News

The latest news and resources.

Toolkit webinar slides (Updated 22 April 2025)

Including video and presentation slides from recent Webinar sessions including the changes to the DSPT for 24-25 for NHS Trusts, ALBs, ICB and CSUs. Slides from Auditor presentation 06 February 2025 and CAN conference recently added.

Toolkit webinars and update events (17 April 2025)

Includes details of the new webinar for auditors of large NHS organisations covering the updated audit guidance and scheduled webinars through to June 2025.

Finalists announced for the National Health and Care Information Governance Annual Awards 2025 (02 April 2025)

See details of the National Health and Care Information Governance Annual Awards 2025. Winners to be announced on the 4 April 2025.

Notified Incidents Reports 2024 (14 April 2025)

Incidents notified to the Information Commissioner's Office via the Data Security and Protection Toolkit during Q1-Q4 2024.

DSPT Independent Assurance and Audit 2024-25 (29 November 2024)

Guidance for all Independent Providers who have been designated Operators of Essential Services, and IT Suppliers, to have a DSPT Audit to the required mandatory scope and framework methodology. A summary guide for NHS organisations and the list of mandatory outcomes to audit is now available, with detailed guidance to follow in a couple of weeks (mid December 2024).

Changes to DSPT guidance for E3.a and E4.a and Audit guidance for Objective E for NHS Trusts, ICBs, ALBs and CSUs (05 March 2025)

Details of changes to the DSPT guidance and audit guidance implemented 05.05.2025 for NHS Trusts, ICBs, ALBs and CSUs

DSPT 2024-25 Guide for CAF-aligned DSPT independent assessors, audit guide for all outcomes and templates have been published for NHS Trusts, CSUs, ICBs and ALBs (28 January 2024)

Provides guidance for how outcomes in 2024-2025 Data Security and Protection Toolkit (DSPT) will be audited, lists the mandatory audit outcomes and flags the requirement for the organisation to select four further outcomes to be audited.

Assertions and Evidence items for the Data Security and Protection Toolkit 2024-25 version 7 (21 October 2024)

Key facts and assertions and evidence items for the Data Security and Protection Toolkit 2024-25 (version 7). Updated spreadsheet version for Category 2 organisations.

Data Security and Protection Toolkit 2024-25 for large NHS Organisations

Update for NHS Trusts, CSUs, ALBs and ICBs

DSPT Guidance updated to include Specimen Supporting Statements for NHS Trusts, ICBs, CSUs and ALBs (27 January 2025)

DSPT Guidance has recently been updated to ensure consistency with Audit guidance and to include some specimen supporting statements to help organisations complete their DSPT assessment.

System changes and release notes (updated 20 December 2024)

A high-level summary of recent changes (and an MFA reminder) is provided here for reference.

DSPT 24-25 Interim (Baseline) assessment window now open (10 December 2024)

Details about the DSPT 24-25 Interim (Baseline) assessment for NHS Trusts, Integrated Care Boards, DHSC Arm’s Length Bodies and Commissioning Support Units.

Data Protection Impact Assessment (22 August 2020)

The Data Protection Impact Assessment for the Data Security and Protection Toolkit is available here

Reminder on submitting an update to your 23-24 DSPT Improvement plans (29 November 2024)

This is for organisations with a 2023-24 (v6) DSPT publication status of ‘Approaching Standards’ or ‘Standards Not Met’.

Free learning available to help complete the CAF-aligned Data Security and Protection Toolkit (08 November 2024)

Immersive Labs training available to help support NHS Trusts, ICBs, CSUs and ALBs complete their 24-25 Data Security and Protection Toolkit (DSPT)

Changes to the DSPT for large NHS Organisations in 2024-25 (08 November 2024)

Details about how the DSPT has changed in 24-25 for NHS Trusts, CSUs, ALBs and ICBs and a copy of the 23-24 DSPT Outcomes and Indicators of good practice, FAQs, a mapping to other frameworks, example scoping templates and DSPT mapping for NHS Trusts, CSUs, ALBs and ICBs. FAQs have been updated.

DSPT CAF Guidance PDFs (14 October 2024)

PDF documents copied from the 2024-25 web versions of the CAF based DSPT guides

Improvement Plans - Instructions for 2023-2024

Guidance and Instructions for 2023-24 Data Security and Protection Toolkit. This applies to NHS Trusts, Integrated Care Boards (ICBs), CSUs, Independent Providers who are Operators of Essential Services under NIS, Key IT Suppliers, Local Authorities and DHSC Arm's Length Bodies.

Accessibility statement

Accessibility statement for the Data Security and Protection Toolkit

We need your help to review the costs and benefits associated with completing the DSPT (5th April 2024)

Would you be willing to complete a survey on the costs and benefits associated with completing the DSPT.

Winners announced for the National Health and Social Care - Information Governance Annual Awards 2024 (15 March 2024)

Details of the winners and finalists.

As of 13th March 2024 the DSPT Demo environment is available again after disruption earlier in the week.

