DSP Today:
achieve compliance with the DSPT

DSP Today: achieve compliance with the DSPT


DSP Today is a mini-series of recordings by boxxe and security partners Sophos and Okta that provides viewers with guidance around achieving compliance with areas of the DSP Toolkit (DSPT)

Sign up once for unrestricted access to all five episodes.

Sign me up


What is the DSP Toolkit?
The DSP Toolkit, or DSPT as it’s also known, is the Data Security and Protection Toolkit. It’s an online self-assessment tool that helps organisations to better understand their security posture, and it provides organisations with a means of reporting security incidents and data breaches.

"By assessing itself against the standard, and implementing actions to address shortcomings identified though use of the toolkit, organisations will be able to reduce the risk of a data breach."

boxxe can help you to identify and satisfy those actions.

What is the purpose of the assessment?
Assessing against the DSPT helps organisations to measure their compliance against the law and central guidance and to provide assurance that they are practising good data security. The toolkit enables organisations to demonstrate that they can be trusted to maintain the confidentiality and security of personal information. This in turn increases public confidence that ‘the NHS’ and its partners can be trusted with personal data. This will minimise the number of individuals who 'opt out' of the sharing of their personal identifiable data.

Who needs to complete an assessment?
All organisations that have access to NHS patient data and systems must use the DSPT to complete an annual assessment. This is a contractual requirement specified in the NHS England standard conditions contract and it remains Department of Health and Social Care policy that all bodies that process NHS patient information for whatever purpose provide assurances via the DSPT.
Completion of the DSPT is also necessary for organisations that use national systems such as NHSmail and the e-referral service.

When do I need to assess my organisation?
The DSPT is subject to ongoing development. It is reviewed and updated in line with data security standards and best practices, so organisations must assess themselves annually.

Usually, organisations with access to NHS patient data must review and submit their DSPT assessment before the end of each financial year (31st March.)

Given the additional pressures organisations have faced during the pandemic, there has been an extension to this deadline for the 20-21 publication, to 30th June 2021.

How can DSP Today help me prepare for my assessment?
The DSPT is organised under the 10 data security standards. Under each standard there are a number of “assertions” which organisations needs to work through.

Each episode of DSP Today addresses certain DSPT “assertions” and discusses the associated challenges and technologies. This can help you to understand how well you meet the requirements currently, and what technologies can help you to address them better.

The 20-21 requirements are available here

Further reading around the subject matter is made available, and our NHS Account Managers are always on hand to talk you through the topics and to put you in touch with relevant specialists.

View episodes

How do I know which episode to watch?
Once you sign up to the series you have unrestricted access to all five episodes. Each has its own subject area, and you can find the list of learning outcomes and DSPT points addressed before you watch the video.

How can you help me to become compliant?
If you have a specific requirement or if you already know what you want to do we’ll happily bring the correct people in to the conversation and help you on your way. As well as in-house expertise and a broad range of services to protect and monitor your assets, we work in close partnership with market leaders such as Okta and Sophos whose solutions can help with data security and protection.

If you want a more exploratory conversation, our free security workshop is a great place to start.

Contact your NHS Account Manager to book a session which looks at the areas you need help with and provides you with findings and recommendations to take away and action when you’re ready.

What about the points you don’t address in the webinars?
We’ve covered the areas that we believe are providing the biggest challenges for our customers in the NHS, not least because the move to remote working has moved the goalposts for many and driven topics like endpoint security and remote authentication way up the agenda. However, we can help with any data security and protection challenges.

Get in touch with us directly to talk through which points we can help you with, or go ahead and book a free security workshop with one of our cyber security consultants where we can help you to prioritise your challenges and make some recommendations.

What about the areas where my organisation is not compliant?
Where partial or non-compliance is revealed, organisations must take appropriate measures, (e.g. assign responsibility, put in place policies, procedures, processes and guidance for staff), with the aim of making cultural changes and raising information governance standards through year on year improvements.

Watch DSP Today

Where can I find more information?

DSP Today Generic (website) v2

About boxxe
boxxe works across both public and private healthcare systems – delivering digital services and consultation geared towards the needs of each client. Whether we are supporting organisations with an IT solution, such as making sense of complex licensing options, or guiding organisations through moving to a new public cloud network – boxxe’s experienced team will offer exceptional consultancy and ongoing support.

boxxe is able to deliver seamless support for public sector healthcare organisations through its appointment to multiple public sector frameworks, including HealthTrust Europe and NHS Shared Business services.

To learn more about boxxe's work in the NHS or how we're helping clients achieve compliance with the DSPT contact Jason and the team on NHS@boxxe.com

Copy of DSP Today Security Workshop (email)

google-site-verification: google4fc050a79b