We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
DCB0086: Data Security and Protection Toolkit
The Data Security and Protection (DSP) Toolkit is an online tool that enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care, notably the 10 data security standards set by the National Data Guardian.
About this information standard
The Data Security and Protection (DSP) Toolkit is an online tool that enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care (DHSC), notably the 10 data security standards set out by the National Data Guardian in the 2016 Review of data security, consent and opt-outs.
All organisations that have access to NHS patient data and systems must use this Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Such organisations are required to carry out self-assessments of their compliance against the assertions and evidence contained within the DSP Toolkit.
This information standard is published under section 250 of the Health and Social Care Act 2012. An Information Standards Notice (see below) provides an overview of scope and implementation timescales, and the Specification and Implementation Documents provide further detail for those who have to implement the information standard.
Update 12 February 2021: Following publication of Version 3.1 in December 2020, an error was identified in the the Change Specification and Information Standards Notice (ISN), in relation to the description of the changes. This has now been corrected, and the correction has been signposted with a footnote in the updated documents, which are are available below (as 'Version 2.0').
Release for 2020-21 (10 December 2020 to 30 June 2021)
|Release date||10 December 2020|
|Release number||Amd 71/2020|
|Release title||Version 3.1|
|Stage||Implementation (from 10 December 2020)|
|Full details and help information is available on the NHS Digital's Data Security and Protection Toolkit website.|
Note that Version 3.0 of the DSP Toolkit (Amd 89/2019) was released in April 2020 but, due to the extension to the conformance date of Version 2.0 of the DSP Toolkit, Version 3.0 was not implemented. Version 3.0 is now withdrawn as it is wholly superseded by Version 3.1 (above).
Documents for Version 3.0 have been removed from this page but are available on request from firstname.lastname@example.org
Release for 2019-20 (1 April 2019 to 30 September 2020)
|Release date||29 May 2019|
|Release number||Amd 9/2019|
|Release title||Version 2.0|
|Stage||Superseded by Amd 71/2020|
Release for 2018-19 (1 April 2018 to 31 March 2019)
|Release date||8 March 2018|
|Release number||Amd 58/2017|
|Release title||Version 1.0|
|Stage||Superseded by Amd 9/2019|