News
The latest news and resources.
System changes and release notes (updated 20 December 2024)
A high-level summary of recent changes (and an MFA reminder) is provided here for reference.
Toolkit webinar slides (Updated 20 December 2024)
Including video and presentation slides from recent Webinar sessions including the changes to the DSPT for 24-25 for NHS Trusts, ALBs, ICB and CSUs.
DSPT 2024-25 audit guide for all outcomes has been published for NHS Trusts, CSUs, ICBs and ALBs (18 December 2024)
This document is being provided provide detailed guidance for how outcomes in 2024-2025 Data Security and Protection Toolkit (DSPT) will be audited.
DSPT 24-25 Interim (Baseline) assessment window now open (10 December 2024)
Details about the DSPT 24-25 Interim (Baseline) assessment for NHS Trusts, Integrated Care Boards, DHSC Arm’s Length Bodies and Commissioning Support Units.
Nominations open for the National Health and Care Information Governance Annual Awards 2025 (06 December 2024)
Working in Information Governance can be a tough and lonely place, whether as an Information Governance professional or as someone supportive of the discipline. Do you know someone who deserves recognition for their hard Information Governance work?
Data Protection Impact Assessment (22 August 2020)
The Data Protection Impact Assessment for the Data Security and Protection Toolkit is available here
DSPT Independent Assurance and Audit 2024-25 (29 November 2024)
Guidance for all Independent Providers who have been designated Operators of Essential Services and IT Suppliers to have a DSPT Audit to the required mandatory scope and framework methodology. A summary guide for NHS organisations and the list of mandatory outcomes to audit is now available, with detailed guidance to follow in a couple of weeks (mid December 2024).
Reminder on submitting an update to your 23-24 DSPT Improvement plans (29 November 2024)
This is for organisations with a 2023-24 (v6) DSPT publication status of ‘Approaching Standards’ or ‘Standards Not Met’.
Toolkit webinars and update events (28 November 2024)
Includes details of the 24-25 Webinars for Large NHS organisations and scheduled webinars through to June 2025.
Free learning available to help complete the CAF-aligned Data Security and Protection Toolkit (08 November 2024)
Immersive Labs training available to help support NHS Trusts, ICBs, CSUs and ALBs complete their 24-25 Data Security and Protection Toolkit (DSPT)
Changes to the DSPT for large NHS Organisations in 2024-25 (08 November 2024)
Details about how the DSPT has changed in 24-25 for NHS Trusts, CSUs, ALBs and ICBs and a copy of the 23-24 DSPT Outcomes and Indicators of good practice, FAQs, a mapping to other frameworks, example scoping templates and DSPT mapping for NHS Trusts, CSUs, ALBs and ICBs. FAQs have been updated.
Assertions and Evidence items for the Data Security and Protection Toolkit 2024-25 version 7 (21 October 2024)
Key facts and assertions and evidence items for the Data Security and Protection Toolkit 2024-25 (version 7). Updated spreadsheet version for Category 2 organisations.
DSPT CAF Guidance PDFs (14 October 2024)
PDF documents copied from the 2024-25 web versions of the CAF based DSPT guides
Improvement Plans - Instructions for 2023-2024
Guidance and Instructions for 2023-24 Data Security and Protection Toolkit. This applies to NHS Trusts, Integrated Care Boards (ICBs), CSUs, Independent Providers who are Operators of Essential Services under NIS, Key IT Suppliers, Local Authorities and DHSC Arm's Length Bodies.
Accessibility statement
Accessibility statement for the Data Security and Protection Toolkit
We need your help to review the costs and benefits associated with completing the DSPT (5th April 2024)
Would you be willing to complete a survey on the costs and benefits associated with completing the DSPT.
Winners announced for the National Health and Social Care - Information Governance Annual Awards 2024 (15 March 2024)
Details of the winners and finalists.
As of 13th March 2024 the DSPT Demo environment is available again after disruption earlier in the week.
We apologise for any inconvenience
Reminder to submit a Baseline (Interim) Publication for your 23-24 Data Security Protection Toolkit (24 February 2024)
For NHS Trusts, Integrated Care Boards, DHSC Arms Length Bodies and Commissioning Support Units
Notified Incidents Reports 2023 (22th January 2024)
Incidents notified to the Information Commissioner's Office via the Data Security and Protection Toolkit during Q1-Q4 2023.
Notified Incidents Reports 2022 (22th January 2024)
Incidents notified to the Information Commissioner's Office via the Data Security and Protection Toolkit during Q1-Q4 2022.
