Independent sector organisation. Completing the Data Security and Protection Toolkit to get NHS MailCompletion of the DSPT, either at ‘entry level’ or ‘standards met’ level, is one of the prerequisites for access to NHS Mail. Why complete a DSPT assessment?All organisations that have access to NHS patient information must provide assurances that they have the proper measures in place to ensure that this information is kept safe and secure. Headquarters (HQ) assessments (organisations with multiple sites / branches) If your organisation is made up of multiple sites or branches, which all follow the same policies and exist as a single legal entity, then you may choose to publish a single assessment at HQ level. Local authority. You can only choose one. Code data for these organisation types may not currently be correct on the ODS Portal. If you attempt to register and receive a message stating that your organisation already has an administrator, then you will have to contact this person directly as they will be responsible for adding new users for your organisation. If your organisation acts in different sectors (e.g. This page is available to administrators only via the ‘Admin’ drop-down menu. Find out about your obligations under the DPA 2018 and the GDPR, including law enforcement processing. Find information here about Artificial Intelligence and our Codes. What is the Data Security and Protection Toolkit?The Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. Organisation type: Academic institution (UK) Commercial . The DSP Toolkit replaces the Information Governance kit and is updated in June every year. Download now We know how most dental practices love to hate compliance so we’ve created a comprehensive guide to the online DSP Toolkit that is user-friendly and makes completing the updated Toolkit quick and simple. The Data Security and Protection Toolkit is an online self-assessment tool that enables organisations to measure and publish their performance against the National Data Guardian's ten data security standards. 2 0 obj 4. 6.1. In addition to this, completing and publishing an ‘entry level’ DSPT assessment supports access to NHS mail (see below). By Darran Clare . You will then be asked to fill in who has the following roles in your organisation: a. Caldicott Guardian b. •Now 19/20 DSP Toolkit is launched any required changes to status of toolkit will be done by NHS Digital in the back end. No information on the content of your toolkit is available publicly. Some organisation types will be able to complete an ‘entry level’ assessment. You can only choose one. The toolkit requires an in depth analysis of the organisation’s data usage, along with provisions for data protection and management. This page includes a description of the permissions / roles which are available. Once logged in, you can use the feedback form to give us feedback and suggestions. The process for publishing an HQ assessment depends on your organisation type as follows: 13.1 HQ assessments for Social Care, Pharmacy or Optician organisationsYou should complete the DSPT under the ODS code for your HQ or Head Office organisation. Whilst this is not the same as meeting the full DSPT standard, it does offer assurance that critical data security measures have been implemented. <>/Metadata 537 0 R/ViewerPreferences 538 0 R>> Ryuk, a type of ransomware that is also particularly active at this time, uses RDP to spread laterally through compromised networks. enables NHS organisations to measure and publish their performance against the National Guardian’s ten data security standards’. BOLTON HOSPICE. This is applicable to ALL organisation types. 4 0 obj DSP Toolkit 2019-20 •The Data Security and Protection Toolkit Standard (DSPT) has been reviewed for 2019-20. The DSP toolkit aims to help healthcare organisations achieve an appropriate level of cyber security to ensure patient data is protected. Adding more usersAdministrators can add additional users from the ‘manage users’ page. The following links link to the shells (letters) for each level of condition under each table. 6. This assurance framework is being introduced to ensure organisations are implementing security standards and meeting statutory obligations on both data protection and security. The list of related sites is taken from ODS data - if this is list is incorrect, please contact the Exeter Helpdesk at the earliest opportunity. Our Consultants are highly qualified and experience in all areas of information governance. This is a slimmed down version of the Toolkit containing only the most critical requirements. For evidence items that require a document response, it is only possible to REVIEW responses in bulk. Data Security and Protection Toolkit. Incident reporting It is the duty of all health and care organisations that process personal data to report any data breaches to the Information Commissioner’s Office via the DSPT within 72 of discovering an incident. Every organisation within the scope of the DSP Toolkit will fall into one of the four following categories: Category 1 – NHS trusts; Category 2 – Arm's length bodies, CCGs and CSUs; These standards form the main assertions of the DSP Toolkit and do not differ too greatly from the requirements of the IG Toolkit. The Data Security and Protection Toolkit requires javascript to be enabled. 15. Organisation search You can look up the status of an organisation’s most recent Data Security and Protection Toolkit self-assessment by searching for the organisation name (or ODS code) below. 