If you are an organisation which has access to or processes NHS patient information, you must provide assurances to the NHS that you are practising good information governance. This assurance is undertaken by submitting a Data Security and Protection Toolkit (DSPT), an annual submission your organisation needs to submit by 30 June every year.
If you provide services under an NHS contract, use a shared health and care records system, or apply for NHS mail, you are contractually required to complete the Data Security and Protection Toolkit (DSPT). This requirement stems from NHS standards and the Department of Health and Social Care policies, ensuring proper handling of NHS patient data. CQC-registered care providers, even if they don’t process NHS information, are encouraged to submit DSPTs to demonstrate compliance with data security standards.
The DSPT differs across organisations, divided into four categories, depending on your status. These categories reflect the varying levels of assurance needed, meaning that each organisation’s submission is unique. We understand these nuances and excel at helping NHS organisations and care providers achieve “Standards Met” within the protection toolkit data security framework.
Our expert team offers practical advice for meeting these standards and building a reputation for resolving previous compliance challenges. For Category 1 organisations, we also provide support for the 2024-2025 Cyber Assessment Framework requirements, helping you navigate new cyber security measures. Our team not only helps ensure compliance but also handles interactions with auditors, provide assurance that your submission stands up to scrutiny.
When you procure us to help complete your DSPT, we will work diligently to collect all the relevant information from you, draft responses and collate documentation into evidence folders which stand up to audit. We will send the toolkit off on your behalf, only consulting you with appropriate risks you need to be aware of. We provide a full post-DSPT report, detailing areas to improve of in next year’s submission as well as our honest assessment of how your organisation handles data security and protection.
We were commissioned to lead the DSPT for a Category 1 organisation. In doing so, we project managed the entire DSPT submission, drafting all responses and uploading the response in the DSPT portal. We liaised with key stakeholders to extract necessary documentation and information required to meet the standards, and where no such documentation existed, we drafted the documentation or drafted detailed guidance on what the organisation needed to have in place to meet the standards. We led all data protection related questions and worked closely with IT and security colleagues to obtain all existing policies and practices that were currently in place.
We were responsible for liaising with independent, external, auditors who assessed the evidence the organisation were intending to use for the submission. We worked hard with the auditors to ensure that they had the necessary information they needed and signposted the information against the assurance framework. An auditor working with us stated “I can safely say that this has been by far the smoothest DSPT audit I have done this year!”
At the end of the submission, the organisation achieved ‘Standards Exceeded’ for the DSPT.
We go every extra mile to complete the toolkit to the very best of our ability. Using us to complete your DSPT gives you the peace of mind that you are in safe hands and that you will meet the standards of the DSPT. Where you don’t have a practice in place which is required, we will draft any necessary documentation and work with you to get that practice in place before the submission is due.
DSPT submissions cannot be completed overnight, so the earlier you get in contact with us, the better your submission and overall practices is going to be.
This toolkit assesses 10 security standards as set out by the National Data Guardian:
When it comes to DSPTs, we offer two main styles of services:
Organisations hugely vary, so please get in touch with us to arrange a 30 minute free consultation or to get a quote on how we can help you.
Get in touch with us today to book a free 30 minute consultation and find out how we can support you achieve compliance.
We provide a full data protection and information governance consultancy service to all our clients who engage with us. We provide flexible packages and services to make sure that you only pay for what you need, so you aren’t paying for unnecessary services. Whatever you and your organisation need, we are here to help.
