The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

This system is subject to ongoing development.

What's new?

Toolkit webinar slides (Updated 15 October 2024)

Including video and presentation slides from recent Webinar sessions including the changes to the DSPT for 24-25 for NHS Trusts, ALBs, ICB and CSUs.

Toolkit webinars and update events (15 October 2024)

Includes details of the 24-25 Webinars for Large NHS organisations and scheduled webinars through to June 2025.

DSPT CAF Guidance PDFs (14 October 2024)

PDF documents copied from the 2024-25 web versions of the CAF based DSPT guides

Changes to the DSPT for large NHS Organisations in 2024-25 (08 October 2024)

Details about how the DSPT has changed in 24-25 for NHS Trusts, CSUs, ALBs and ICBs and a copy of the 23-24 DSPT Outcomes and Indicators of good practice, FAQs, a mapping to other frameworks and DSPT mapping for NHS Trusts, CSUs, ALBs and ICBs. FAQs have been updated.

Assertions and Evidence items for the Data Security and Protection Toolkit 2024-25 version 7 (8 October 2024)

Key facts and assertions and evidence items for the Data Security and Protection Toolkit 2024-25 (version 7).

DSPT Independent Assurance and Audit 2024-25 (07 October 2024)

Guidance for all Independent Providers who have been designated Operators of Essential Services and IT Suppliers to have a DSPT Audit to the required mandatory scope and framework methodology. Summary guide for NHS Organisations is now available with detailed guidance to follow.