NHS Data Security and Protection Toolkit (DSPT)

The Data Security and Protection Toolkit is an online assessment tool that allows organisations to demonstrate their performance against the National Data Guardian’s 10 data security standards.

All organisations that have access to NHS Slot Terpercaya patient data and systems must use the toolkit to provide assurance that they are practising data security and that personal information is handled in line with the NHS’ requirements. Compliance is mandatory, and increasingly compliance with a certified standard such as Cyber Essentials Plus is also expected.

Just what is involved in being registered?

Registration is an annual process, which as to be completed by March of each year. 

If you haven’t already got your Organisation Code from NHS Digital you have to apply to obtain one. We know our way around this process, albeit it is a very simple one. 

Once you have your code you register on the toolkit website and identify what type of organisation you are. They fall into 4 categories, with each category (or “primary sector”) having different numbers of mandatory evidence types. 


Call us today on 0113 8019001 or email info@episodeltd.com

Understanding Your Requirements

Depending on the nature of your organisation, there will be anything from 42 requirements if you are a GP practice, to 116 if you are a hospital. For each you need to provide evidence of compliance.

They are all designed to help you ensure you meet the National Data Guardian’s (NDG) data security standards. Completing this Toolkit assessment, by providing evidence and judging whether you meet the assertions, demonstrates that your organisation is working towards or meeting the standards:

Personal Confidential Data
Staff Responsibilities
Managing Data Access
Process Reviews
Responding to Incidents
Continuity Planning
Unsupported Systems
IT Protection
10  Accountable Suppliers

There is a mix of documented policies and procedures you must have in place, as well as proving you have carried out staff training and awareness. The policies needed include a Data Quality Policy, and a Data Security and Protection Policy. ACCESS DOWNLOADS

Other Requirements

Registration with the Information Commissioner’s Office, or ICO

Provide details of a record or register that details each use or sharing of personal information. 

There may also be an element of changes to your IT systems

Processes for dealing with subject access requests.

Processes for reporting & investigating security breaches and near misses.

These requirements are in line with the need to have carried out a Data Protection Impact Assessment, or DPIA, for GDPR compliance. NHS Digital has created a useful tracking tool listing the questions asked and what kind of evidence is acceptable. You can access this as part of our free download pack. ACCESS DOWNLOADS

Key Certifications

security icon

Cyber Essentials +

Created by the National Cyber Security Centre (part of GCHQ), Cyber Essentials is a UK Government scheme aimed at helping you adopt best practice in information security.

It is designed specifically for smaller organisations. 

If you are certified to this standard the DSP Toolkit automatically passes you for many of the requirements. 

Perhaps more importantly the scheme ensures you have the right security environment, and can go a long way in helping your GDPR compliance. See our other page for more information. MORE

security icon

ISO 27001 – Information Security Management

Recognised globally as the best standard for information security. If you are certified to this a larger number of the requirements are automatically met than are by being Cyber Security Plus certified. 

It is unlikely you will choose to adopt this standard as it can be seen as overkill for smaller organisations such as dentists and GP practices. See our other page for more information.

An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. MORE

Why Episode?

Episode spends most of our time in client office, not speaking with you by email. It is the only way we can really make sure you get the best service.

We are not IT experts, but we have an associate partner, Bleam Cyber Security, that is. They conduct a thorough review of your set-up to give you a report and best practice advice on what is needed in your IT systems.

We have done this before – for example, with Topp Language Solutions 

We come from the real world. We have all been operations managers of one discipline or another so we know what will, & will not, work in your day to day activities, which are already too overburdened with admin. We keep the additional admin overhead to a minimum (& take care of most of it for you). We will train you & your staff on the requirements & get you through the process

Gain free access to our example documents and information guides.

– Organisation Code Application Form
– DSP Toolkit requirements
– Data Protection Policy
– Data Quality Policy

    Call us today on 0113 8019001 or email info@episodeltd.com


    It was only by utilising the expert guidance and experience of ‘Episode Ltd.’ That Thurston Group was able to attain certification within an exceptionally challenging time frame. We therefore offer our thanks to Episode Ltd. For the diligent and professional services provided. We also look forward to working with them again soon and would not hesitate to recommend their services.”

    Peter Spieight, Senior Divisional Director, Thurston Group, Wakefield

    Roger’s support was invaluable in terms of gap analysis, recommendations for improvement, and facilitation of the certification process. I would strongly recommend Roger to any organisation wishing to develop or improve its management systems, in a way which minimizes bureaucracy, and focuses on best serving the needs of the organization.

    Gary Evans, Flour Corporation, Abu Dhabi