Satisfy the DSP Toolkit using

The Data Protection and Security Toolkit 2018

Keeping patient data safe

The Data Security and Protection (DSP) Toolkit replaced the Information Governance (IG) Toolkit in April 2018. Produced by NHS Digital, it is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly.

The DSP Toolkit Leadership Obligations cover the checking of certification from any supplier of IT systems. Depending on the nature and criticality of the service provided, acceptable frameworks could be, at a minimum, the basic Cyber Essentials certification but also ISO 27001:2013 certification.

In addition to The DSP Toolkit, from May 2018, the EU GDPR and Security of Network and Information Systems Directive increased the legislative data security and protection requirements on health and care organisations.

It makes great sense to streamline your management of the DSP Toolkit with the NIS Regulations and GDPR. It makes even better sense to add ISO 27001 certification to this as you will need to address many of the requirements anyway…


Great news! makes light work of multiple compliance work…

For organisations serious about information security, achieving ISO 27001 certification will give the greatest levels of assurance to their customers, and the highest number of exemptions to the DSP Toolkit.

Mapping the requirements of the DSP Toolkit, NIS Regulations, and EU GDPR back to ISO 27001 in will reduce duplication and repetition. In fact, for GDPR we’ve already done it for you.

And, using our powerful tools to manage all the common work processes reduces management time and ensures everything is captured in one secure, ISO 27001 certified, ‘always-on’ environment.

Use dynamic and interactive tools to manage and demonstrate the required work processes 

✓   Policy management and governance

✓   Risk management tools

✓   Information Asset Register

✓  Supply chain/vendor management

✓   Incident management

✓   Staff communications, training and engagement

✓   Corrective actions and improvements

✓   Ability to link to ISO 27001:2013 Policies & Annex A controls

✓   Internal and external audit management

✓   KPIs, management reviews and reporting

✓   Full collaboration functionality for team working

✓  Business continuity planning

Want to manage all of your information security and data privacy responsibilities in one place?

ISMS Online Rating: 5 out of 5
Share This