Skip to the content

The Data Security and Protection Toolkit is an annual self-assessment for health care organisations. The deadline for the 2022 submission is fast approaching on the 30th of June for many NHS Trusts. James Ambrose, Head of Public Sector Sales, summarises what's new and where to begin. He covers:


The Data Security and Protection Toolkit is an annual self-assessment for health care organisations. The assessment allows NHS trusts to measure performance against the top 10 security standards. Data security is ever-evolving. Therefore, each year the requirements are updated to reflect best practices.

The deadline for the 2022 submission is fast approaching on the 30th of June for many NHS Trusts.

Benefits of the DSPT
  • Specific for the NHS and how they manage data
  • Roadmap for continuous improvement
  • Security best practice
  • Mitigation of risk of a data breach



Risk and Compliance in a Connected Devices World

Forescout Healthcare Round Table

DATE: Thursday, 14 July TIME: 11:00 AM LOCATION: Online


2021-2022: What is new and where to begin

The 2021/22 assessment has evolved from the previous iteration and now includes medical devices. This is because NHS Trusts must have an inventory of medical devices. The DSPT also reflects the need to maintain critical logging data and ensure critical software is patched to the latest version to ensure patient data security.

The first step when reviewing the DSPT is always to understand the scope in which you operate. Current information security processes, procedures and locations will be the core starting point - where are we at the moment and where do we need to be.

The DSPT has been in use since 2018, so reflection on previous submissions is critical as this is a working document to drive continuous improvement. Step two should be where are the gaps in earlier submissions vs the new toolkit requirements.

Central to the process should always be the current threat landscape and the data security objectives of the Trust – what is key and what are you looking to achieve. The utilisation of the DSPT can significantly improve the data security of an NHS Trust, with different stages on the journey:

  1. Approaching Standards
  2. Standards Met
  3. Standards Exceeded

The toolkit should be used as a baseline for the data security framework within the Trust with clear responsibilities and risk owners identified in the process.


How Chess Can Help

We have helped many NHS trusts since 2018 with their DSPT requirements. At Chess, we pride ourselves on our customer service levels and technical ability above industry standards.



Our Penetration Test team have tested NHS trust sites to ensure they find and mitigate risks across the organisation. We offer clear guidance on the risk factors to consider and can translate our extensive knowledge in this area to provide real value.

Medical IoT devices connect to the network to help with life-saving procedures, but trusts must have sight of every device on the network. From a laptop to a scanning device to blood pressure monitors. Simply put, you can not protect what you can not see. At Chess, we work with one of the market leaders, Forescout, in this area and have helped NHS trusts gain visibility of all devices across the network.

One of the critical elements in the DSPT again this year is log retention and monitoring. With so many different systems generating logs, it's vital that trusts can store and gather critical data from those log sources to protect the information held within them. A SIEM solution can allow you to ingest all log sources into one central system – saving critical time during a security incident. We work with LogPoint and have assisted numerous NHS Trusts with SIEM technology to cover this area and provide a data-enriched experience.


Zero Trust is another area in which we have helped NHS trusts with the DSPT – web security, DLP, CASB are all evolving to ensure data remains secure. One of our key partners, Forcepoint, is a specialist in the Zero Trust space and has worked in collaboration with Chess and the NHS to layer their Microsoft solutions and improve data security, controlling data usage and access to the data.


Secure Your Cloud

Forcepoint and Microsoft Webinar

DATE: Tuesday, 28 June TIME: 11:00 AM LOCATION: Online 




The DSPT is designed to improve data security within healthcare organisations, highlighting year-on-year critical areas for focus. Delivering against standards is key to keeping data safe and secure. At Chess, we are happy to work as an extension of your team, providing a wealth of experience with our technical architects and key security vendors. So reach out and speak to us, and we can help you on the journey.

To learn more about how you can protect your organisation, book your free 30-minute security consultation with one of our penetration testers. Get agnostic advice from industry experts on how secure your business. Request here.

Recommended Content

Threat Hunting for Public Sector

Threat Hunting for Public Sector

Graham Foreman, Head of Public Sector Sales, reviews the threat hunting requirement part of the recently published Government Cyber Security Strategy.

Hybrid Warfare and Cyber Attacks

Hybrid Warfare and Cyber Attacks

Luiz Simpson, Director of Security Testing, reviews the most recent news on cyber attacks, hybrid warfare and the conflict in Ukraine.

James Ambrose

James Ambrose

James Ambrose, Head of Public Sector Sales at Chess, is responsible for leading Public Sector sales and our dedicated teams in government, health, education and housing. James joined Chess in 2019 and has a demonstrated history of working in the Information Technology and Cyber industry.

Speak to a Product Specialist

You can fill out the form and one of our product specialists will contact you shortly with more information.
To contact our Sales team directly, please call 0344 770 6000 and choose option 4.
Customer Service
For general queries or to report a non-urgent fault, please log a ticket on our customer portal using the email address associated with your account. Logging a ticket is quick and easy to do. Once you have logged your ticket, we will respond within 24 hours or your Service Level Agreement, whichever is quicker.
I agree for my information to be used for marketing communications.
Chess Privacy Notice

By submitting your personal information through this form, you consent to your information being processed in accordance with the Chess group privacy notice.