The Data Security and Protection Toolkit (DSP Toolkit) is an NHS operated online tool that enables organisations in benchmarking their security against the National Data Guardian’s 10 Data Security Standards (NDG Standards).
The DSP Toolkit replaces the previous information governance toolkit. It assists in ensuring that good data security and privacy standards are in place throughout the health and social care organisations and that they are in line with the requirements of the General Data Protection Regulation (GDPR). For basic information around the topic why penetration testing or data protection is important – read data protection in health and social care.
How does Data Security and Protection Toolkit work?
The DSP Toolkit is an online self-assessment tool. It assesses an organisation’s cyber security policies, procedures, and practices against the NDG Standards. This can lessen the risk of data breaches and penalties since organisations can assure the Information Commissioner’s Office that they are practising good data security.
What are NDG standards?
The National Data Guardian’s ten Data Security Standards are organised into three different leadership roles that cover people, processes, and technology:
- Confidential data handling, transfer, and storage
- Accountability and duties of employees
- Data security training and testing for employees
- Access authentication and authorisation
- Annual data protection impact assessments DPIA
- Attack, detection, resistance, and response in cyberspace
- Planning for continuity and incident response
- Operating systems, apps, and browsers that are not supported
- Implementation of an appropriate strategy or framework to safeguard IT systems
- Contractual obligations for IT vendors
What levels can reach on the Data Security and Protection toolkit?
There are currently three levels on the data security and protection toolkit, i.e.:
1. Approaching Standards
This level means you are meeting minimum legal standards. It’s a temporary stepping stone to the next level, and you will need to produce an action plan to share what you will do to get standards met (2nd level).
Approaching standards also enable you to get NHSmail, i.e. an accredited secure email system that helps you share confidential information with the Local authority NHS and other colleagues.
2. Standards Met
It’s the level you must attain to demonstrate data is handled correctly with adequate protection. It guarantees that you’re going above basic legal requirements and helps you implement appropriate data security steps. Achieving standards met means you are fully compliant to access NHS patient data or provide services under the NHS contract.
3. Standards Exceeded
Finally, Standards Exceeded indicates that you have exceeded the required standards so for example, you may have a cyber essential plus in place.
Which organisations are required to utilise the DSP toolkit and how frequently?
All health and social care organisations regardless of their size, that have accessibility to NHS patient data and systems must use this toolkit at least once a year to demonstrate that they follow effective data security practices and properly manage personal information. When the tool kit is finished, you publish and share information about the standard you achieved.
Does completing the DSP Toolkit mean full compliance with the DPA 2018 and UK-GDPR?
The data security and protection toolkit is an online self-assessment tool. It provides confidence but does not ensure that organisations will always comply with the DPA and GDPR. Organisations have continual duties to comply with these legislations.
Cyphere helps you in NHS data security for your organisation and provide a collection of protection toolkit.
Get in touch for the protection of data privacy with Cyphere
Shahrukh, is a passionate cyber security analyst and researcher who loves to write technical blogs on different cyber security topics. He holds a Masters degree in Information Security, an OSCP and has a strong technical skillset in offensive security.