS Digital. Undertake a total review of your organisation’s data security regime, provide recommendations for corrective and preventative actions, develop the necessary documentation, undertake key activities and help you complete the online submission.