The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
This system is subject to ongoing development.
What's new?
Improvement Plans - Instructions for 2024-2025 (12 June 2025)
This applies to NHS Trusts, Integrated Care Boards (ICBs), Commissioning Support Units (CSUs), Independent Providers who are Operators of Essential Services under NIS, Key IT Suppliers, Local Authorities and Department of Health and Social Care (DHSC) Arm's Length Bodies (ALBs). Now including example Improvement plan.
24-25 Data Security and Protection Toolkit Status for large NHS Organisations will not be displayed during the month of July 2025 (12 July 2025)
This will impact NHS Trusts, Integrated Care Boards (ICBs), Commissioning Support Units (CSUs), Arms Length Bodies
System changes and release notes (updated 11 June 2024)
A high-level summary of recent changes (including the release of the functionality to upload audits) is provided here for reference.
Toolkit webinar slides (Updated 03 June 2025)
Including video and presentation slides from recent Webinar sessions including the changes to the DSPT for 24-25 for NHS Trusts, ALBs, ICB and CSUs.
Toolkit webinars and update events - Extra webinars throughout June 2025 (29 May 2025)
Includes details of the additional weekly webinars throughout June 2025.
Improvement Plans - Instructions for 2023-2024
Guidance and Instructions for 2023-24 Data Security and Protection Toolkit. This applies to NHS Trusts, Integrated Care Boards (ICBs), CSUs, Independent Providers who are Operators of Essential Services under NIS, Key IT Suppliers, Local Authorities and DHSC Arm's Length Bodies.
