NHS Data Security and Protection toolkit (DSPT)
DSPT COMPLIANCE SERVICES
If you process NHS patient information, the Department of Health and Social Care mandates that you must complete the NHS Data Security and Protection Toolkit (DSPT). The DSPT tool helps provide assurances that you have taken the relevant measures to ensure that patient information is protected and processed appropriately in line with the relevant legislation and guidance. For all Care Quality Commission (CQC) registered care providers the DSPT should be completed at least once a year.
It can be challenging to ensure that you have all the mandatory requirements within the DSPT and ensure they are compliant with the relevant guidelines. DPAS can help provide support by ensuring your organisation has met all the requirements as well as provide additional services such as helping you develop a data protection and cyber security strategy. If you’ve already completed the DSPT, we can audit the work you’ve done to ensure the submission will meet the standards, before you submit it.
We can offer a magnitude of services related to your DSPT submission. We will provide advice and support you with your DSPT submission every step of the way. By using a specialist consultancy like DPAS you can ensure that your DPO and IG teams can continue with business as usual.
why DPAS
INDUSTRY EXPERIENCE
All of our consultants have a huge variety of industry experience including Healthcare, Housing, Local Government, Councils, Ambulance Services, Retail, Recruitment, Utilities, Finance, Legal, Real Estate and more.
EXPERT SUPPORT
At DPAS we won’t just complete the audit and provide you with a report. We will work with you to design a project plan, so you can address any gaps confidently and mitigate any risks. We want to support you in meeting the standards.
PEACE OF MIND
Our audit and assurance tools are designed in line with the scope of the DSPT and other regulators. Therefore, you can be sure we have every area covered. We have vast experience working with NHS Trusts, Councils and Ambulance Services.
HERE WHEN YOU NEED US
You can call on us at any time to ask questions or for advice. We will help you every step of the way. Don’t just take our word for it, talk to any of our customers in your sector.
The aim of the DPST is to fully encompass all areas related to data protection and information security within an organisation and identify gaps. A full scope is necessary in order to provide an incremental approach towards complete compliance. We can support you in any of the following areas that you require additional support with.
The scope of the DSPT includes the following requirements that we can provide support for:
- Creation and/or review of your policy suite to ensure you have the relevant data protection and information security policies and procedures in place notably an acceptable use policy and procedures
- Review of your data breach reporting and monitoring to minimise the risk of recurrence
- Creation and/or review of data breach/incident log and supporting documents if gaps are identified
- Creation and/or review of Records of Processing Activities (ROPA), Risk Register and Information Asset Register (IAR)
- Review your Individual Rights compliance including Subject Access Requests (SARs) and support compliance where required if gaps are identified
- Review your NHS National Opt-Out compliance
- Review and/or complete an annual training needs analysis
- Review and/or develop role-based training for staff who need a greater understanding of data protection and information security e.g. IT Administrators
- Review training and awareness compliance (at least 95% of staff, directors, trustees, and volunteers must complete data protection and cyber security training annually)
- Review and/or complete a ‘Supplier Assessment’ including a review of all contracts, creating a supplier list with contact details, etc.
- Review and assist (if required) with a list of all staff (and volunteers if applicable), and their current roles to ensure it meets the requirements
- Review and/or develop cyber security/data security protocols and procedures including access control management procedures and password management protocols and procedures
- Review and/or develop your business continuity and disaster recovery plan including a procedure for testing the data and cyber security aspects of its business continuity plan
- Support through Cyber Essentials Certification
- Help to raise awareness of data protection and information security within your organisation
- As we are an independent organisation, we have conducted audits and provided external support in many different environments. We can share best practices, and easily provide risk analysis and remediation for continual improvement.
- Using DPAS ensures a fresh pair of eyes on your organisation’s processes and an independent assessment to ensure you are compliant with the DSPT’s requirements.
- Use the report within your board meetings to demonstrate your commitment to the importance of data protection and individuals’ rights as well as demonstrate compliance with the DSPT.
- Don’t put a strain on your existing resources. We can provide support with minimal disruption to your team.
- Use the tools we provide to your organisation to regularly reassess your compliance score and demonstrate compliance.
- Why would we want to outsource DSPT support?
Perhaps you do not have the capacity and capabilities in house to audit your submission, or review important policies and procedures. At DPAS, we understand that the DSPT can be overwhelming and put a strain on already tight resources. If you use DPAS, we will do all o the hard work for you.
- How much does external DSPT support cost?
Prices start from £500 for a small organisation.
- Will there be a lot of disruption to my teams?
We try to cause as little disruption to your teams as possible. We provide the majority of our services offsite and will only come on-site where appropriate.
- Are your team qualified?
DPAS has successfully completed the DSPT and currently works with a number of NHS organisations. Our team are qualified Data Protection Officers and Data Protection Practitioners and have years of experience working in the industry. Our team understand the importance of protecting patient safety and has completed the Caldicott Guardian training course. In addition to supplementary training such as our BCS Practitioner level certifications in Information Security, FOI and Data Protection.
‘Natalie explained the content very well and actively worked to meet the needs of the group and keep us all engaged. I think the course was set out well and the material provided really helped.’
‘The trainer was excellent and though it was a lot to learn, the course length was about right.’
NHS South, Central and West Commissioning Support Unit.