Big Picture Guides PDF Versions (15 January 2024)
Big Picture Guides PDF Versions now available, as requested by the community.
New – free e-learning on data security and protection for care staff (13th December 2023)
Further details and a link to a new e-learning resource specifically designed for the care sector.
DSPT and Cyber Essentials Plus – Update January 2021
Applicable to NHS Trusts and Foundation Trusts
Staff training, awareness and culture major DSPT change
Until July 2023, the DSPT required that you train at least 95% of your staff using the national Data Security Awareness Level 1 e-learning or a local equivalent. This has changed for 2023/24. Instead of the 95% training requirement, you now need to ensure that all your staff have an ‘appropriate understanding of information governance and cyber security’.
Big Picture Guides for 23-24 v6
The Big Picture Guides have been updated for the current release (23-24 v6).
NHS England publishes new multi-factor authentication (MFA) policy and accompanying guidance (29th August 2023)
New policy and guidance, who it applies to and where you can find it.
NHS England launches new universal information governance templates
NHS England has launched a new suite of information governance templates. The suite covers templates for Data Protection Impact Assessments, Data Sharing and Processing Agreements, Information Assets & Flows Registers and Privacy Notices.
Information about the Baseline submission for NHS Trusts, ICBs, CSUs and DHSC ALBs (31 January 2023)
A note about the Baseline submission for, NHS Trusts, ICBs, CSUs and DHSC ALBs.
National Health and Social Care Strategic Information Governance Network Local Group Map and Awards Winners (23rd December 2022)
The winners are announced for the 2022 National Health and Social Care Strategic Information Governance Network Awards and local group map.
Assertions and Evidence items for the Data Security and Protection Toolkit 2022-23 (12 December 2022)
Key facts and assertions and evidence items for the Data Security and Protection Toolkit 2022-23 (version 5)
Postponed: National Health and Care Strategic Information Governance Network Annual Awards 2022 (14th September 2022)
The National Health and Care Strategic Information Governance Network Awards have been postponed due to the death of the Queen.
Thank you for completing your 21 22 Data Security and Protection Toolkit Helpdesk Update (5th July 2022)
Update on 21 22 Data Security and Protection Toolkit
Notified Incidents Reports 2021 (7th January 2022)
Incidents notified to the Information Commissioner's Office via the Data Security and Protection Toolkit during Q1-Q4 2021.
Data Security and Protection Toolkit (version 4) 2021-22 (Updated 9 June)
Overview of the Data Security and Protection Toolkit (version 4) 2021-22 requirements, including downloadable spreadsheet. Updated to reflect national data opt-out changes
National Data Guardian guidance on the appointment of Caldicott Guardians, their role and responsibilities and new free online learning (03 May 2022)
Details and links to updated guidance and free online learning
Remember to complete and publish your toolkit self-assessment by 30 June 2022
Deadline for 2021-22 toolkit self-assessment publication
National Data Opt-Out update (31 March 2022)
The mandatory implementation of the National Data Opt-Out (NDOO), deadline of 31 March 2022, has been extended until 31 July 2022.
Deadline extended to 4 March 2022 for Baseline submission for NHS Trusts, CSUs and DHSC ALBs (03 March 2022)
A note about extension of the deadline for the the Baseline submission for NHS Trusts, CSUs and DHSC ALBs. CCGs are not required to complete a baseline or submit any formal assurance .
CCG/ICB Briefing (24 February 2022)
An update on actions to be taken for CCGs and ICBs for the 21-22 DSP Toolkit.
Log4Shell Vulnerability and reminder about the importance of keeping your systems updated (24 December 2021)
This page provides more information about the Log4shell security vulnerability, the steps you should take to protect your data and critical services, a link to a recording of the LOG4J Webinar and confirmation of the DSP Toolkit exception.
National Health and Care Strategic Information Governance Network 2021 Award Winners Announced
Details of the National Health and Care Strategic Information Governance Network 2021 Award Winners
Access to shared systems (Adult Social Care) 20 October 2021
A copy of the item published by NHSX on the access to shared system (adult social care) that Data Security and Protection Toolkit can provide.
Supported Browsers on the Data Security and Protection Toolkit
From 19 August the Data Security and Protection Toolkit will no longer support Internet Explorer 11. If you use Internet Explorer 11, you should switch to a modern supported browser.
