The Assertions and Evidence items for the 2023-24 V6 Data Security and Protection Toolkit have now been agreed.

The deadline for the Data Security and Protection Toolkit is 30th June 2024.

A baseline publication by 29 February 2024 is required from NHS Trusts, ALBs, CSUs and ICBs.

NHS Trusts, ALBs, CSUs, Key IT Suppliers, ICBs and Organisations designated as Operators of Essential Service under the Network and Information Systems (NIS) Directive  are all classed as Category one organisations for the DSP Toolkit. 

The work to incorporate the Assertions and Evidence items into the Data Security and Protection Toolkit with the updated assurance framework (audit guide) and Big Picture Guides is in progress.

A downloadable copy of the Assertions and Evidence items for the 2023-24 Data Security and Protection Toolkit is here: Assertions and Evidence Items 23-4 V6.xlsx

Change Log:

04-01-2024 Updated Tooltip for Category 3, evidence item 1.4.2 to amend the location of the Not applicable response. 

19-01-2024 Re-uploaded xlsx file to display on the requirements tab when first downloaded, no change to content.

10-11-2023 Updated tooltip for 4.5.3 to remove reference to Cyber Essential+ equivalence.

18-09-2023: Updated list of organisations in Catergory 1 in title for column F, G and H. Updated links for tooltips for 3.1.1, 3.1.2, 3.1.3 and 3.2.2.

26-09-2023: Updated Tooltips following migration of Better Security Better Care Website to Digital Care Hub.

02-10-2023: Updated Tooltips in CAT1 for training and culture assertions to link to Big Picture Guides.