top of page

Data Security and Protection Toolkit Support

Learn more about how we can fully project manage and optimise your annual mandatory NHS Data Security and Protection (Toolkit) returns and audits enhancing your NHS compliance and procurement activities



What is The Data Security and Protection Toolkit?

The Data Security and Protection Toolkit (DSPT), previously known as the IG Toolkit, is an online tool developed by the NHS. Its primary purpose is to allow vendors that process patient data in NHS or social care organisations to measure their performance against data security standards.


The DSP toolkit is a core part of the NHS Digital Technology Assessment Criteria (DTAC) officially launched in 2021, that guides health IT procurement for NHS organisations across England. This assessment not only ensures that digital systems and technology used within the NHS is suitable for use, but also works to protect sensitive patient data, and has a DSPT incident reporting tool to manage any breaches of personal data.

 

Meeting and, ideally exceeding, the DSP Toolkit's requirements providing evidence to meet a range of assertions of Indicators of Good Practice. From 2024, DSPT will transition to adopting the NCSC's Cyber Assessment Framework (CAF) Indicators of Good Practice (IGPs).


Who Needs to Submit the Data Security and Protection Toolkit?


Any relevant organisations in England that process health and/or social care data, and have access to NHS patient data and systems, must use the Data Security and Protection Toolkit and may be subject to an external audit (depending on the type of organisation and its size).Examples of organisations that would need to complete the Data Protection Toolkit and may be subject to an external audit include: 


  • IT Suppliers

  • Medical Device Manufacturers

  • General Practices (GPs)

  • NHS Trusts

  • Pharmacies

  • Dental Practices

  • Opticians

  • Biomedical organisations

  • NHS charities



Are DSPT Audits now Mandatory? 

From 2024/25 DSPT External Assurance Audits are mandatory for NHS organisations and any technology supplier to the NHS classified as an "IT Supplier" which means they have equal to or greater than £10m in annual revenue (globally) and greater than 50 employees within their organisation.


Contact our team today to learn about our audit services.


Why Seek Help To Complete Your DSPT? 


As a supplier to the NHS, completing your DSP Toolkit annual return and accompanying external audit report is essential for doing business. The issue is that the DSP Toolkit is one of the most document and process-intensive requirements that NHS digital technology suppliers face.

Successfully fulfilling the DSP Toolkit's requirements necessitates effective project management to gather evidence, complete annual audits and communicate effectively across departments including HR, legal, IT and at the executive level. This complexity means there's a high risk of missing submission deadlines, not having the appropriate evidence impacting your ability to fulfil the assertions and significant costs to complete the DSP Toolkit at the last minute.


Our solution: Full NHS DSPT Support


At The AbedGraham Group, we specialise in assisting vendors of any size to navigate the complexities of the Data Security and Protection Toolkit. Through our team of NHS compliance consultants, project managers and cybersecurity experts, your organisation can fully outsource its DSP Toolkit completion processes to The AbedGraham Group. By partnering with us, you get the reassurance that we will assist you in completing your submissions and audits to NHS Digital ahead of time with a focus on exceeding NHS expectations whenever possible. Our support service is:

  • Efficient – We use specialised sets of 'in-house' evidence templates to accelerate document creation

  • Engaging – We communicate effectively with all key stakeholders in your organisation to ensure necessary processes, audits and evidence are generated in a timely manner every year

  • Granular – Our cybersecurity consultants have worked extensively with local and central NHS organisations and understand how to structure cybersecurity best practice standards so they are right sized to your organisation and your NHS customers' environments 

  • Cost-effective – Retaining our support service for a fixed annual fee will be more cost effective than in-house processes or ad-hoc engagements with 3rd party consultants.





Comments


bottom of page