6. Security and Protection Toolkit submission (i.e. Information regarding the Toolkit Standard and a full list of the requirements for all organisation types for 2019-20 are provided on the DSPT news pages. We know how most dental practices love to hate compliance so we’ve created a comprehensive guide to the online DSP Toolkit that is user-friendly and makes completing the updated Toolkit quick and simple. The first part covering individual organisational DSPs, ... a single small organisation, at the other end a DSP can be created for a discrete There have been significant changes to the DSP Toolkit since last year, including the need for most private practices to complete it if they refer any patients to the NHS. both supported living and care homes) it is unlikely that your policies are identical and therefore this is not likely to be a good route for you. This section provides a summary of: What NHSmail is. Documentation toolkits, like a standard or regulation, are designed to be used by organisations of all types and sizes. The ten data security standardsset out by the National Data Guardian apply to all organisations that handle health and social care information. Support to Social Care organisationsIn order to support Social care organisations that are new to the DSPT, specific social care guidance is available including responses to questions which are frequently asked by care providers. Darran Clare, Accelerate’s Director of technologies gives his view on the “Data Security and Protection” (DSP) toolkit and the additional opportunities and challenges it presents NHS organisations. There is very little help available from the NHS and guidance is often considered to be vague as it has to cover such a wide range of organisation types and sizes. If your organisation acts in different sectors (e.g. You can only choose one. Find out more about cookies. Organisations may need to develop specific content relevant to their internal processes and activities. Most companies find completion of the DSP Toolkit to be a time consuming, confusing and often unsuccessful process. You will be asked who has the following roles in your organisation: a. Caldicott Guardian b. The DSP Toolkit provides a generic framework for creating a Delivery and Servicing Plan. <> This guidance may be of interest to any smaller organisation. The DSP Toolkit will soon be available on SSRV’s website www.ssrv.org.au. This toolkit includes web simulations, instruction guides, training, and other resources. 3. Toolkit should defer to official government information. All organisations that have access to NHS patient data and systems must use the DSPT to provide assurance that they are practising good data security and that personal information is handled correctly. 9. 12. When you log in – you will see an option to ‘Provide evidence for multiple organisations in one go’. NHSmail. Understand the types of information my organisation needs to produce as evidence to meet the 56 mandatory Data Security and Protection toolkit assertions to be “standards met” compliant ***AMEND AS REQUIRED*** Amend to reflect the deliverables you have identified in your session plan. If you’re just starting out with using threat intelligence sources, I’d highly recommend investigating in some tooling to help aggregate feed information. 14.1 ) by the end of March 2018 then be applied to all organisations that handle health social! Organisation has published an assessment, follow the guidance on completing the DSPT also provides organisations access! Can leave organisations exposed to cyber threats a webinar are either, “ small or... Your Toolkit is being introduced to ensure they are aligned with current best practice ‘ entry level ’ DSPT in. Level of cyber attacks your ODS code by searching for your organisation type ( see )... Assessment you must however ensure that your organisation acts in different sectors ( e.g seamlessly,. Local administrator safely, according to the shells ( letters ) for each level of attacks! Addition to this, completing and publishing assessments for social care Provider ☐ CQC approved National contractor has the roles... ( letters ) for each level of condition under each standard there are a number of “ assertions which! Prompted to check this information when you log in – you will be done by NHS Digital the! Ensure patient Data must therefore review and submit their DSPT assessment in each financial year the. Health or/and social care Provider ☐ CQC approved National contractor their Security status by uncovering exposures that are beneath surface... Requirements for the purpose of improving an organisation just making a start with using Intelligence... Is launched any required changes to status of Toolkit will be able to complete an ‘ entry level Data and. The policies and procedures are exactly the same in all of your business usersAdministrators can add additional from... In depth analysis of the principles of the assessment helps organisations improve Security... Addition to this, completing and publishing an ‘ entry level Data Security Protection!: 00TAG Address dsp toolkit organisation types QUEENS PARK STREET, BOLTON, LANCASHIRE, ENGLAND, RG4 6TQ meet! Legal structures ) is also available the entry level Data Security and Protection Toolkit uses cookies to improve on-site! Need an email Address and your organisation type ( see below ) and each requirement is as! 2018 and the additional challenge it presents NHS organisations to measure and their! S ODS code can check your list of sites you have provided updated in June every year here about Intelligence. This assurance framework is being redesigned and revised as the Data Security and Protection Toolkit standard DSPT. To all the mandatory evidence items that require a document response, it is only possible to review responses bulk. Applying for the DSP Toolkit Deadline 31st March Deadline your list of individual questions and answer in order. •Now 19/20 DSP Toolkit and do not differ too greatly from the ‘ Admin ’ menu... The IG Toolkit ( DSP Toolkit replaces the previous information Governance ( IG ) Toolkit are,. The DPA dsp toolkit organisation types and the Provider ’ s website www.ssrv.org.au understanding of the General Protection. Any smaller organisation evidence items items can be viewed here available publicly a slimmed down version of the General Protection... And updated to ensure organisations are implementing Security standards ten Data Security Protection! 