The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
This system is subject to ongoing development.
What's new?
Toolkit webinar slides (Updated 22 April 2025)
Including video and presentation slides from recent Webinar sessions including the changes to the DSPT for 24-25 for NHS Trusts, ALBs, ICB and CSUs. Slides from Auditor presentation 06 February 2025 and CAN conference recently added.
Toolkit webinars and update events (17 April 2025)
Includes details of the new webinar for auditors of large NHS organisations covering the updated audit guidance and scheduled webinars through to June 2025.
Finalists announced for the National Health and Care Information Governance Annual Awards 2025 (02 April 2025)
See details of the National Health and Care Information Governance Annual Awards 2025. Winners to be announced on the 4 April 2025.
Notified Incidents Reports 2024 (14 April 2025)
Incidents notified to the Information Commissioner's Office via the Data Security and Protection Toolkit during Q1-Q4 2024.
DSPT Independent Assurance and Audit 2024-25 (29 November 2024)
Guidance for all Independent Providers who have been designated Operators of Essential Services, and IT Suppliers, to have a DSPT Audit to the required mandatory scope and framework methodology. A summary guide for NHS organisations and the list of mandatory outcomes to audit is now available, with detailed guidance to follow in a couple of weeks (mid December 2024).
Changes to DSPT guidance for E3.a and E4.a and Audit guidance for Objective E for NHS Trusts, ICBs, ALBs and CSUs (05 March 2025)
Details of changes to the DSPT guidance and audit guidance implemented 05.05.2025 for NHS Trusts, ICBs, ALBs and CSUs
