Assertions and Evidence items for the Data Security and Protection Toolkit 2024-25 version 7 (21 October 2024)
Key facts and assertions and evidence items for the Data Security and Protection Toolkit 2024-25 (version 7). Updated spreadsheet version for Category 2 organisations.
The Assertions and Evidence items for the 2024-25 V7 Data Security and Protection Toolkit have now been agreed.
The deadline for the Data Security and Protection Toolkit is 30th June 2025.
NHS Trusts, ALBs, CSUs and ICBs will view a new interface aligned to the NCSC Cyber Assessment Framework.
The work to incorporate the Assertions and Evidence items into the Data Security and Protection Toolkit with the updated assurance framework (audit guide) and Big Picture Guides is complete.
Downloadable copies of the Assertions and Evidence items for the 2024-25 Data Security and Protection Toolkit are available:
For IT Suppliers, Organisations that are an OES Independent Provider under the Network and Information Systems, Dentists, GPs, Local Authorities, Opticians, Others, Pharmacy, Social care, Universities here:
Outcome and Indicators of good practice in a spreadsheet form are available for NHS Trusts, ALBs, CSUs, ICB here:
Change Log
8 Ocotber 2024 Amendment to spreadsheet for Large NHS Organisations to correct IGP wording on B4.a and B5.b.
21 October 2024 Amendment to spreadsheet for IT Suppliers and OES Independent providers to update tooltip for 9.4.5 to clarify how to upload DSPT Audit.