Satisfy The Data Security and Protection Toolkit 2018And demonstrate your organisation can be trusted with all personal data and information assets
Keeping patient data safe
All organisations that have access to NHS patient data and systems must use the DSP Toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly. The DSP Toolkit makes continual reference to the Information Commissioner’s Office (ICO) expectations for meeting the requirements of GDPR, and therefore organisations would be wise to follow their 7 self-assessment checklists, available freely on the ICO website.
The DSP Toolkit Leadership Obligations cover the checking of certification from any supplier of IT systems. Depending on the nature and criticality of the service provided, acceptable frameworks could be, at a minimum, the basic certifications but also ISO 27001:2013 certification.
Beyond a simple declaration to demonstrating sound
information security practices that protect all your data
Responses to the DSP Toolkit are uploaded into an online portal. The assurances offered in that response are, in effect, a promise…a warranty that the requirements have been met. Arguably, it could be a ‘click-and-forget’ exercise.
That is why stakeholders seek additional assurances that organisations can demonstrate good information security practices. They need to be confident they can trust your organisation’s Information Governance and in many cases will look for certifications to demonstrate you are living and breathing information security management in practice.
Cyber Essentials, whilst a basic entry-level security certification, is not enough to cover the mandatory requirements, nor is it an externally audited certification so does not offer the highest levels of trust.
A UKAS accredited ISO 27001:2013 certification, covering the relevant scope and coupled with a meaningful way to demonstrate GDPR compliance, will go a long way to meeting the requirements of the DSP Toolkit.
Holding ISO 27001 certification provides many exemptions to the DSP Toolkit but also demonstrates good security hygiene that protects all the organisations valuable information assets, not just patient data.
It provides the greatest level of trust to all your valuable stakeholders.
Demonstrating you can meet the requirements in these key areas will go a long way to addressing the DSP Toolkit
Demonstrating compliance across multiple frameworks can be complex, time-consuming and costly.
Streamlining your approach makes perfect sense and will cut out duplication and repetition,
and help you achieve your goals faster…
Great news! ISMS.online makes light work of multiple compliance work…
Link together the requirements of the DSP Toolkit, EU GDPR (the ICO 7 checklist approach), NIS Regulations, and ISO 27001 to eliminate duplication.
ISMS.online provides one place to easily demonstrate compliance to them all. In fact, for GDPR we’ve already mapped relevant requirements to ISO 27001 for you. We’ve even given you a headstart with materials you can Adopt, Adapt or Add to speed up your preparation for both.
And, using our powerful tools to manage risk and other common work processes will reduce management time and ensure everything is captured in one secure, UKAS ISO 27001 certified, ‘always-on’ environment.