The Data Security and Protection (DSP) Toolkit replaced the Information Governance (IG) Toolkit in April 2018. Produced by NHS Digital, it is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s (NDG) 10 data security standards.
The changes being brought about by the DSP Toolkit were driven by changing regulations, namely EU GDPR, the changing threat landscape, and to move to a continuous improvement model. The NDG made it clear in their review… it’s all about Trust!
All organisations that have access to NHS patient data and systems must use the DSP Toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly. The DSP Toolkit makes continual reference to the Information Commissioner’s Office (ICO) expectations for meeting the requirements of GDPR, and therefore organisations would be wise to follow their 7 self-assessment checklists, available freely on the ICO website.
The DSP Toolkit Leadership Obligations cover the checking of certification from any supplier of IT systems. Depending on the nature and criticality of the service provided, acceptable frameworks could be, at a minimum, the basic certifications but also ISO 27001:2013 certification.
ISMS.online makes setting up and managing your ISMS as easy as it can get.
Responses to the DSP Toolkit are uploaded into an online portal. The assurances offered in that response are, in effect, a promise, a warranty that the requirements have been met. Arguably, it could be a ‘click-and-forget’ exercise.
That is why stakeholders seek additional assurances that organisations can demonstrate good information security practices. They need to be confident they can trust your organisation’s Information Governance and in many cases will look for certifications to demonstrate you are living and breathing information security management in practice.
Cyber Essentials, whilst a basic entry-level security certification, is not enough to cover the mandatory requirements, nor is it an externally audited certification so does not offer the highest levels of trust.
A UKAS accredited ISO 27001:2013 certification, covering the relevant scope and coupled with a meaningful way to demonstrate GDPR compliance, will go a long way to meeting the requirements of the DSP Toolkit.
Holding ISO 27001 certification provides many exemptions to the DSP Toolkit but also demonstrates good security hygiene that protects all the organisation’s valuable information assets, not just patient data.
It provides the greatest level of trust to all your valuable stakeholders.
However, as NHS Digital identified, no one framework will cover all your data security and protection responsibilities. There is now also EU GDPR and Security of Network and Information Systems Regulations (NIS) which have increased the legislative data security and protection requirements on health and care organisations.
Download your free guide
to streamlining your Infosec
Follow the ICO’s 7 checklists for GDPR to ensure you can describe and demonstrate compliance.
Maximise your DSP Toolkit exemptions and protect all your valuable information assets.
Demonstrating compliance across multiple frameworks can be complex, time-consuming and costly.
Streamlining your approach makes perfect sense and will cut out duplication and repetition, and help you achieve your goals faster…
Link together the requirements of the DSP Toolkit, EU GDPR (the ICO 7 checklist approach), NIS Regulations, and ISO 27001 to eliminate duplication. ISMS.online provides one place to easily demonstrate compliance to them all.
In fact, for GDPR we’ve already mapped relevant requirements to ISO 27001 for you. We’ve even given you a headstart with materials you can Adopt, Adapt or Add to speed up your preparation for both.
And, using our powerful tools to manage risk and other common work processes will reduce management time and ensure everything is captured in one secure, UKAS ISO 27001 certified, ‘always-on’ environment.
We’ll simply add in your DSP Toolkit and NIS frameworks as required, and you are ready to streamline all your information security and data protection work in one place! You can even cover ISO 9001 and Cyber Essentials with ISMS.online.
Easily collaborate, create and show you are on top of your documentation at all times
Find out more
Effortlessly address threats & opportunities and dynamically report on performance
Find out more
Make better decisions and show you are in control with dashboards, KPIs and related reporting
Find out more
Make light work of corrective actions, improvements, audits and management reviews
Find out more
Shine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers
Find out more
Select assets from the Asset Bank and create your Asset Inventory with ease
Find out more
Out of the box integrations with your other key business systems to simplify your compliance
Find out more
Neatly add in other areas of compliance affecting your organisation to achieve even more
Find out more
Engage staff, suppliers and others with dynamic end-to-end compliance at all times
Find out more
Manage due diligence, contracts, contacts and relationships over their lifecycle
Find out more
Visually map and manage interested parties to ensure their needs are clearly addressed
Find out more
Strong privacy by design and security controls to match your needs & expectations
Find out more