The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

This system is subject to ongoing development.

What's new?

Changes coming to the DSPT for large NHS Organisations in 2024-25 (15 July 2024)

Details about how the DSPT will be changing in 24-25 for NHS Trusts, CSUs, ALBs and ICBs and a copy of the 23-24 DSPT Outcomes and Indicators of good practice, FAQs and DSPT mapping for NHS Trusts, CSUs, ALBs and ICBs.

Toolkit webinars and update events (03 July 2024)

Includes details of the 24-25 Webinars for Large NHS organisations. We have amended the running order with the sessions Protecting against cyber attack and data breaches and Using and sharing information appropriately and update on DSPT audits swapping dates.

Toolkit webinar slides (Updated 21 June 2024)

Including video and presentation slides from recent Webinar sessions.

Improvement Plans - Instructions for 2023-2024

Guidance and Instructions for 2023-24 Data Security and Protection Toolkit. This applies to NHS Trusts, Integrated Care Boards (ICBs), CSUs, Independent Providers who are Operators of Essential Services under NIS, Key IT Suppliers, Local Authorities and DHSC Arm's Length Bodies.

System changes and release notes (updated 22 May 2024)

A high-level summary of recent changes (and an MFA reminder) is provided here for reference.

Accessibility statement

Accessibility statement for the Data Security and Protection Toolkit