We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NHS Data Security & Protection Toolkit

Protecting sensitive patient information.

What Is The NHS Data Security and Protection Toolkit (DSPT)?

All organisations that have access to NHS patient data and systems must use the NHS toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly.

The NHS Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

We have a long working history with the NHS on various consultancy and training projects and have extensive DSPT and CAF experience of delivering successful projects in security critical environments. We can enable your organisation to adopt the standards easily and quickly, and stay up-to-date with the NHS DSPT.

For a confidential conversation on how we could support your organisation – Call the team on 0121 559 6699 or email bestpractice@advent-im.co.uk

Who Needs To Complete NHS DSPT?

Anyone whom operates through a NHS Standard Contract must use the NHS toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Organisations such as (but not limited to); Medical Equipment Providers, Dentists, Opticians, Care Homes, Social Care Providers, IT Proviers etc will need to complete the DSPT online self-assessment.

What Has Changed?

From September 2024, The Data Security and Protection Toolkit (DSPT) changed to align with the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF).

The CAF-aligned DSPT approach emphasises the use of principles and expert judgment to steer informed decision-making, aiming to achieve critical outcomes. This approach will influence how people, processes, and technology are assessed and validated in the realms of cybersecurity and information governance.

As part of the changes, a specific group of health and care organisations will be moving to the CAF-aligned DSPT in 24-25 and will see a new user interface when they log in to file their submission. These organisations are:

  • NHS trusts and foundation trusts
  • Commissioning support units (CSUs)
  • Arm’s length bodies (ALBs) of the Department of Health and Social Care (DHSC)
  • Integrated care boards (ICBs)

We can support you to plan your approach, scope your essential functions and allocate ownership of contributing outcomes ahead of your submission.

SIRO Training

Physical Security

ISO27001

Data Protection

Useful Links via NHS Digital

NHS DSPT System changes and release notes (updated 20 December 2024)

A high-level summary of recent changes (and an MFA reminder) is provided here for reference.

Toolkit webinar slides (Updated 20 December 2024)

Including video and presentation slides from recent Webinar sessions including the changes to the DSPT for 24-25 for NHS Trusts, ALBs, ICB and CSUs.

Cyber Assessment Framework (CAF)-aligned Data Security and Protection Toolkit (DSPT) guidance

Understand the CAF aligned DSPT.

Stay up to date with the NHS standards.

Contact Us

© 2025 Advent IM Limited.