top of page

NHS Data Security and Protection Toolkit Standard

The Data Security and Protection Toolkit (DSPT) has replaced the Information Governance toolkit from April 2018.

The DSPT is an online self-assessment toolkit that has to be used by all organisations that have access to NHS patient data and clinical systems.

The last date to submit the assesment is 30 June 2021.


What is DSPT?

The DSP Toolkit Standard is a National Health Service standard. All organisations that have access to NHS patient data and systems must use the DSP Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Such organisations are required to carry out self-assessments of their compliance against the assertions and evidence contained within the DSP Toolkit.


More Details...

There are 115 questions in cateogories, most of these are mandatory.

  • Personal Confidential Data

  • Staff Responsibilities

  • Training

  • Managing Data Access

  • Process Reviews

  • Responding to Incidents

  • Continuity Planning

  • Unsupported Systems

  • IT Protection

  • Accountable Suppliers

Some sample questions:

  • Has anti-virus or malware protection software been installed on all computers that are connected to or capable of connecting to the Internet?

  • Number of spam emails blocked per month.

  • Provide a summary of data security incidents in the last 12 months caused by a mismatch between user role and system accesses granted.

  • The person with overall responsibility for data security confirms that the risks of using unsupported systems are being treated or tolerated.

  • How do your systems receive updates and how often?


How can we help?

Our highly exerienced technical professionals will visit the practice and prepare information which are requried to submit for the toolkit. We can also submit the toolkit on your behalf.

With the help of NHS Digital, GDC and ICO resources we have prepared set of documents that are mandatory requriements and must be maintained by a dental practice.

We can assist the practice in setting up for GDPR once which can later be matainted by the team locally or we can continue to help.

bottom of page