Nominations are open for the National Health and Social Care Information Governance Annual Awards 2021
Details about the SIGN Awards
Update to the DSP Toolkit: National data opt-out non-mandatory for the 2020-21 DSP Toolkit and Spot Checks (10th May 2021)
The DSP Toolkit has been updated to make the evidence item 1.4.4. on the National Data Opt-Out non-mandatory for all sectors and advice on spot checks not being required to be physical events.
New DSP Toolkit support materials available for pharmacists (30th April 2021)
Pharmaceutical Services Negotiating Committee (PSNC) has published a suite of new guidance to assist community pharmacy contractors with completing the Data Security and Protection Toolkit for 2020/21.
Data Security & Protection Toolkit CCG Mergers Briefing (19th March 2021)
A briefing for CCGs who are merging about the DSP Toolkit
Changes to Entry level on the Data Security and Protection Toolkit (8th March 2021)
This applies to Charities, Dentists, NHS Business Partners, Opticians, Pharmacy and Researchers.
Data Security and Protection Toolkit: update for adult social care providers (Updated 4th March 2021)
This update is to tell you about changes to the social care view of the Data Security and Protection Toolkit. This includes information about key actions to take, what changes you will see and support and guidance available.
Information about the Baseline submission for NHS Trusts, CCGs, CSUs and DHSC ALBs (5 February 2021)
A note about the Baseline submission for Acute trusts, Mental health trusts, Ambulance trusts, NHS Trusts providing community services, CCGs, CSUs and DHSC ALBs.
Notified Incidents Reports 2020 (5th January 2021)
Incidents notified to the Information Commissioner's Office via the Data Security and Protection Toolkit during 2020.
Audits and Independent Assessments for Trusts and CCGs 2020-21(including NHS Digital-administered ones)
This communication is for all NHS Trusts and CCGs
Log in with NHSmail
This optional functionality is now available
National Health and Social Care Strategic Information Governance Network Awards 2020 Winners (19th November 2020)
The National Health and Social Care Strategic Information Governance Network (National SIGN) last night proudly announced the winners of its 2020 Information Governance Awards
DSP Toolkit Deadline Extension - Frequently asked questions (21 September 2020)
Lots of questions have been received about the extension to the DSP Toolkit deadline so they have been collated in an FAQ page.
National data opt-out deadline has been extended to 31 March 2021(11th September 2020)
Following the announcement of the extension to the deadline of the national data opt out (https://digital.nhs.uk/services/national-data-opt-out), evidence item 1.4.4 of the 19-20 Data Security and Protection Toolkit has been amended.
Barry Moult wins ICO Award for Excellence in Data Protection 2020 – “made possible by the support of colleagues”
NHS Information Governance professional wins prestigious ICO award.
New guidance available for DSPT Independent Assessment Providers, including Internal Auditors
Available on help https://www.dsptoolkit.nhs.uk/Help/64.
Data Security and Protection Toolkit Deadline 30 September 2020.
The deadline for the Data Security and Protection Toolkit remains 30 September 2020.
Data Security and Protection Toolkit Submission Deadline 2019/20 – COVID-19 (updated 16:35 16 March)
Update on the 2019/20 deadline
Notified Incidents Reports 2019 (11th March 2020)
Incidents notified to the Information Commissioner's Office via the Data Security and Protection Toolkit during 2019.
National Health and Social Care Strategic Information Governance Network Inaugural Award Winners
The National Health and Social Care Strategic Information Governance Network (SIGN) is very proud to announce the winners of its 2019 Inaugural Information Governance Awards
Annual completion of DSP Toolkit (21st October 2019)
Explanation of the annual requirement to complete the Data Security and Protection Toolkit.
Information about the Baseline submission for NHS Trusts, CCGs, CSUs and DHSC ALBs (17 October 2019)
A note about the Baseline submission for NHS Trusts, CCGs, CSUs and ALBs
Keep I.T. confidential (16 October 2019)
Details of a new national cyber security campaign, Keep I.T. Confidential
Additional DSP Toolkit Guidance for sites using both NHSmail and another Email service
Support for answering 6.3.3, 6.3.4 and 6.3.5 for sites with multiple email system including NHSmail.
Useful resources to help complete the Data Security and Protection Toolkit (22 January 2019)
Useful resources to help complete the Data Security and Protection Toolkit
Notified Incidents Reports 2018 (17 January 2019)
Incidents notified to the Information Commissioners Office 25th May 2018 – 31st December 2018 reported quarterly.
Data Security and Protection Incident Reporting tool available
Data Security and Protection Incident Reporting tool available as part of the Data Security and Protection Toolkit