NHS Data Security and Protection toolkit (DSPT)
DSPT COMPLIANCE SERVICES
If you process NHS patient information, the Department of Health and Social Care mandates that you must complete the NHS Data Security and Protection Toolkit (DSPT). The DSPT tool helps provide assurances that you have taken the relevant measures to ensure that patient information is protected and processed appropriately in line with the relevant legislation and guidance. For all Care Quality Commission (CQC) registered care providers the DSPT should be completed at least once a year.
It can be challenging to ensure that you have all the mandatory requirements within the DSPT and ensure they are compliant with the relevant guidelines. DPAS can help provide support by ensuring your organisation has met all the requirements as well as provide additional services such as helping you develop a data protection and cyber security strategy. If you’ve already completed the DSPT, we can audit the work you’ve done to ensure the submission will meet the standards, before you submit it.
We can offer a magnitude of services related to your DSPT submission. We will provide advice and support you with your DSPT submission every step of the way. By using a specialist consultancy like DPAS you can ensure that your DPO and IG teams can continue with business as usual.
All of our consultants have a huge variety of industry experience including Healthcare, Housing, Local Government, Councils, Ambulance Services, Retail, Recruitment, Utilities, Finance, Legal, Real Estate and more.
At DPAS we won’t just complete the audit and provide you with a report. We will work with you to design a project plan, so you can address any gaps confidently and mitigate any risks. We want to support you in meeting the standards.
PEACE OF MIND
Our audit and assurance tools are designed in line with the scope of the DSPT and other regulators. Therefore, you can be sure we have every area covered. We have vast experience working with NHS Trusts, Councils and Ambulance Services.
HERE WHEN YOU NEED US
You can call on us at any time to ask questions or for advice. We will help you every step of the way. Don’t just take our word for it, talk to any of our customers in your sector.
The aim of the DPST is to fully encompass all areas related to data protection and information security within an organisation and identify gaps. A full scope is necessary in order to provide an incremental approach towards complete compliance. We can support you in any of the following areas that you require additional support with.
The scope of the DSPT includes the following requirements that we can provide support for:
- Creation and/or review of your policy suite to ensure you have the relevant data protection and information security policies and procedures in place notably an acceptable use policy and procedures
- Review of your data breach reporting and monitoring to minimise the risk of recurrence
- Creation and/or review of data breach/incident log and supporting documents if gaps are identified
- Creation and/or review of Records of Processing Activities (ROPA), Risk Register and Information Asset Register (IAR)
- Review your Individual Rights compliance including Subject Access Requests (SARs) and support compliance where required if gaps are identified
- Review your NHS National Opt-Out compliance
- Review and/or complete an annual training needs analysis
- Review and/or develop role-based training for staff who need a greater understanding of data protection and information security e.g. IT Administrators
- Review training and awareness compliance (at least 95% of staff, directors, trustees, and volunteers must complete data protection and cyber security training annually)
- Review and/or complete a ‘Supplier Assessment’ including a review of all contracts, creating a supplier list with contact details, etc.
- Review and assist (if required) with a list of all staff (and volunteers if applicable), and their current roles to ensure it meets the requirements
- Review and/or develop cyber security/data security protocols and procedures including access control management procedures and password management protocols and procedures
- Review and/or develop your business continuity and disaster recovery plan including a procedure for testing the data and cyber security aspects of its business continuity plan
- Support through Cyber Essentials Certification
‘Natalie explained the content very well and actively worked to meet the needs of the group and keep us all engaged. I think the course was set out well and the material provided really helped.’
‘The trainer was excellent and though it was a lot to learn, the course length was about right.’
NHS South, Central and West Commissioning Support Unit.