DAPB0086: Data Security and Protection Toolkit

The Data Security and Protection (DSP) Toolkit is an online tool that enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care, notably the 10 data security standards set by the National Data Guardian.

About this information standard

All organisations that have access to NHS patient data and systems must use this Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Such organisations are required to carry out self-assessments of their compliance against the assertions and evidence contained within the DSP Toolkit.

This information standard is published under section 250 of the Health and Social Care Act 2012. An Information Standards Notice (see below) provides an overview of scope and implementation timescales, and the Specification and Implementation Documents provide further detail for those who have to implement the information standard.

Release for 2024-25 (30 September 2024 to 30 June 2025)

Release date	25 September
Release number	Amd 33/2024
Release title	Version7.0
Stage	Implementation
Key documents	Change specification (Amd 33/2024) Implementation Guide (Amd 33/2024) Requirements Specification (Amd 33/2024) Information Standards Notice (Amd 33/2024)
Further information	Full details and help information is on the NHS England's Data Security and Protection toolkit.

Release for 2023-24 (18 August 2023 to 30 June 2024)

Release date	18 August 2023
Release number	Amd 21/2023
Release title	Version 6.0
Stage	Implementation
Key documents	Information Standards Notice (Amd 21/2023) Requirements Specification (Amd 21/2023) Appendix 1 - Assertions and Evidence Statements v1.5 (Amd 21/2023) Change Specification (Amd 21/2023) Implementation Guide (Amd 21/2023)
Further information	Full details and help information is available on the NHS Digital's Data Security and Protection Toolkit website.

Release for 2022-23 (3 August 2022 to 30 June 2023)

Release date	3 August 2022
Release number	Amd 23/2022
Release title	Version 5.0
Stage	Superseded by Amd 21/2023
Key documents	Information Standards Notice (Amd 23/2022) Requirements Specification (Amd 23/2022) Appendix 1 - Assertions and Evidence Statements v1.2 (Amd 23/2022) Change Specification v1.1 (Amd 23/2022) Implementation Guide (Amd 23/2022) Corrigendum (Amd 23/2022) (September 2022)
Further information	Full details and help information is available on the NHS Digital's Data Security and Protection Toolkit website.

Release for 2021-22 (20 July 2021 to 30 June 2022)

Release date	20 July 2021
Release number	Amd 36/2021
Release title	Version 4.0
Stage	Superseded by Amd 23/2022
Key documents	Information Standards Notice (Amd 36/2021) Requirements Specification (Amd 36/2021) Appendix 1 - Assertions and Evidence Statements v1.1 (Amd 36/2021) (May 2022) Change Specification v1.1 (Amd 36/2021) (May 2022) Appendix A - DSP Toolkit 2020-21 (version 3.1) to 2021-22 (version 4.0) mapping v1.1 (Amd 36/2021) (May 2022) Implementation Guide (Amd 36/2021) Corrigendum (Amd 36/2021) (May 2022)

Release for 2020-21 (10 December 2020 to 30 June 2021)

Release date	10 December 2020
Release number	Amd 71/2020
Release title	Version 3.1
Stage	Superseded by Amd 36/2021
Key documents	Information Standards Notice (Amd 71/2020) (Version 2.0) Requirements Specification (Amd 71/2020) Appendix 1 - Assertions and Evidence Statements (Amd 71/2020) Change Specification (Amd 71/2020) Version 2.0) Appendix A - DSP Toolkit 2019-20 (version 2) to 2020-21 (version 3.1) mapping (Amd 71/2020) Implementation Guide (Amd 71/2020)

Release for 2019-20 (1 April 2019 to 30 September 2020)

Release date	29 May 2019
Release number	Amd 9/2019
Release title	Version 2.0
Stage	Superseded by Amd 71/2020
Key documents	Information Standards Notice (Amd 9/2019) Requirements Specification (Amd 9/2019) Appendix 1 - Assertions and Evidence Statements (Amd 9/2019) Change Specification (Amd 9/2019) Appendix A - DSP Toolkit 2018-19 (version 1) to 2019-20 (version 2) mapping (Amd 9/2019) Implementation Guide (Amd 9/2019)

Release for 2018-19 (1 April 2018 to 31 March 2019)

Release date	8 March 2018
Release number	Amd 58/2017
Release title	Version 1.0
Stage	Superseded by Amd 9/2019
Key documents	Requirements Specification (Amd 58/2017) Appendix 1 - Assertions and Evidence Statements (Amd 58/2017) Change Specification (Amd 58/2017) Appendix A - IG Toolkit to DSP Toolkit Mapping (Amd 58/2017) Implementation Guide (Amd 58/2017) Information Standards Notice (Amd 58/2017)

Updates

25 September

Vs 7.0 released, summary of changes include; NHS organisations (NHS trusts, integrated care boards, commissioning support units and arm’s length bodies utilise the NCSC Cyber Assessment framework introduced into the DSPT in line with the cyber strategy for health and care; updates to the requirements for key IT suppliers and independent providers who have been designated operators of essential services to ensure they are fully applicable to them; update to requirements for smaller organisations to align with Information Commissioners Office (ICO) and NCSC guidance from small businesses. Added in a requirement for multifactor authentication for remote access.

2023

19 September 2023

A minor editorial change has been made to Requirements Specification: Appendix 1 (uplifted to version 1.5). Headers in rows F-H have been updated to reflect all organisation types in Category 1.

2022

6 September 2022

Publication of Corrigendum in respect of Version 5.0 (Amd 23/2022), supported by changes to the Requirements Specification: Appendix 1 (uplifted to document version 1.2). See Corrigendum in the table 'Release for 2022-23 (3 August 2022 to 30 June 2023)' above, for full details.

11 August 2022

Following publication of Version 5.0 (Amd 23/2022) on the 3 August 2022, an error was identified in the Requirements Specification - Appendix 1, in relation to mandatory nature of three requirements: 10.2.4, 8.1.3 and 10.2.3. The Requirements Specification - Appendix 1 document has now been updated with the corrections.

In addition, the 'Total number of mandatory evidence items 2022-23 v5' for Category 1 organisations has been adjusted in the Change Specification (figure 2, page 7) from 112 to 113.

Both updated documents are available in the 2022-23 release table above (as 'Version 1.1').

19 May 2022

Publication of Corrigendum in respect of Version 4.0 (Amd 36/2021), supported by changes to the Change Specification, Change Specification: Appendix A and Requirements Specification: Appendix 1 (all uplifted to document version 1.1). See Corrigendum in the table 'Release for 2021-22 (20 July 2021 to 30 June 2022)' above, for full details.

2020 and 2021

12 February 2021

Following publication of Version 3.1 in December 2020, an error was identified in the the Change Specification and Information Standards Notice (ISN), in relation to the description of the changes. This has now been corrected, and the correction has been signposted with a footnote in the updated documents, which are are available above (as 'Version 2.0').

10 December 2020

Note that Version 3.0 of the DSP Toolkit (Amd 89/2019) was released in April 2020 but, due to the extension to the conformance date of Version 2.0 of the DSP Toolkit, Version 3.0 was not implemented. Version 3.0 is now withdrawn as it is wholly superseded by Version 3.1 (above). Documents for Version 3.0 have been removed from this page but are available on request from [email protected]

Last edited: 1 October 2024 8:38 am