The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
This system is subject to ongoing development.
What's new?
Changes to DSPT guidance for E3.a and E4.a and Audit guidance for Objective E for NHS Trusts, ICBs, ALBs and CSUs (05 March 2025)
Details of changes to the DSPT guidance and audit guidance implemented 05.05.2025 for NHS Trusts, ICBs, ALBs and CSUs
DSPT 2024-25 Guide for CAF-aligned DSPT independent assessors, audit guide for all outcomes and templates have been published for NHS Trusts, CSUs, ICBs and ALBs (28 January 2024)
Provides guidance for how outcomes in 2024-2025 Data Security and Protection Toolkit (DSPT) will be audited, lists the mandatory audit outcomes and flags the requirement for the organisation to select four further outcomes to be audited.
Toolkit webinars and update events (5 March 2025)
Includes details of the new webinar for auditors of large NHS organisations covering the updated audit guidance and scheduled webinars through to June 2025.
Assertions and Evidence items for the Data Security and Protection Toolkit 2024-25 version 7 (21 October 2024)
Key facts and assertions and evidence items for the Data Security and Protection Toolkit 2024-25 (version 7). Updated spreadsheet version for Category 2 organisations.
Finalists announced for the National Health and Care Information Governance Annual Awards 2025 (07 March 2024)
See details of the National Health and Care Information Governance Annual Awards 2025. Winners to be announced on the 4 April 2025.
Data Security and Protection Toolkit 2024-25 for large NHS Organisations
Update for NHS Trusts, CSUs, ALBs and ICBs
