DSP Toolkit Audit
Data Security and Protection Toolkit (DSP) Audits and pre-submission assessments
Note : The deadline for completing the DSP Toolkit has been extended to 30 September 2020.
All organisations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
This an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
The organisations in scope for mandatory annual audits of their DSPT self-assessments are:
- NHS Trusts (Acute, Foundation, Ambulance and Mental Health)
- Clinical Commissioning Groups
- Commissioning Support Units
- Arm’s Length Bodies.
We provide an objective independent examination to assess the organisation against the requirements of the DSP Toolkit.
This increases the value and credibility of the assessment and collation of evidence produced by your own internal review which in turn increases user confidence and reduces your Data Protection risk.
Our independent review, carried out by experienced and practical Information Governance experts also provides greater transparency to the Board and Trustees, highlighting areas of concern or risks.
As external auditors appointed by the organisation we are able to act independently to ensure an objective approach to the audit process.
We follow the NHS Digital Data Security and Protection Toolkit (DSP Toolkit) Independent Assessment Framework and produce written reports and action plans as required to determine the organisations compliance with the National Data Guardian’s 10 data security standards.
As experienced independent assessors of Health and Social Care organisations we providing comfort over the accuracy of your Data Protection compliance, for example we can reveal any systematic errors occurring throughout the organisation or individual Departments and often our report is critical to decision making for an organisation placing reliance on patient information.
We can challenge the robustness of the internal controls and processes an organisation has in place, giving an external perspective and valuable feedback.
And as we have previous experience in those areas we know which on-site tests and documents that need to be carried out and reviewed as part of the audit, for example whether or not the evidence text is mandatory for each category of health and social care organisation. We use our highly regarded professional judgement and expertise to further investigating and analysing the specific control environment, and associated risk, of each health and social care organisation.
For further information contact us: email@example.com