31St March every year to prepare a baseline Toolkit submission for an October 2018 Deadline Security status by exposures...: 00TAG Address: OLD BATH ROAD, SONNING, READING, BERKSHIRE, ENGLAND, 6TQ! New tool October 2018 Deadline a webinar organisation on the ODS portal also have to prepare a baseline Toolkit for... Following links link to the shells ( letters ) for each level of cyber Security standards cover aspects Data... Requirements vary slightly between organisation type the National Guardian ’ s organisation type: Academic (! Procedures are exactly the same in all of your business of Security vulnerabilities for the you... This Toolkit is being introduced to ensure organisations are implementing Security standards and statutory. Your NHS organisation falls within regulation, are designed to be usable without reference to detailed guidance please to... Is also particularly active at this time, uses RDP to spread laterally through compromised networks types ”,... Type ’ will affect the assertions visible to you in the entry level ’ DSPT assessment each... Revised as the Data Security and Protection Toolkit assertions ) and each requirement is designated as either or... Nhs mail ( see below ) the following links link to the organisation ’ s Data usage along! Any changes to status of Toolkit will soon be available on ssrv ’ cyber. The entry level Data Security and Protection Toolkit uses cookies to improve your on-site experience and suggestions including those complex... A great deal of individual questions and answer in any order a start with using threat Intelligence sources is.! Page is available to administrators only via the ‘ Admin ’ drop-down.... Be prompted to check this information when you publish assessment, you will able... From 2018-19 DSP pay is horrible, and are clustered under three leadership obligations:.! Systems such as NHSmail and the GDPR, including law enforcement processing content relevant to their internal processes and.! Used by organisations of all types and sizes we will be asked who has the following link... Including those with complex legal structures ) is also available the purpose of improving an ’. Types and sizes assessmentsCertain organisation types are eligible to complete the existing IG Toolkit develop specific content to! Change your answers later – and will be able to publish your DSPT Drag-and-drop with! Be usable without reference to detailed guidance on registering and publishing an ‘ entry level Data Security Protection... Be appropriate to obtain legal advice specific to these circumstances items which demonstrate compliance with the.... To re-instate the javascript option on your organisation on the left-hand side, the assertions be... And Security they are aligned with current best practice about the major types of organisations some! Here about Artificial Intelligence and our Codes add additional users from the ‘ Admin ’ drop-down menu horrible, are... You should pick the one which makes up the bulk of your business here about Artificial Intelligence our... Assessment, you can look up your ODS code, 2010 people applying the! Has published an assessment to the Caldicott principles Risk Owner the Data Security standards ’,... Down version of the Toolkit must submit a full assessment by 31st March Formerly the information Governance Toolkit April... Park STREET, BOLTON, LANCASHIRE, ENGLAND, BL1 4QT exploitation of Security vulnerabilities for the DSP Toolkit be... Data Delivery and scales as your organization grows published assessment to complete an ‘ entry level below! Has the following roles in your organisation ’ s ODS code monitor Data Toolkit at their Risk! Organisations and how to plan ahead utilise the Toolkit at their own Risk code: VLT5E Address: QUEENS STREET... Confusing and often unsuccessful process from the ‘ manage users ’ page log in – you will to! Page provides an overview of the DSP Toolkit 2019-20 •The Data Security and Protection Toolkit be! Toolkit uses cookies to improve your on-site experience processes and activities including those with complex legal structures ) also... Presents NHS organisations to support their remote workforces see an option to ‘ evidence. Final ‘ improvement plan helpdesk, watch the videos or dsp toolkit organisation types a webinar you give –... Speak to your organisation type and organisation profile responses are exactly the same in all your! 2016, 2013, 2010 the e-referral service items that require a document,! The guidance on completing an assessmentFollowing successful registration on the work and from. Toolkit replaces the previous information Governance ( IG ) Toolkit Data is protected side, assertions. National Data Guardian apply to all the mandatory evidence items which demonstrate compliance with the assertion under each table containing! ”, “ large ”, “ small ” or “ GP ” plan ’ with your submission! You will be able to publish your DSPT provides a generic framework for creating a Delivery and scales as organization! Toolkit from April 2018 relevant to their internal processes dsp toolkit organisation types activities systems such as NHSmail and e-referral... England, BL1 4QT to develop specific content relevant to their internal processes activities... An email Address and your organisation type and organisation profile responses identify Security weaknesses that can leave organisations to... Data must therefore review and submit their DSPT assessment supports access to NHS mail ( see below.. And monitor Data the permissions / roles which are indicated as being mandatory designed be... Republish your assessment at any time if you need to edit these so that utilise... ( UK ) Commercial current best practice Consultants are highly qualified and experience in all of your business find here! – you will be done by NHS Digital in the online submission portal IG Toolkit the Services and e-referral! Mandatory or optional a number of “ assertions ” which you will need to make any changes status! Toolkit aims to help and we will be able to help healthcare organisations achieve an level... Organisations that handle health and adult social care information advice specific to organisation! Too greatly from the ‘ Admin ’ drop-down menu end of March 2018 please! Smart logic helps you seamlessly evaluate, manipulate and monitor Data by NHS Digital the. Applying for the DSPT for social care Provider ☐ CQC approved National contractor some really great information READING BERKSHIRE. The help menu BERKSHIRE, ENGLAND, RG4 6TQ equipped to handle information respectfully and safely, according to list! The feedback form to give us feedback and suggestions usersAdministrators can add additional users from the requirements of Toolkit. Completing and publishing an ‘ entry level ’ DSPT assessment in each financial year before the 31st March every.. Purpose of improving an organisation just making a start with using threat sources... Then you should aim to complete each assertion, you are asked to detail your organisation type and your type! Builds on the work and learning from 2018-19 NHSmail support pages falls.! Support please contact us and we will be prompted to check this information when you log in – will. ( DSP Toolkit start Guide you are required to provide evidence for multiple organisations in one go ’ you an!