NHS Data Security and Protection Toolkit

And demonstrate your organisation can be trusted with all personal data and information assets

Book a demo

interior,of,contemporary,multi floor,business,center,with,large,windows,and

Keeping patient data safe

The Data Security and Protection (DSP) Toolkit replaced the Information Governance (IG) Toolkit in April 2018. Produced by NHS Digital, it is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s (NDG) 10 data security standards. The changes being brought about by the DSP Toolkit were driven by changing regulations, namely EU GDPR, the changing threat landscape, and to move to a continuous improvement model. The NDG made it clear in their review…it’s all about Trust!

All organisations that have access to NHS patient data and systems must use the DSP Toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly. The DSP Toolkit makes continual reference to the Information Commissioner’s Office (ICO) expectations for meeting the requirements of GDPR, and therefore organisations would be wise to follow their 7 self-assessment checklists, available freely on the ICO website.

The DSP Toolkit Leadership Obligations cover the checking of certification from any supplier of IT systems. Depending on the nature and criticality of the service provided, acceptable frameworks could be, at a minimum, the basic certifications but also ISO 27001:2013 certification.

ISMS.online makes setting up and managing your ISMS as easy as it can get.

Peter Risdon
CISO, Viital

Book your demo

Demonstrating you can meet the requirements in these key areas will go a long way to addressing the DSP Toolkit

Demonstrating compliance across multiple frameworks can be complex, time-consuming and costly. Streamlining your approach makes perfect sense and will cut out duplication and repetition, and help you achieve your goals faster.

GDPR

Follow the ICO’s 7 checklists for GDPR to ensure you can describe and demonstrate compliance.

ISO 27001:2013

Maximise your DSP Toolkit exemptions and protect all your valuable information assets.

NIS Regulations

Meet your obligations under the new
NIS Regulations 2018.

Beyond a simple declaration to demonstrating sound
information security practices that protect all your data

Responses to the DSP Toolkit are uploaded into an online portal. The assurances offered in that response are, in effect, a promise…a warranty that the requirements have been met. Arguably, it could be a ‘click-and-forget’ exercise.

That is why stakeholders seek additional assurances that organisations can demonstrate good information security practices. They need to be confident they can trust your organisation’s Information Governance and in many cases will look for certifications to demonstrate you are living and breathing information security management in practice.

Cyber Essentials, whilst a basic entry-level security certification, is not enough to cover the mandatory requirements, nor is it an externally audited certification so does not offer the highest levels of trust.

A UKAS accredited ISO 27001:2013 certification, covering the relevant scope and coupled with a meaningful way to demonstrate GDPR compliance, will go a long way to meeting the requirements of the DSP Toolkit.

Holding ISO 27001 certification provides many exemptions to the DSP Toolkit but also demonstrates good security hygiene that protects all the organisation’s valuable information assets, not just patient data.

It provides the greatest level of trust to all your valuable stakeholders.

However, as NHS Digital identified, no one framework will cover all your data security and protection responsibilities. There is now also EU GDPR and Security of Network and Information Systems Regulations (NIS) which have increased the legislative data security and protection requirements on health and care organisations.

ISMS.online will save you time and money towards ISO 27001 certification and make it simple to maintain.

Daniel Clements

Information Security Manager, Honeysuckle Health

Book a demo

See how simple it is with ISMS.online

Great news! ISMS.online makes light work of multiple compliance work…

Link together the requirements of the DSP Toolkit,  EU GDPR (the ICO 7 checklist approach), NIS Regulations, and ISO 27001 to eliminate duplication. ISMS.online provides one place to easily demonstrate compliance to them all. In fact, for GDPR we’ve already mapped relevant requirements to ISO 27001 for you. We’ve even given you a headstart with materials you can Adopt, Adapt or Add to speed up your preparation for both.

And, using our powerful tools to manage risk and other common work processes will reduce management time and ensure everything is captured in one secure, UKAS ISO 27001 certified, ‘always-on’ environment. We’ll simply add in your DSP Toolkit and NIS frameworks as required, and you are ready to streamline all your information security and data protection work in one place! You can even cover ISO 9001 and Cyber Essentials with ISMS.online.

Laptop showing an ISMS cluster

Why duplicate these essential work processes?

Easily demonstrate you have it covered in ISMS.online

We’re so pleased we found this solution, it made everything fit together more easily.
Emmie Cooney
Operations Manager Amigo
100% of our users pass certification first time
Book your demo

The proven path to ISO 27001 success

Built with everything you need to succeed with ease, and ready to use straight out of the box – no training required!
Policies

Perfect Policies & Controls

Easily collaborate, create and show you are on top of your documentation at all times

Find out more
Risk-Management

Simple Risk Management

Effortlessly address threats & opportunities and dynamically report on performance

Find out more
Reporting

Measurement & Automated Reporting

Make better decisions and show you are in control with dashboards, KPIs and related reporting

Find out more
Audits

Audits, Actions & Reviews

Make light work of corrective actions, improvements, audits and management reviews

Find out more
Linking

Mapping & Linking Work

Shine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers

Find out more
Assets

Easy Asset Management

Select assets from the Asset Bank and create your Asset Inventory with ease

Find out more
Seamless-Integration

Fast, Seamless Integration

Out of the box integrations with your other key business systems to simplify your compliance

Find out more
Standards-Regulations

Other Standards & Regulations

Neatly add in other areas of compliance affecting your organisation to achieve even more

Find out more
Compliance

Staff Compliance Assurance

Engage staff, suppliers and others with dynamic end-to-end compliance at all times

Find out more
Supply-Chain

Supply Chain Management

Manage due diligence, contracts, contacts and relationships over their lifecycle

Find out more
Interested-Parties

Interested Party Management

Visually map and manage interested parties to ensure their needs are clearly addressed

Find out more
Privacy

Strong Privacy & Security

Strong privacy by design and security controls to match your needs & expectations

Find out more
 
Find out just how affordable your new ISMS could be

Streamline your workflow with our new Jira integration! Learn more here.