The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

This system is subject to ongoing development.

What's new?

Assertions and Evidence items for the Data Security and Protection Toolkit 2023-24 (20th November 2023)

Key facts and assertions and evidence items for the Data Security and Protection Toolkit 2023-24 (version 6).

Toolkit webinar slides (Updated 15 November 2023)

Including video and presentation slides from recent Webinar sessions.

Toolkit webinars and update events (09 November 2023)

Dial in details for our training and update events. Details of Additional webinars for 2023-2024.

DSPT Independent Assurance and Audit 2023-24

Guidance for all NHS Trusts, ICBs, CSUs, DHSC Arms Length Bodies, Independent Providers who have been designated Operators of Essential Services and IT Suppliers to have a DSPT Audit to the required mandatory scope and framework methodology.

Staff training, awareness and culture major DSPT change

Until July 2023, the DSPT required that you train at least 95% of your staff using the national Data Security Awareness Level 1 e-learning or a local equivalent. This has changed for 2023/24. Instead of the 95% training requirement, you now need to ensure that all your staff have an ‘appropriate understanding of information governance and cyber security’.

System changes and release notes (updated 02 November 2023)

A high-level summary of recent changes is provided here for reference.