Learn more about how we can fully project manage and optimise your annual mandatory NHS Data Security and Protection (Toolkit) returns and audits enhancing your NHS compliance and procurement activities
What is The Data Security and Protection Toolkit?
The Data Security and Protection Toolkit (DSPT), previously known as the IG Toolkit, is an online tool developed by the NHS. Its primary purpose is to allow vendors that process patient data in NHS or social care organisations to measure their performance against data security standards.
The DSP toolkit is a core part of the NHS Digital Technology Assessment Criteria (DTAC) officially launched in 2021, that guides health IT procurement for NHS organisations across England. This assessment not only ensures that digital systems and technology used within the NHS is suitable for use, but also works to protect sensitive patient data, and has a DSPT incident reporting tool to manage any breaches of personal data.
Meeting and, ideally exceeding, the DSP Toolkit's requirements involves:
25 Assertions – There are approximately 25 'assertions' that vendors must fulfil through a range of evidence based requirements
40 Requirements – Each assertion can have one or multiple requirements associated with it against which evidence must be provided
>20 Evidence Items – There are over 20 different types of evidence that need to be developed, structured and updated as submittable documents corresponding to each DSP Toolkit Requirement.
Regular Audits – Many of the evidence items require associated annual process audits and version updates in order to be submittable each year
Training – Cybersecurity awareness and compliance training for all staff from the most junior to the boardroom is an essential part of fulfilling the requirements of the DSP Toolkit
Accountability – There must be clear evidence of board level engagement and accountable stakeholders responsible for cybersecurity
Who Needs to Submit the Data Security and Protection Toolkit?
Any relevant organisations in England that process health and/or social care data, and have access to NHS patient data and systems, must use the Data Security and Protection Toolkit and may be subject to an external audit (depending on the type of organisation and its size).Examples of organisations that would need to complete the Data Protection Toolkit and may be subject to an external audit include:
IT Suppliers
Medical Device Manufacturers
General Practices (GPs)
NHS Trusts
Pharmacies
Dental Practices
Opticians
Biomedical organisations
NHS charities
Contact our team today to learn about our DSPT Support Service.
Why Seek Help To Complete Your DSPT?
DSP Toolkit requirements are increasingly either being audited or being reviewed as a core part of NHS procurements as seen with DTAC. The issue is that the DSP Toolkit is one of the most document and process-intensive requirements that NHS digital technology suppliers face.
Successfully fulfilling the DSP Toolkit's requirements necessitates effective project management to gather evidence, complete annual audits and communicate effectively across departments including HR, legal, IT and at the executive level. This complexity means there's a high risk of missing submission deadlines, not having the appropriate evidence impacting your ability to fulfil the assertions and significant costs to complete the DSP Toolkit at the last minute.
Our solution: Full NHS DSPT Support
At The AbedGraham Group, we specialise in assisting vendors of any size to navigate the complexities of the Data Security and Protection Toolkit. Through our team of NHS compliance consultants, project managers and cybersecurity experts, your organisation can fully outsource its DSP Toolkit completion processes to The AbedGraham Group. By partnering with us, you get the reassurance that we will assist you in completing your submissions to NHS Digital ahead of time with a focus on exceeding NHS expectations whenever possible. Our support service is:
Efficient – We use specialised sets of 'in-house' evidence templates to accelerate document creation
Engaging – We communicate effectively with all key stakeholders in your organisation to ensure necessary processes, audits and evidence are generated in a timely manner every year
Granular – Our cybersecurity consultants have worked extensively with local and central NHS organisations and understand how to structure cybersecurity best practice standards so they are right sized to your organisation and your NHS customers' environments
Cost-effective – Retaining our support service for a fixed annual fee will be more cost effective than in-house processes or ad-hoc engagements with 3rd party consultants.
Comments