We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Data Security and Protection Toolkit assessment guides
These 10 guides provide more information on the 10 data security standards, including suggestions and examples of how the standards might be achieved.
This guidance relates to the 2023-24 (version 6) standard.
About the guides
All health and care organisations are expected to implement the 10 National Data Guardian (NDG) standards for data security. These standards are designed to protect sensitive data, and also protect critical services which may be affected by a disruption to critical IT systems (such as in the event of a cyber attack).
A ‘big picture’ guide has been provided for each of the 10 standards to help organisations understand expectations, and support implementation of good data security and protection.
The guides aim to support a wide range of health and care organisations, and as such are not exhaustive. They will not cover every eventually and professional judgement will be required in how the standard is met and audited.
At times the big picture guides may go further than the audit guides and vice versa. Only the most binary of assertions would lead to one answer. The divergence of guides is either following an implementation theme to the end or the next logical audit artifact.