The DSP (Data Security and Protection) Toolkit
In April 2018, the DSP Toolkit replaced the IG (Information Governance) Toolkit as the standard for cyber and data security for healthcare organisations and their partners.
Compliance with the DSP Toolkit requires organisations to demonstrate that they are implementing the ten data security standards recommended by the National Data Guardian, as well as complying with the requirements of the GDPR (General Data Protection Regulation).
Preparing for DSP Toolkit compliance:
The deadline for completing the DSP Toolkit is 31 March 2019, although larger organisations must have completed their submissions by October 2018. Beginning the compliance journey alongside other regulatory changes, such as the GDPR and the NIS Regulations, means organisations can combine compliance projects, avoiding duplication and ultimately saving money.
Designed and developed by expert data security and governance specialists, this handy set of documentation templates has been designed specifically for small and large health and social care organisations. The toolkit provides all the documents and tools you need to ensure full compliance.
The DSP Toolkit Compliance Service is a bespoke consultancy service that delivers a detailed review of your organisation’s data protection regime, recommended corrective actions for achieving full DSP Toolkit compliance, updates to any necessary documentation, support and guidance to improve your security practices and an online submission of the DSP Toolkit to NHS Digital.
The DSP Toolkit Gap Analysis is ideal for organisations new to the toolkit’s requirements. It delivers an expert, in-person assessment of your data security and privacy arrangements against the toolkit’s detailed specifications.
The FastTrack™ service helps you meet the DSP Toolkit’s requirements quickly and effectively for a fixed price. Our team of data security and protection experts will outline exactly what is required to achieve full compliance and help implement any necessary remedial actions at a budget and in a timeframe convenient to you. Applicable to small organisations only.
Download our DSP Toolkit and NIS Regulations green paper
For more information on the DSP Toolkit, what changes it introduces and why you should consider streamlining your DSP Toolkit and NIS Regulations (Network and Information Systems Regulations 2018) compliance projects, download our free green paper.
Staff awareness survey
The DSP Toolkit requires organisations to complete a staff awareness survey annually to quantify the level of preparedness for cyber incidents across the whole organisation.
The survey highlights 17 areas where employees should be adequately trained to understand their responsibilities to data security and how to maintain critical business functions within their role should a cyber incident occur.
More information on staff awareness training is available in our e-learning module >>
Cyber Essentials is a world-leading, cost-effective assurance mechanism developed by the UK government for organisations of all sizes. The scheme stipulates five security controls that should prevent the most common cyber attacks.
Organisations with Cyber Essentials Plus certification will be able to prepopulate some criteria when completing their toolkit application, as the certification conditions surpass the expected standard of the toolkit. Achieving certification will also prepopulate many of the compliance statements within the online portal, reducing the time and cost needed to demonstrate compliance.
Click here to find out more about Cyber Essentials Plus >>
Safe data, safe care – CQC review
In July 2016 the CQC (Care Quality Commission) released its findings on safe data management in the NHS. The CQC discovered that, although there was widespread commitment to data security, staff training and suitable infrastructure were not in place to manage this in line with day-to-day needs.
The CQC recommended six areas of improvement. The first four of these – leadership; information, tools and training; IT systems; and unsupported technology – have been addressed in the assurance guidance and will be requirements of the DSP Toolkit. The final two recommendations are:
Audit and validation
Arrangements for internal data security audit and external validation should be reviewed and strengthened to a level similar to those assuring financial integrity and accountability.
We'll amend our assessment framework and inspection approach to include assurance that appropriate validation against the new data security standards has been carried out, and make sure inspectors are appropriately trained.
Since Safe Data, Safe Care was published, it has been confirmed that the CQC will inspect DSP Toolkit submissions as part of its ‘key lines of enquiry’ (KLOEs) and rate them accordingly. The better the ratings, the better the organisation has complied with the Toolkit.