NHS Data Security & Protection Toolkit

Protecting sensitive patient information.

What Is The NHS Data Security and Protection Toolkit (DSPT)?

All organisations that have access to NHS patient data and systems must use the NHS toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly.

The NHS Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

We have a long working history with the NHS on various consultancy and training projects and have extensive DSPT and CAF experience of delivering successful projects in security critical environments. We can enable your organisation to adopt the standards easily and quickly, and stay up-to-date with the NHS DSPT.

For a confidential conversation on how we could support your organisation – Call the team on 0121 559 6699 or email bestpractice@advent-im.co.uk

Who Needs To Complete NHS DSPT?

Anyone whom operates through a NHS Standard Contract must use the NHS toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Organisations such as (but not limited to); Medical Equipment Providers, Dentists, Opticians, Care Homes, Social Care Providers, IT Proviers etc will need to complete the DSPT online self-assessment.

What Has Changed?

From September 2024, The Data Security and Protection Toolkit (DSPT) changed to align with the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF).

The CAF-aligned DSPT approach emphasises the use of principles and expert judgment to steer informed decision-making, aiming to achieve critical outcomes. This approach will influence how people, processes, and technology are assessed and validated in the realms of cybersecurity and information governance.

As part of the changes, a specific group of health and care organisations will be moving to the CAF-aligned DSPT in 24-25 and will see a new user interface when they log in to file their submission. These organisations are:

  • NHS trusts and foundation trusts
  • Commissioning support units (CSUs)
  • Arm’s length bodies (ALBs) of the Department of Health and Social Care (DHSC)
  • Integrated care boards (ICBs)

We can support you to plan your approach, scope your essential functions and allocate ownership of contributing outcomes ahead of your submission.

SIRO Training

Physical Security

ISO27001

Data Protection

Useful Links via NHS Digital

NHS DSPT System changes and release notes (updated 20 December 2024)

A high-level summary of recent changes (and an MFA reminder) is provided here for reference.

Toolkit webinar slides (Updated 20 December 2024)

Including video and presentation slides from recent Webinar sessions including the changes to the DSPT for 24-25 for NHS Trusts, ALBs, ICB and CSUs.

Cyber Assessment Framework (CAF)-aligned Data Security and Protection Toolkit (DSPT) guidance

Understand the CAF aligned DSPT.

Stay up to date with the NHS standards.

Contact Us

© 2025 Advent IM Limited.