Skip to content
8Fold governance Logo With Text Horizontal
  • DTAC
  • Services
    • DTAC
    • Cyber Security
    • Data Security & Protection (DSPT)
    • Interoperability, Accessibility & Usability
    • Clinical Safety & DCB0129
    • Information Governance
  • About
    • Meet the team
    • Join us
  • News
    • Blog
    • Case Studies
  • Contact
Menu
  • DTAC
  • Services
    • DTAC
    • Cyber Security
    • Data Security & Protection (DSPT)
    • Interoperability, Accessibility & Usability
    • Clinical Safety & DCB0129
    • Information Governance
  • About
    • Meet the team
    • Join us
  • News
    • Blog
    • Case Studies
  • Contact
  • +44 (0)1273 569172
← Services  
DSPT Data Security & Protection (DSPT)

Data Security And Protection Toolkit Service

Pass first time with confidence.
← Services  
DSPT Data Security & Protection (DSPT)

Data Security And Protection Toolkit Service

Pass first time with confidence.

Pass first time with confidence.

The NHS Data Security and Protection Toolkit (DSPT) is an annual, online assessment that measures performance against the 10 Data Security Standards developed by the National Data Guardian (NDG).

The DSPT assesses an organisation’s compliance with legal requirements, NHS policy and best practice around data security and protection.

Navigating the DSPT can be time-consuming and challenging – but it doesn’t have to be. With decades of experience in administering data protection law in health and social care settings, we’ll help you pass confidently, first time and maintain your compliance year after year.

DSPT Data Security & Protection (DSPT)
DSPT Data Security & Protection (DSPT)
DTAC Services
DSPT Data Security & Protection (DSPT)

The right time to work with us.

If you provide health IT systems or services to the NHS or UK health and social care sector, it’s likely you’ll need to submit a DSPT.

The DSPT is a requirement under the NHS Standard Contract Terms for all suppliers to the NHS. If you want to secure NHS contracts, or you’re already working with publicly funded health and social care providers or commissioners in the UK, you’ll need to achieve and maintain ‘standards met’ against the DSPT requirements.

The DSPT is also a key component of the Digital Technology Assessment Criteria (DTAC), which means compliance with the DTAC is dependent on achieving a ‘standards met’ DSPT submission.

In most cases, you’ll need to complete your first DSPT early on in your journey to market, as part of DTAC compliance or in response to an NHS client request.

Get DSPT support

Book a free, no-obligation discovery call with one of our clinical safety officers.

Book your call now
DSPT Data Security & Protection (DSPT)

Get DSPT support

Book a free, no-obligation discovery call with one of our data protection experts.

Book your call now
DSPT Data Security & Protection (DSPT)

What to expect when you work with us.

Our DSPT as a service is designed for organisations with limited or no experience of the DSPT requirements.

We’ll review your current practices and tailor our support to your existing data security and protection arrangements. Our end-to-end support for DSPT submissions includes:

DSPT Data Security & Protection (DSPT)
DSPT Data Security & Protection (DSPT)
DSPT Data Security & Protection (DSPT)
    • Reviewing your existing approach to data security and compliance

    • Providing guidance on how to become compliant

    • Registering your organisation to allow you to make your submission

    • Creating an infrastructure that best suits your business practices

    • Preparing any documentation required

    • Facilitating workshops to complete your Records of Processing Activities (ROPA)

    • Ensuring all policies, procedures and other required documentation are in place
    • Implementing and embedding key compliance procedures and activities including: Data breach reporting and management, Business continuity, Data Protection Impact Assessment (DPIA) and Data Protection by Design and by Default, Data Security and Protection Awareness training for staff

    • Collating all evidence and completing your DSPT submission on your behalf

    • Recommending any further controls, actions or activities needed to maintain compliance

    • Working with you to ensure your compliance and submission is maintained over time

Do I need a named Data Protection Officer ?

Most organisations handling health or social care information have a legal duty under the Data Protection Act 2018 to appoint a Data Protection Officer (DPO). This will almost certainly be the case for organisations providing health IT systems or services to the NHS.

As part of your DSPT submission, you’ll need to identify a named Data Protection Officer (DPO). Your DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level. We know this isn’t always feasible using internal resources, especially if you’re just starting out.
Our Data Protection Officer as-a-Service (DPOaaS) allows you to outsource this role to us, and we’ll provide ongoing support for your DSPT and information governance requirements whenever you need them.
Not sure if you need a DPO? Read our FAQs below or check with the ICO here.
DSPT Data Security & Protection (DSPT)
DSPT Data Security & Protection (DSPT)

Frequently asked DSPT questions

What is a DSP toolkit?

The Data Security and Protection Toolkit or “DSPT” as it is sometimes known, is an online self-assessment tool which measures the performance of any organisations that process health and care data, against the National Data Guardian’s 10 data security standards. You can learn more about the history of the DSPT and other NHS health and care compliance standards in our blog here.

What is the deadline for completing the DSP Toolkit?

The Data Security and Protection Toolkit (DSPT) is an annual assessment so must be renewed every year. The deadline for completing and submitting the DSPT each year is 30th June.

Need help? Get in touch before 30th May to qualify for support from our team.

Does my business need to submit a Data Security and Protection Toolkit (DSPT)?

The DSPT is a contractual requirement under the NHS the Standard Contractual Terms and a requirement for inclusion on NHS Frameworks. It must be completed annually by any supplier of health IT systems or services to the UK NHS health and social care sector.

