DATA SECURITY & PROTECTION TOOLKIT
For those working in the health sector, the Data Security and Protection Toolkit (DSPT) is a key assurance piece required to be completed on an annual basis.
For over a decade, the team at Iniver has been completing DSPT and IG Toolkit submissions, including supporting organisations through NHS England audits. Whether you are tackling your first submission or seeking an independent review of your current one, Iniver offers tailored packages to meet your needs.
DSPT assigns organisations to specific categories, and the requirements for each can vary significantly. It is therefore essential to ensure you are correctly classified as this can greatly influence your submission obligations.
Where you are in a category that requires an independent audit, Iniver is able to deliver this under our 'Validate and Assure' package.
Whatever level of support you need, we start with an initial call to learn about your organisation, your DSPT history, and to identify the most suitable package for you.
Service | Double-check | First Time or Full Support | Validate and Assure |
|---|---|---|---|
Support with DSPT Registration where needed | |||
Initial Gap Analysis | |||
DSPT portal management by Iniver | |||
Support completing assertions where areas are missing | |||
Pre-submission Gap Analysis | |||
Final review by Iniver before submission | |||
Formal DSPT Independent Assurance and Audit |
What is the NHS Data Security and Protection Toolkit (DSPT)?
+
The DSPT is an online self-assessment tool used by organisations that process NHS patient data. It helps demonstrate compliance the National Data Guardian’s 10 data security standards. Completion is mandatory for NHS suppliers and care providers.
Who is this service designed for?
+
- NHS organisations;
- NHS contractors and suppliers;
- GP practices, dental clinics, and pharmacies;
- Care homes and domiciliary care providers;
- Charities and third-sector organisations handling NHS data; and
- Any organisation required to complete the DSPT annually
How long does it take to complete the DSPT?
+
Completion times vary on a number of factors, including the type of organisation, their starting point and internal capacity. Iniver would recommend a minimum of four weeks, with most non-NHS organisations taking 4-12 weeks to complete.
Will this help us meet the National Data Guardian’s standards?
+
Absolutely. The toolkit is built around the 10 data security standards, helping you demonstrate:
- Leadership commitment
- Staff training and awareness
- Secure systems and processes
- Effective breach response and reporting
How long does a formal Independent DSPT Assessment take?
+
Where required to undertake a Independent DSPT Assessment, Iniver would recommend engaging three months beforehand to ensure this detailed review can be completed before the submission deadline.
What happens after we complete the DSPT?
+
You will receive a confirmation of submission and can share your compliance status with NHS partners.
Iniver also offer:
- Post-submission reviews
- Support for future audits or re-submissions