What is the DSP toolkit and how it helps you?
DSP stands for The Data Security and Protection Toolkit (“DSP or DSPT”) which is an online based self-assessment tool. Previously organisation processing or handling NHS patients personal information completed the information governance toolkit. The purpose of the DSP is to measure the performance, implementation and meeting the recommendations of the National Data Guardian’s 10 data security standards, giving assurances to protecting patients’ personal data and comply with General Data Protection Regulation (“GDPR”) or other frameworks.
Who needs to use the NHS DSP toolkit (Data Security and Protection)?
The DSP toolkit self-assessment is required for all organisations to use where they process NHS patient personal information or process on NHS systems. The organisations below are covered by a certain NHS category under the toolkit are as follows:-
- NHS Trust
- Pharmacies (community pharmacy)
- Pharmacy HQ
- Social care
- NHS business partners (charities)
- Companies (providing non-healthcare or services to NHS related to patients)
What is the purpose of DSP toolkit assessment?
The DSP toolkit provides a review of against the assessment submission to see how far your organisation is in meeting the requirements of Data Security and Protection of personal information. Also, it helps to identify where there are gaps in against National Data Guardian’s 10 data security standard requirements and what steps your organisation need to take in order to achieve a certain standard of compliance.
Who is responsible for completing the DSP toolkit?
For example, if one of the categories is GP practice in DSP toolkit then, the practice or the information governance lead may complete the gathering and progressing of evidence or responses to each area. They also may require additional support from other areas such as IT or central IT function, for support on confirmation of the penetration or vulnerability test and follow up remedial action. Furthermore, there is likely to be buy in from senior management or board members to demonstrate adoption of best practices in data protection and security.
What are the National Data Guardian’s 10 data security standards?
The data security standards which are followed by those in dealing with NHS patients or social care are:
- The personal confidential information processed lawfully and securely.
- All staff understand Data Security standard and accountable for handling personal information.
- Annual Data Security and Protection training by all staff.
- Personal information accessible on a need-to-know basis.
- Review of processes annually and improvements.
- Take action against security or cyber security following a breach.
- Business continuity plan exists to respond to breach.
- Not to use unsupported systems, hardware or software.
- Protection of IT and systems from security and cyber security with Cyber Essentials.
- IT suppliers are held accountable.
For example, in relation to the 9th data security standards, a supplier may provide evidence that they have the relevant ISO27001 and/or Cyber Essentials certification in place to provide assurances and that personal information is secure.
How to login to the DSP toolkit?
If you are accessing the DSP toolkit for the first time, then you will probably need to register before using The Data Security and Protection Toolkit.The login to the is via the NHS digital Data Security and Protection portal with your NHS email address and password. Whilst accessing to your account you will be requested to enter a valid organisations ODS code.
When is the deadline for DSP toolkit submission?
This assessment submission of DSP took kit is by the 30th of June (check each year in-case where deadlines may vary). If there are extensions which may be in place see the NHS digital website for further information. In the event of any revisions also check if any of the controls may have extend the period of any evidence submission required.
How does the DSP toolkit help?
This assessment of a submission on a DSP toolkit help to either comply with or putting in place best practices around the National Data Guardian’s 10 data security standard along with meeting the data protection laws. It also raises awareness of data protection, GDPR and cyber security for those working in NHS, GP surgery, pharmacies or other organisations dealing with patients’ personal information.
Your organisation may have support requirement in one or more area then engage our consultant and DSP compliance service why not talk to us and see if we can assist by emailing email@example.com or request a proposal from us.