CONTACT US
CONTACT US

NHS Data Security & Protection Toolkit

The NHS Data Security & Protection Toolkit (also known as the DSP toolkit) is an annual requirement for any organisation both within and outside of the NHS if they want to have (or retain) access to NHS patient data. We can assist you with the requirements of the NHS Data Security & Protection Toolkit to ensure that your organisation is fully-prepared for the assessment.
ENQUIRE TODAY

NHS Data Security & Protection Toolkit

What Is The NHS Data Security & Protection Toolkit?

The NHS Data Security & Protection Toolkit is an NHS-operated tool that allows organisations handling sensitive patient data to self-assess themselves against the 10 Data Security Standards issued by the National Data Guardian. The toolkit also requires organisations to declare their compliance and offer a transparent public statement to this effect.

It is imperative that all organisations handling sensitive patient information use the Data Security & Protection Toolkit to thoroughly assess their data security efforts & ensure effective data protection measurements are in place.

How We Can Help

We can assist you with the requirements of the DSP toolkit and we’ll help ensure that your organisation is structured how it needs to be for the assessment.

We offer the following services:

Audit Service
Submission Service
Security Testing Service

Who Should Complete It

The NHS Data Security & Protection Toolkit serves as an annual requirement for organisations wishing to access (or continue to access) sensitive NHS data. Whether you’re working directly under the NHS – or simply serving as a third party supplier to NHS organisations – it’s essential your organisation is fully-compliant with the Data Security & Protection Toolkit. 

Larger trusts or hospital groups may also be required to complete the toolkit bi-annually to ensure ongoing compliance.

Organisations that are required to comply with the NHS Data Security & Protection Toolkit are grouped into the following four categories:

  • Category 1 – NHS trusts
  • Category 2 – Arm’s length bodies, Clinical Commissioning Groups (CCGs) and Commissioning Support Units (CSUs)
  • Category 3 – All other sectors
  • Category 4 – GP practices

The National Guardian's 10 Data Security Standards

The NHS DSP (Data Security The National Data Guardian’s 10 Data Security Standards are grouped under three distinct leadership obligations to address people, process and obligations:

People

Handling, transmission and storage of confidential data​

All sensitive data is stored, handled & distributed in a secure manner, with personally-identifiable information only being shared for lawful purposes.​

Staff accountability and responsibilities​

The organisation’s faculty understands their duties under the Nation Data Guardian’s Data Security Standards, including the responsible handling of sensitive data and active prevention of data breaches.​

Staff data security training and testing​

All faculty must take part in annual data protection training and pass a compulsory test provided through the revised Information Governance Toolkit.​

Process

Access controls​

Sensitive data is only accessible to members of staff who require access to it, with access being removed as soon as it’s no longer required.​

Annual process reviews​

Data protection processes are reviewed at least once a year to identify – and remediate – any shortcomings in the organisation’s data protection process. Standard procedures are continuously improved year on year in line with evolving cyber security threats and data protection regulation.​

Cyber attack, identification, resistance and response​

Cyber attacks against the organisation’s infrastructure are rapidly identified and deflected, with immediate action taken following an attempted (or successful) data breach. Cyber threats are reported to senior management within twelve hours of detection.​

Continuity and incident response planning​

A suitable continuity plan is established to respond to data protection threats. The plan is tested annually, with a performance report issued to senior management.​

Technology

Unsupported operating systems, applications or browsers​

No unsupported or unsafe infrastructure – including browsers, operating systems and software – are utilised within the organisation’s IT suite.​

Implementation of a suitable strategy or framework to protect IT systems​

A cohesive strategy is in place to protect IT infrastructure from cyber security threats. The strategy must be based upon a proven framework – such as Cyber Essentials – and reviewed annually.​

Contractual accountability for IT suppliers​

IT suppliers are held contractually accountable to protect the sensitive NHS data they handle in adherence to the National Data Guardian’s Data Security Standards.​

When Is The Deadline?

The deadline for completing the DSP toolkit is 31st March, although it can be submitted at any point in the year. (If you are an organisation that is required to complete it twice a year, deadlines will be 31st March and 31st October). It is recommended that you get the DSP toolkit submitted as soon as you have the information ready rather than wait for the deadline to avoid unnecessary rush and potential shortcomings.

We Have Experience In The Following Sectors:

Education Schools and Colleges
Finance and Insurance
Legal and Professional
Medical and Healthcare
Software and Technology
Retail and eCommerce
Charities and Not-for-profit
Manufacturing
Professional Sports
Transport and Logistics
Previous slide
Next slide

Why Choose Bruce & Butler As Your NHS DSP Toolkit Specialists?

Bruce & Butler are committed to providing unmatched assistance in ensuring your organisation achieves full compliance with the NHS Data Security & Protection Toolkit. Our specialist team of data protection experts hold industry-recognised certifications, including CREST and OSCP. This is combined with decades of cyber security experience across a wide range of sectors. 

We’ll work closely with you to identify the unique requirements and facets of your organisation, before ensuring full compliance with the NHS DSP toolkit in a comprehensive and cost-effective manner.

Get in touch with us today to learn more about how our NHS Data Security & Protection Toolkit services can safeguard your organisation.

Our Core Values

At Bruce & Butler, we have a few messages that we try to convey to all our partners. These are our core values that run through the way we work and right through each engagement.

Be Real

This is about authenticity. Like people, every business is different and understanding what your organisation represents helps us to support you and the values you hold dear in the best way possible. We actively encourage our team to be themselves, have a personality and express themselves in a respectful way.

Be Brave

Being brave is about taking ownership and having a voice. We are not the sort of cyber security firm who will just say “yes” for speed or simplicity. We will have a voice, we will present challenge where appropriate and we will dig into core issues when required. This is not about being reckless, but about understanding the wider risk landscape and taking appropriate actions in an efficient and effective manner.

Be Open

Put simply, there will be no surprises. Transparency and communication are both key to ensuring that any challenges we face are tackled appropriately and are overcome as efficiently as possible. You will always be updated and informed – but not badgered.

We, not me

There is no “I” in team. We share in each other’s success and learn from each other’s opportunities to improve, but at the end of the day, everyone is always supported. That is something we believe creates a better service and ensures optimal results. Being accountable and securing your data is very important and requires a collaborative approach to get the best results.

Contact Us

Unit 13
92 Burton Road
Sheffield, S3 8BX

Cyber Security
Data Protection
Penetration Testing
Facebook Instagram Linkedin Twitter Youtube