What Is The NHS Data Security & Protection Toolkit?
The NHS Data Security & Protection Toolkit is an NHS-operated tool that allows organisations handling sensitive patient data to self-assess themselves against the 10 Data Security Standards issued by the National Data Guardian. The toolkit also requires organisations to declare their compliance and offer a transparent public statement to this effect.
It is imperative that all organisations handling sensitive patient information use the Data Security & Protection Toolkit to thoroughly assess their data security efforts & ensure effective data protection measurements are in place.
How We Can Help
We can assist you with the requirements of the DSP toolkit and we’ll help ensure that your organisation is structured how it needs to be for the assessment.
We offer the following services:
Who Should Complete It
The NHS Data Security & Protection Toolkit serves as an annual requirement for organisations wishing to access (or continue to access) sensitive NHS data. Whether you’re working directly under the NHS – or simply serving as a third party supplier to NHS organisations – it’s essential your organisation is fully-compliant with the Data Security & Protection Toolkit.
Larger trusts or hospital groups may also be required to complete the toolkit bi-annually to ensure ongoing compliance.
Organisations that are required to comply with the NHS Data Security & Protection Toolkit are grouped into the following four categories:
- Category 1 – NHS trusts
- Category 2 – Arm’s length bodies, Clinical Commissioning Groups (CCGs) and Commissioning Support Units (CSUs)
- Category 3 – All other sectors
- Category 4 – GP practices
The National Guardian's 10 Data Security Standards
The NHS DSP (Data Security The National Data Guardian’s 10 Data Security Standards are grouped under three distinct leadership obligations to address people, process and obligations:
People
Handling, transmission and storage of confidential data
Staff accountability and responsibilities
Staff data security training and testing
Process
Access controls
Annual process reviews
Cyber attack, identification, resistance and response
Continuity and incident response planning
Technology
Unsupported operating systems, applications or browsers
Implementation of a suitable strategy or framework to protect IT systems
Contractual accountability for IT suppliers
When Is The Deadline?
The deadline for completing the DSP toolkit is 31st March, although it can be submitted at any point in the year. (If you are an organisation that is required to complete it twice a year, deadlines will be 31st March and 31st October). It is recommended that you get the DSP toolkit submitted as soon as you have the information ready rather than wait for the deadline to avoid unnecessary rush and potential shortcomings.
We Have Experience In The Following Sectors:
Why Choose Bruce & Butler As Your NHS DSP Toolkit Specialists?
Bruce & Butler are committed to providing unmatched assistance in ensuring your organisation achieves full compliance with the NHS Data Security & Protection Toolkit. Our specialist team of data protection experts hold industry-recognised certifications, including CREST and OSCP. This is combined with decades of cyber security experience across a wide range of sectors.
We’ll work closely with you to identify the unique requirements and facets of your organisation, before ensuring full compliance with the NHS DSP toolkit in a comprehensive and cost-effective manner.
Get in touch with us today to learn more about how our NHS Data Security & Protection Toolkit services can safeguard your organisation.