The DSPT is also a key component of the Digital Technology Assessment Criteria (DTAC). To demonstrate compliance with the DTAC you will need to hold and maintain a DSPT submission to ‘standards met’.

A DSPT will demonstrate to your NHS health and social care clients and the public that you take data security and protection seriously.

In most cases, you will need to complete your first DSPT early on – often in the journey to market, as part of DTAC compliance, or in response to an NHS client request.

Do I need Information Governance as a service (IGaaS)?

If you supply health IT systems or services to the UK health and social care sector, you will need to maintain and evidence your compliance with Data Protection Law, including the Data Protection Act 2018 – the UK’s implementation of the General Data Protection Regulation (GDPR) – for the duration of your contract. 

Data protection compliance isn’t a one-off tick box exercise – it’s something which needs to be embedded into your day-to-day processes. Data protection law also requires you to demonstrate that you are complying with the law through the maintenance of records which show your organisation is accountable and processes are being routinely followed.

As your business grows and as the data protection landscape evolves, your practices will also need to evolve.

Do I need a DPO ?

There is a legal duty under the UK GDPR to appoint a Data Protection Officer (DPO) if your business processes ‘special category’ data such as health or social care information. If you supply health IT systems or services to the UK health and social care sector, you will need a named DPO. Having a named DPO will also give your NHS health and social care clients and the public confidence that you take data security and protection seriously.

DPOs monitor internal compliance, advise on your obligations including Data Protection Impact Assessments (DPIAs) and act as a point of contact for data subjects and the Information Commissioner’s Office (ICO). A DPO helps demonstrate your compliance with data protection law and will be focused on accountability.

The ICO stipulates that your DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level. Your DPO can be an employee or externally appointed.

Still not sure if you need a DPO? The ICO provides a helpful self-assessment tool to help you navigate the requirements and understand if you need a named DPO. You can also find further information here.

Can I complete the DPST myself?

It’s entirely possible to complete the DSPT yourself, but the bigger question is, can you afford to get it wrong? 

Don’t wing it. Most organisations that provide health IT systems or services to the NHS will fall into Category 3 with 35 Assertions and 42 mandatory evidence items which must be provided or responded to in order to achieve the ‘standards met’ certification. 

Unless you’re 100% clear on your obligations under the DSPT (data protection, data security, information governance and management) it’s not worth taking the risk. It could cost you more in the long run in customers, contracts, risk management, your reputation, fines, and most importantly, patient and clinical safety.  

It’s much more cost-effective to outsource to experts like 8fold with decades of experience in health and social care compliance, so you can focus on the crucial task of growing your business. 

For more information about what good governance looks like, you can also visit the CQC website.

8foldGovernance have been a great partner of patientMpower, assisting us primarily in information governance and clinical safety analysis and planning. Would highly recommend to any digital healthcare company looking to sell into the NHS.
Eamonn Costello
Patient M Power
When we have a problem to solve or a complex issue to untangle around Information Governance, Adam is there to support us through it. Working with the 8fold Governance team has made our lives a lot easier and built capacity within our team.
Marc Singh Jones
Health Unlocked
The team are pleasant, extremely knowledgeable, thorough, prompt in responding to queries and keen to help in any way they could. The work completed on our behalf definitely exceeded expectations.
Michelle Whitham
NHS Thanet CCG

 Support for specific DTAC components

We provide full support in all elements of DTAC including:

Interoperability, Accessibility & Usability

Find out More →

Clinical Safety

Find out More →

Full DTAC Support

Find out More →

Cyber Security

Find out More →

Information Governance

Find out More →

We’ll review your DTAC compliance

FOR FREE!

Book a discovery call

Full DTAC Support

Find out More →

Clinical Safety

Find out More →

Interoperability, Accessibility & Usability

Find out More →

Cyber Security

Find out More →

Information Governance

Find out More →

We’ll review your DTAC compliance

FOR FREE!

Book a discovery call

Book your free, no-obligation discovery call with our experts.

Let’s see how we can help you navigate DTAC or any other aspect of information governance, data protection or clinical safety.

Book your call now
DSPT Data Security & Protection (DSPT)

Book your free, no-obligation discovery call with our experts.

Let’s see how we can help you navigate DTAC or any other aspect of information governance, data protection or clinical safety.

Book your call now
DSPT Data Security & Protection (DSPT)
8fold Zen Logo

+44 (0) 1273 569172

info@8foldgovernance.com

DTAC SERVICES

  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • Interoperability, Accessibility & Usability
  • Cyber Security

LINKS

  • About
  • News
  • Join Us
  • Case Studies
  • Contact
  • Charity Work
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
8 fold governance net promoter score
The Green Web Foundation Score 8fold governance
Cyber Essentials Trademark
B1G1 Logo

 Privacy Policy | Cookie Policy | Terms & Conditions

© 2023 8Fold
8Fold governance Teal Zen logo

+44 (0) 1273 569172

info@8foldgovernance.com

DTAC SERVICES

  • Full DTAC Support
  • Information Governance
  • Interoperability, Accessibility & Usability
  • Clinical Safety Data
  • Security & Protection
  • Cyber Security

LINKS

  • About
  • News
  • Case Studies
  • Contact
Cyber Essentials Trademark
Green Wen Foundation 8Fold
8Fold Net Promoter Score

Customer

Satisfaction

Rating

B1G1 Logo

 Privacy Policy | Cookie Policy | Terms & Conditions

© 2023 8Fold
X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept