The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
This system is subject to ongoing development.
What's new?
System changes and release notes (updated 19 May 2024)
A high-level summary of recent changes (including the release of the functionality to upload audits) is provided here for reference.
Improvement Plans - Instructions for 2024-2025 (15 May 2025)
Guidance and Instructions for 2024-25 Data Security and Protection Toolkit. This applies to NHS Trusts, Integrated Care Boards (ICBs), Commissioning Support Units (CSUs), Independent Providers who are Operators of Essential Services under NIS, Key IT Suppliers, Local Authorities and Department of Health and Social Care (DHSC) Arm's Length Bodies (ALBs).
Toolkit webinars and update events - Updated Date for May Large NHS organisations webinar (15 May 2025)
Includes details of the new webinar for auditors of large NHS organisations covering the updated audit guidance and scheduled webinars through to June 2025. Large NHS organisation Webinar amended from Tuesday 20th May to Wednesday 21st May 2025.
Improvement Plans - Instructions for 2023-2024
Guidance and Instructions for 2023-24 Data Security and Protection Toolkit. This applies to NHS Trusts, Integrated Care Boards (ICBs), CSUs, Independent Providers who are Operators of Essential Services under NIS, Key IT Suppliers, Local Authorities and DHSC Arm's Length Bodies.
DSPT Independent Assurance and Audit 2024-25 (12 May 2024)
Guidance for all Independent Providers who have been designated Operators of Essential Services, and IT Suppliers, to have a DSPT Audit to the required mandatory scope and framework methodology. A summary guide for NHS organisations and the list of mandatory outcomes to audit and detailed guidance.
Immersive Labs Webinars - Covering CAF based DSPT available throughout May (02 May 2025)
Details of Webinars aimed at NHS Organisations and primary care but available for other sectors, covering Immersive Labs Crisis simulation which support the implementation of the Cyber Assessment Framework (CAF).