The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
This system is subject to ongoing development.
What's new?
Toolkit webinars and update events for 2025-26 (03 October 2025)
Includes details of dates and Teams details of Webinars through June 2026.
Changes to the DSPT for large NHS Organisations in 2024-25 and Independent providers who are Operators of Essential Services (OES) 25-26 (updated 03 October 2025)
Details about how the DSPT is changing for Independent Providers who are Operators of Essential Services and has changed in 24-25 for NHS Trusts, CSUs, ALBs and ICBs and a copy of the 23-24 DSPT Outcomes and Indicators of good practice, FAQs, a mapping to other frameworks, example scoping templates, MFA exception template and DSPT mapping for NHS Trusts, OES, CSUs, ALBs and ICBs. FAQs have been updated.
Toolkit webinar slides (Updated 25 September 2025)
Including video and presentation slides from recent Webinar sessions including the hints and tips for the DSPT for 25-26.
DSPT Guidance includes Specimen Supporting Statements for NHS Trusts, ICBs, CSUs, Genomics and OES Providers and ALBs (25 September 2025)
DSPT Guidance has recently been updated to ensure consistency with Audit guidance and to include some specimen supporting statements to help organisations complete their DSPT assessment.
System changes and release notes (updated 24 September 2025)
A high-level summary of recent changes (including the release of the functionality to upload audits) is provided here for reference.
Reminder: DSPT Improvement plan updates to be submitted by 30th September 2025 (22 September 2025)
Details of how to submit your September DSPT Improvement plan update.
