The Data Security and Protection (DSP) Toolkit is the NHS’s mandatory online self‑assessment that organisations must complete each year if they access NHS patient data or NHS systems. It measures how well an organisation meets the National Data Guardian’s 10 Data Security Standards.

 What the DSP Toolkit Is
  • An online self‑assessment tool used to check whether an organisation is handling NHS data safely and legally.
  • Required for all organisations that access NHS patient information or NHS systems (e.g., NHSmail, Spine, EMIS, SystmOne).
What It Covers

The Toolkit assesses how well organisations meet the 10 Data Security Standards, including:

  • Data protection and confidentiality
  • Cyber security
  • Mandatory staff training
  • Incident reporting
  • Access controls
  • Safe handling of paper and digital records
  • Business continuity
  • Supplier and third‑party data management

These standards are set by DHSC and NHS England.

Who Must Complete It?

The Toolkit applies to any organisation that:

  • Provides NHS services
  • Uses NHS systems
  • Handles NHS patient data
  • Receives NHS funding

This includes NHS Trusts, GP practices, social care providers, private providers, charities and commercial suppliers.

Submission Requirements
  • The DSP Toolkit must be completed every year.
  • Some organisations must also provide mid‑year improvement updates, such as those due by 31 December 2025.

Failure to meet requirements may affect contracts, access to NHS systems, and regulatory assurance.

How TIAA Supports You

We help organisations meet the DSP Toolkit requirements through:

  • Readiness and Gap Assessments – Identifying where improvements or evidence are needed.
  • Support with Documentation and Evidence – Strengthening policies, procedures and audit trails.
  • Independent Assurance for Boards – Providing confidence that standards are fully met.
  • Expert Guidance on Data Security and Cyber Controls –  Ensuring practical, compliant, and proportionate measures.
  • Improvement Planning and Mid‑Year Support – Helping you stay on track throughout the year.
Why It Matters

DSP Toolkit compliance protects patient data, reduces cyber risks, ensures legal compliance, and maintains access to essential NHS systems. It also supports stronger organisational governance and public trust.

Get Support With Your DSP Toolkit

TIAA’s specialists can guide you through the entire process, whether you need full support or targeted assurance.

Contact us to discuss how we can help with your DSP Toolkit submission.