The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
This system is subject to ongoing development.
What's new?
Toolkit webinar slides (Updated 15 December 2025)
Including video and presentation slides from recent Webinar sessions including the hints and tips for the DSPT for 25-26.
Toolkit webinars and update events for 2025-26 (15 December 2025)
Includes details of dates and Teams details of Webinars through to June 2026.
Improvement plan updates and Interim DSPT Assessment publications required by 31 December (11 December 2025)
Reminder to organisations completing a CAF DSPT that an Interim DSPT Assessment publication by 31 December and a reminder to organisations who have agreed to provide an Improvement plan update.
Reminder: DSPT Improvement plan updates to be submitted by 31 December 2025 (04 December 2025)
Details of how to submit your December DSPT Improvement plan update.
DSPT Audit 25-26 Areas of Mandatory Audit (15 October 2025)
The outcomes and assertions of the DSPT which must be included in a 25-26 DSPT Audit for NHS Trusts, ICBs, ALBs, CSU, OES, Genomics and IT Suppliers. Note slight change to IT Supplier mandatory audit requirements)
System changes and release notes (updated 8 October 2025)
A high-level summary of recent changes (including the release of the functionality to upload audits) is provided here for reference.
