We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
The Data Security and Protection Toolkit replaces the previous Information Governance toolkit from April 2018.
The Data Security and Protection Toolkit is an online self-assessment tool that enables organisations to measure and publish their performance against the National Data Guardian's ten data security standards.
All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
Go to the new toolkit for more information, and to access the new service.
Data Security and Protection Incident Reporting tool available
A new incident reporting tool for data security and protection incidents has been launched within the Data Security and Protection Toolkit. To access the tool, administrators should log in to the toolkit and look for the report an incident menu link.
This replaces the previous SIRI reporting tool which was part of the previous Information Governance Toolkit. The new incident reporting tool reflects the new reporting requirements of the General Data Protection Regulation (GDPR), and for relevant organisations the Networks and Information System (NIS) Regulations.
Reportable data security and protection incidents must be notified through the reporting tool. Guidance materials are available to support organisations assess whether incidents should be reported (https://www.dsptoolkit.nhs.uk/Help/29)
If you require immediate advice and guidance related to a cyber security incident, please contact the NHS Digital Data Security Centre on 0300 303 5222.
You must report a notifiable breach to the Information Commissioner’s Office without undue delay. If you take longer than 72 hours, you must give reasons for the delay.
Access the Data Security and Protection Toolkit
Why and how we process your data in the Data Security and Protection Toolkit and your rights.