DSP Toolkit Consultancy
What is the DSP Toolkit?
The DSP Toolkit (Data Security and Protection Toolkit) is an online self-assessment tool that enables organisations to measure and publish their performance and compliance against the National Data Guardian's ten data security standards and the the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF).
Organisations that have access to NHS patient data and systems including NHS Trusts, primary care and social care providers and commercial third parties must complete the DSP Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
The DSP Toolkit enables organisations to measure and publish their performance against the National Data Guardian’s ten data security standards and the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF).
Organisations that provide health services or connect to national systems are required to complete the Toolkit annually.
Our DSP Toolkit Consultancy Services
We’ve been helping our clients achieve compliance with the DSP Toolkit and its predecessors, the NHS IG Toolkit and N3 Connecting for health for 15 years.
DSP Toolkit Compliance and Submission
End to end, consultancy advice, guidance and support through the application and submission process and implementation of the 10 NDG data security standards, for businesses of all shapes, sectors and sizes.
DSP Toolkit Managed Service
Annual submission consisting of a gap analysis against the current DSP toolkit requirements, development and management of a corrective action plan, assistance with the staff awareness training survey roll out, production of or updates to the required policy, procedural and evidence documentation, advice and guidance on control implementation and evidence selection and completion of the online DSP toolkit submission.
DSP Toolkit Implementation
If you need guidance and support through various stages of the implementation and compliance project e.g. submission, staff training, documentation, standard and framework implementation, business continuity and incident planning, project management.
NHSmail Connection
If you are looking to connect to NHSmail and need some help to complete the application and basic requirements.
DSP Toolkit Gap Analysis
If you need to measure your current level of compliance against the DSP Toolkit requirements. We can assess your current level of compliance with the toolkit and provide you with a detailed report on the gaps and recommend how to fix them.
DSP Toolkit Independent Assessment Audit
It is now a mandatory requirement for the following NHS organisations to complete an annual independent audit assessment as part of their submission:
NHS Trusts (Acute, Foundation, Ambulance and Mental Health)
Integrated Care Boards
Commissioning Support Units
DHSC Arm’s Length Bodies
IT Suppliers
Romano Security Consulting have the required expertise and experience to conduct an audit of the mandatory scope as set out in the DSPT Independent Assessment Guide, provide you with a comprehensive audit report, recommendations for improvement and submit an independent assessment on your behalf.
Our DSP Toolkit Independent Assurance Audit service helps organisations gain or maintain compliance by completing the required independent audit and assessing your organisation’s current internal control environment and current level of compliance against the DSP Toolkit category 1 requirements mandatory audit scope, reporting on the findings, providing recommendations for improvements and submitting the required external audit report.
The DSP Toolkit Independent Audit service consist of the following:
pre assessment review of the previous toolkit submission,
an audit of the mandatory audit scope against the current 23/24 DSP toolkit category 1 requirements,
production of the required audit report, including findings and recommendations for improvements and a risk and confidence evaluation,
post audit review meeting,
completion of the online DSP toolkit audit report submission,
follow up corrective action meetings.
DSP Toolkit V7 Download
The standards, assertions and evidence items are all contained within the DSP Toolkit. The number of assertions and evidence items is dependent on your organisation type and circumstances of your data processing.
The latest version of the DSP Toolkit is Version 7 and the deadline for annual submission of the 2024-2025 publication is the 30th June 2025.
National Data Guardian (NDG) Data Security Standards
The NHS DSP (Data Security and Protection) Toolkit requirements are based on the National Data Guardian's (NDG) Data Security Standards.
The 10 NDG data security standards are clustered under three leadership obligations to address people, process and technology issues and covers the following areas:
1. Handling, transmission and storage of confidential data
2. Staff accountability and responsibilities
3. Staff data security training and testing
4. Access controls
5. Annual process reviews
6. Cyber attack, identification, resistance and response
7. Continuity and incident response planning
8. Unsupported operating systems, applications or browsers
9. Implementation of a suitable strategy or framework to protect IT systems
10. Contractual accountability for IT suppliers
