We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
About this information standard
The Data Security and Protection (DSP) Toolkit is an online tool that enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care (DHSC), notably the 10 data security standards set out by the National Data Guardian in the 2016 Review of data security, consent and opt-outs.
All organisations that have access to NHS patient data and systems must use this Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Such organisations are required to carry out self-assessments of their compliance against the assertions and evidence contained within the DSP Toolkit.
This information standard is published under section 250 of the Health and Social Care Act 2012. An Information Standards Notice (see below) provides an overview of scope and implementation timescales, and the Specification and Implementation Documents provide further detail for those who have to implement the information standard.
COVID-19 Impact: Update
In light of current events, NHSX recognises that it will be difficult for many organisations to fully complete the 2019-20 toolkit (Amd 9/2019) without impacting on their COVID-19 response. NHSX has therefore taken the decision to push back the final deadline for 2019-20 DSPT submissions to 30 September 2020. Organisations can choose to complete DSPT before that date. If they do so, and if they fully meet the 2019-20 standard, those organisations will be awarded 'Standards Met' status, as in previous years.
As a result of this extension, some of the questions have been updated and guidance has been published, covering the four categories of organisations:
The 2020-21 toolkit (Amd 89/2019) was published on 2 April 2020. However, please note that it will be kept under review based on the COVID-19 response. The implementation start date of the 2020-21 toolkit is 1 October 2020 and the conformance date is 31 March 2021.
Update 21 May 2020
Version 3.0 of the the Data Security and Protection Toolkit (DSP) was published on 2 April 2020.
Since then, in consultation with end users, a need for minor changes to the publication documents has been identified and a corrigendum has been published, alongside updated Change Specification, Change Specification Appendix and Requirements Specification Appendix documents.
If you have any questions about this Corrigendum, or other DSP issues, you can contact the developers.
Release for 2020-21 (1 October 2020 to 31 March 2021)
|Release date||2 April 2020|
|Release number||Amd 89/2019|
|Stage||Implementation (from 1 October 2020)|
|Full details and help information is available on the NHS Digital's Data Security and Protection Toolkit website.|
Release for 2019-20 (1 April 2019 to 30 September 2020)
|Release date||29 May 2019|
|Release number||Amd 9/2019|
|Stage||Implementation (until 30 September 2020)|
|Release number||Amd 58/2017|
|Stage||Superseded by Amd 9/2019|