The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
This system is subject to ongoing development.
What's new?
Toolkit webinars and update events (6 February 2025)
Includes details of the new webinar for auditors of Large NHS organisations covering the updated audit guidance and scheduled webinars through to June 2025.
Toolkit webinar slides (Updated 07 February 2025)
Including video and presentation slides from recent Webinar sessions including the changes to the DSPT for 24-25 for NHS Trusts, ALBs, ICB and CSUs. Slides from Auditor presentation 06 February 2025 recently added.
DSPT 2024-25 Guide for CAF-aligned DSPT independent assessors, audit guide for all outcomes and templates have been published for NHS Trusts, CSUs, ICBs and ALBs (28 January 2024)
Provides guidance for how outcomes in 2024-2025 Data Security and Protection Toolkit (DSPT) will be audited, lists the mandatory audit outcomes and flags the requirement for the organisation to select four further outcomes to be audited.
DSPT Guidance updated to include Specimen Supporting Statements for NHS Trusts, ICBs, CSUs and ALBs (27 January 2025)
DSPT Guidance has recently been updated to ensure consistency with Audit guidance and to include some specimen supporting statements to help organisations complete their DSPT assessment.
System changes and release notes (updated 20 December 2024)
A high-level summary of recent changes (and an MFA reminder) is provided here for reference.
DSPT 24-25 Interim (Baseline) assessment window now open (10 December 2024)
Details about the DSPT 24-25 Interim (Baseline) assessment for NHS Trusts, Integrated Care Boards, DHSC Arm’s Length Bodies and Commissioning Support Units.