We apologise for any inconvenience

Reminder to submit a Baseline (Interim) Publication for your 23-24 Data Security Protection Toolkit (24 February 2024)

For NHS Trusts, Integrated Care Boards, DHSC Arms Length Bodies and Commissioning Support Units

Notified Incidents Reports 2023 (22th January 2024)

Incidents notified to the Information Commissioner's Office via the Data Security and Protection Toolkit during Q1-Q4 2023.

Notified Incidents Reports 2022 (22th January 2024)

Incidents notified to the Information Commissioner's Office via the Data Security and Protection Toolkit during Q1-Q4 2022.

Big Picture Guides PDF Versions (15 January 2024)

Big Picture Guides PDF Versions now available, as requested by the community.

New – free e-learning on data security and protection for care staff (13th December 2023)

Further details and a link to a new e-learning resource specifically designed for the care sector.

DSPT and Cyber Essentials Plus – Update January 2021

Applicable to NHS Trusts and Foundation Trusts

Staff training, awareness and culture major DSPT change

Until July 2023, the DSPT required that you train at least 95% of your staff using the national Data Security Awareness Level 1 e-learning or a local equivalent. This has changed for 2023/24. Instead of the 95% training requirement, you now need to ensure that all your staff have an ‘appropriate understanding of information governance and cyber security’.

Big Picture Guides for 23-24 v6

The Big Picture Guides have been updated for the current release (23-24 v6).

NHS England publishes new multi-factor authentication (MFA) policy and accompanying guidance (29th August 2023)

New policy and guidance, who it applies to and where you can find it.

NHS England launches new universal information governance templates

NHS England has launched a new suite of information governance templates. The suite covers templates for Data Protection Impact Assessments, Data Sharing and Processing Agreements, Information Assets & Flows Registers and Privacy Notices.

Information about the Baseline submission for NHS Trusts, ICBs, CSUs and DHSC ALBs (31 January 2023)

A note about the Baseline submission for, NHS Trusts, ICBs, CSUs and DHSC ALBs.

National Health and Social Care Strategic Information Governance Network Local Group Map and Awards Winners (23rd December 2022)

The winners are announced for the 2022 National Health and Social Care Strategic Information Governance Network Awards and local group map.

Assertions and Evidence items for the Data Security and Protection Toolkit 2022-23 (12 December 2022)

Key facts and assertions and evidence items for the Data Security and Protection Toolkit 2022-23 (version 5)

Postponed: National Health and Care Strategic Information Governance Network Annual Awards 2022 (14th September 2022)

The National Health and Care Strategic Information Governance Network Awards have been postponed due to the death of the Queen.

Thank you for completing your 21 22 Data Security and Protection Toolkit Helpdesk Update (5th July 2022)

Update on 21 22 Data Security and Protection Toolkit

Notified Incidents Reports 2021 (7th January 2022)

Incidents notified to the Information Commissioner's Office via the Data Security and Protection Toolkit during Q1-Q4 2021.

Data Security and Protection Toolkit (version 4) 2021-22 (Updated 9 June)

Overview of the Data Security and Protection Toolkit (version 4) 2021-22 requirements, including downloadable spreadsheet. Updated to reflect national data opt-out changes

National Data Guardian guidance on the appointment of Caldicott Guardians, their role and responsibilities and new free online learning (03 May 2022)

Details and links to updated guidance and free online learning

Remember to complete and publish your toolkit self-assessment by 30 June 2022

Deadline for 2021-22 toolkit self-assessment publication

National Data Opt-Out update (31 March 2022)

The mandatory implementation of the National Data Opt-Out (NDOO), deadline of 31 March 2022, has been extended until 31 July 2022.

Deadline extended to 4 March 2022 for Baseline submission for NHS Trusts, CSUs and DHSC ALBs (03 March 2022)

A note about extension of the deadline for the the Baseline submission for NHS Trusts, CSUs and DHSC ALBs. CCGs are not required to complete a baseline or submit any formal assurance .

CCG/ICB Briefing (24 February 2022)

An update on actions to be taken for CCGs and ICBs for the 21-22 DSP Toolkit.

Log4Shell Vulnerability and reminder about the importance of keeping your systems updated (24 December 2021)

This page provides more information about the Log4shell security vulnerability, the steps you should take to protect your data and critical services, a link to a recording of the LOG4J Webinar and confirmation of the DSP Toolkit exception.

National Health and Care Strategic Information Governance Network 2021 Award Winners Announced

Details of the National Health and Care Strategic Information Governance Network 2021 Award Winners

Access to shared systems (Adult Social Care) 20 October 2021

A copy of the item published by NHSX on the access to shared system (adult social care) that Data Security and Protection Toolkit can provide.

Supported Browsers on the Data Security and Protection Toolkit

From 19 August the Data Security and Protection Toolkit will no longer support Internet Explorer 11. If you use Internet Explorer 11, you should switch to a modern supported browser.

Nominations are open for the National Health and Social Care Information Governance Annual Awards 2021

Details about the SIGN Awards

Update to the DSP Toolkit: National data opt-out non-mandatory for the 2020-21 DSP Toolkit and Spot Checks (10th May 2021)

The DSP Toolkit has been updated to make the evidence item 1.4.4. on the National Data Opt-Out non-mandatory for all sectors and advice on spot checks not being required to be physical events.