This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

IG Toolkit Compliance

The NHS’s IG (Information Governance) Toolkit was superseded by the DSP (Data Security and Protection) Toolkit in April 2018.

Compliance with the DSP Toolkit is mandatory for organisations that access the HSCN (Health and Social Care Network), which replaced N3 in 2017.

The deadline for completing the DSP Toolkit is 31 March 2019, although larger organisations must complete their submissions by October 2018.

The DSP Toolkit requires organisations to demonstrate that they are implementing the ten data security standards set out by the National Data Guardian and the requirements of the EU GDPR (General Data Protection Regulation).

If your organisation is yet to comply with the GDPR, IT Governance has developed a GDPR checklist in line with NHS Digital guidance to help you understand and plan what you need to do to comply with the Regulation. 

In addition to the more stringent requirements, the CQC (Care Quality Commission) will inspect DSP Toolkit submissions as part of its ‘key lines of enquiry’ (KLOE); an organisation’s rating will reflect its level of compliance with the toolkit.

Download our free DSP Toolkit and NIS Regulations green paper

For further information on the changes that the DSP Toolkit introduces and why you should consider streamlining your DSP Toolkit and NIS Regulations (Network and Information Systems Regulations 2018) compliance projects, download our free green paper ‘DSP Toolkit and NIS Regulations – The impact for healthcare organisations'.

Download now

Preparing for DSP Toolkit compliance

If you are beginning your DSP Toolkit compliance journey alongside other regulatory obligations, such as the GDPR, you can streamline your compliance activities to avoid duplication and ultimately save money.

DSP Toolkit Documentation Templates

DSP Toolkit Gap Analysis

Designed and developed by expert data security and governance specialists, this handy set of documentation templates provides all the documents and tools you need to ensure full compliance.

DSP Toolkit Compliance Service

DSP Toolkit Gap Analysis

This bespoke consultancy service delivers a detailed review of your organisation’s data protection regime, recommended corrective actions for achieving full DSP Toolkit compliance, updates to any necessary documentation, support and guidance to improve your security practices and an online submission of the DSP Toolkit to NHS Digital.

DSP Toolkit Gap Analysis

DSP Toolkit Gap Analysis

This gap analysis is ideal for organisations that are new to the DSP Toolkit’s requirements.

It delivers an expert, in-person assessment of your data security and privacy arrangements against the toolkit’s detailed specifications.

DSP Toolkit FastTrack™

DSP Toolkit FastTrack

This service helps you meet the DSP Toolkit’s requirements quickly and effectively for a fixed price.

Our team of data security and protection experts will outline exactly what is required to achieve full compliance and help implement any necessary remedial actions at a budget and in a timeframe convenient to you.

Applicable to small organisations only.

Additional compliance services

The DSP Toolkit recognises that certain certification schemes surpass the requirements set out in its mandatory assertions.

Cyber Essentials Plus certification achieved in the 12 months before a DSP Toolkit submission and ISO 27001 certification both drastically reduce the evidence items and workload associated with a DSP Toolkit compliance submission. 

For more information or to discuss how to plan a compliance programme around these schemes, speak to a healthcare expert.

“Today we had our approval notification and can proceed with our business plans with NHS authorities; it’s fair to say we couldn’t have achieved it so quickly on our own!”

Jayne Watkins, Quality Education Solutions

Speak to a healthcare expert

For further information about our DSP toolkit products and services, get in touch with a member of our healthcare team using one of the contact methods below.