The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
This system is subject to ongoing development.
What's new?
Improvement Plans - Instructions for 2023-2024
Guidance and Instructions for 2023-24 Data Security and Protection Toolkit. This applies to NHS Trusts, Integrated Care Boards (ICBs), CSUs, Independent Providers who are Operators of Essential Services under NIS, Key IT Suppliers, Local Authorities and DHSC Arm's Length Bodies.
System changes and release notes (updated 22 May 2024)
A high-level summary of recent changes (and an MFA reminder) is provided here for reference.
Accessibility statement
Accessibility statement for the Data Security and Protection Toolkit
Assertions and Evidence items for the Data Security and Protection Toolkit 2023-24 (21st May 2024)
Key facts and assertions and evidence items for the Data Security and Protection Toolkit 2023-24 (version 6).
Toolkit webinars and update events (20 May 2024)
Dial in details for our training and update events for 2024. Extra dates added for May and June 2024. Large organisations webinar scheduled for 18th June moved to Friday 21st.
DSPT Independent Assurance and Audit 2023-24
Guidance for all NHS Trusts, ICBs, CSUs, DHSC Arms Length Bodies, Independent Providers who have been designated Operators of Essential Services and IT Suppliers to have a DSPT Audit to the required mandatory scope and framework methodology.
