Skip to content
  • DTAC
  • Services
    • DTAC
    • Cyber Security
    • Data Security & Protection
    • Interoperability, Accessibility & Usability
    • Clinical Safety & DCB0129
    • Information Governance
  • About
  • Blog
  • Contact
Menu
  • DTAC
  • Services
    • DTAC
    • Cyber Security
    • Data Security & Protection
    • Interoperability, Accessibility & Usability
    • Clinical Safety & DCB0129
    • Information Governance
  • About
  • Blog
  • Contact

+44 (0)1273 569172

← From our blog

DSPT: How to navigate Version 5 of the NHS Data Security and Protection Toolkit

← From our blog

DSPT: How to navigate Version 5 of the NHS Data Security and Protection Toolkit

Version 5 of the NHS Data Security and Protection Toolkit (DSPT) for 2022-23 was published on 24th August 2022. The deadline for submission (or re-submission) of the annual assessment is Friday 30th June 2023.

All NHS standard contracts require suppliers to maintain a DSPT to a minimum of ‘standards met’ for the duration of the contract. The DSPT also forms a core pass/fail element of the Digital Technology Assessment Criteria (DTAC) which all new health technology adopted by the NHS must be assessed against. In addition to these requirements, the DSPT can also act as an excellent way of providing assurance both internally and externally to clients and the public that your organisation is committed to privacy, confidentiality and security and has implemented appropriate organisational and technical controls to protect personal data.

Most organisations that are external to the NHS but provide services to them fall into ‘Category 3’. There are 35 Assertions and 42 mandatory evidence items which must be provided or responded to by Category 3 organisations in order to achieve ‘standards met’.

Some questions to ask yourself before tackling the DSPT:

  • Have you renewed your ICO registration?
  • Are all your data security and protection policies and procedures still up to date?
  • Have you been monitoring compliance with your policies and procedures?
  • Have you got a Record of Processing Activities (RoPA) for your organisation and when was this last reviewed?
  • Does your organisation’s IT system suppliers have cyber security certification?
  • Does your organisation have a timetable which sets out how long you retain records for?
  • Is the National Data Opt-Out Policy applicable to your organisation, and if so, is your organisation compliant?
  • What does your organisation have in place to minimise the risks if mobile phones are lost, stolen, hacked or used inappropriately?
  • Does your organisation have a business continuity plan that covers data and cyber security?

Many organisations complete their first DSPT early on in their journey. Often this will be in preparation for going to market, or in response to a request from a client. Policies and procedures which have been produced quickly or which may be effective when working at a small scale can quickly become unwieldy or ineffective as your organisation grows in size and complexity.

Are you confident that the evidence you submitted for your last DSPT submission is still relevant, up to date and effective?

For Category 3 organisations DSPT submissions are currently a self-assessment and there is no requirement for these to be externally audited or assured. Many NHS organisations will therefore want to confirm that organisations have high quality evidence underpinning their DSPT submission and may request copies of key policies, procedures and other evidence.

How confidence would you be if you were asked to provide copies of your DSPT evidence?

The 8foldGovernance team has extensive experience in supporting the completion of NHS Data Security and Protection Toolkit (DSPT) submissions for all categories of organisation. After reviewing your existing organisational Data Security arrangements, we will provide you with guidance on how to ensure compliance with the DSPT standards, assisting in the production of required documentation to a high standard of quality and completion of the online submission.

Our Data Security and Protection experts will tailor the service around your existing data security and protection practices and documentation to ensure the most streamlined adoption of DSPT requirements to ensure compliance. By working with your organisation’s staff we will be able to create a Data Security and Protection infrastructure that best suits your day to day business as usual workings.

The Data Security and Protection Toolkit requires that your organisation identifies a number of roles filled by different individuals including; an Information Security Lead, Caldicott Guardian, Information Governance Lead and Data Protection Officer. We know it can be difficult for already stretched staff to find the time to fill these roles and complete the necessary tasks that come with them. To counter this, 8foldGovernance also offers a DPO Support Service. With this we can work with you beyond the initial delivery of the DSPT, providing ongoing support for the right staff members providing assurance that you are compliant with the DSPT requirements and all information Governance – all year–round, year after year.

For a limited time only, we are offering 20% off all DSPT submissions. Click here to book a time to discuss your submission before 30th September 2022 and take advantage of this great offer!

Adam Spinks

Adam Spinks

Adam is a specialist information governance lead and has worked extensively for NHS trusts, CCG’s, private healthcare providers and digital health technology companies. He has extensive knowledge of data protection and privacy law, information risk management, data flow mapping and is expert in the practical application of data protection impact assessments (DPIA) and information sharing agreements (ISA). He is an expert communicator and trusted advisor in the industry.

Published:

  • September 13, 2022

Posted In:

  • DSPT

SHARE THIS POST

Facebook-f Twitter Linkedin-in Envelope

Book your free, no-obligation discovery call with our experts.

If you need for support with any of your information governance and compliance needs including, DTAC, DSP Toolkit and Clinical Safety (DCB0129 and DCB0160), please get in touch for quick no obligation chat.

Book your call now
Book your call now

Other articles

Data Protection Officer vs Information Governance

Information Governance Professionals V.s Lawyers in Health and Social Care

Read article →
New 8fold, New Look

New Year, New Look for 8fold – A Message from Lyndon, our CEO

Read article →
B1G1 giving back

We Make Giving Part Of Our Everyday Business

Read article →

+44 (0) 1273 569172

info@8foldgovernance.com

DTAC SERVICES

  • Full DTAC Support
  • Information Governance
  • Clinical Safety Data
  • Security & Protection
  • Interoperability, Accessibility & Usability
  • Cyber Security

LINKS

  • About
  • News
  • Contact
  • Charity Work

CUSTOMER

SATISFACTION

RATING

 Privacy Policy | Cookie Policy | Terms & Conditions

© 2023 8Fold

+44 (0) 1273 569172

info@8foldgovernance.com

DTAC SERVICES

  • Full DTAC Support
  • Information Governance
  • Interoperability, Accessibility & Usability
  • Clinical Safety Data
  • Security & Protection
  • Cyber Security

LINKS

  • About
  • News
  • Contact

Customer

Satisfaction

Rating

 Privacy Policy | Cookie Policy | Terms & Conditions

© 2023 8Fold
X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept