Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security and Protection Toolkit

Similar presentations


Presentation on theme: "Data Security and Protection Toolkit"— Presentation transcript:

1 Data Security and Protection Toolkit
Presented by: John Hodson, NHS Digital

2 Why data security is important
It’s about trust! “Trust cannot be ensured without secure systems…” People trust the health and care system to protect information. Data Security must support digital transformation otherwise the risk of breaches increase and trust will be lost.

3 What is the Data Security and Protection Toolkit
Online data security self assessment Replacement for the IG Toolkit Lets organisations measure themselves against the NDG Data Security Standards Provides help for organisations with support to comply with GDPR.

4 Why is it Changing Static for a long period of time GDPR New threats
Move to continuous improvement model Making the first step more straightforward for smaller organisations Provide intelligence to CQC for inspections.

5 What has changed? Requirements reflect the 10 NDG Data Security Standards Support key requirements under the General Data Protection Regulation Move away from level 1,2,3 and towards ‘mandatory’ evidence items Removed duplication Concise, clear requirements Documentary evidence only required where it adds value Exemptions for organisations which use NHSmail or have in place a relevant standard. The requirements of the Data Security and Protection Toolkit (DSPT) are designed to encompass the National Data Guardian review’s 10 data security standards. The requirements of the DSPT support key requirements under the General Data Protection Regulation (GDPR), identified in the NHS GDPR checklist. The IG Toolkit assessed performance against three levels 1, 2 and 3. Organisations were required to provide evidence of compliance with (at least) level 2 for all elements of their assessment. The DSPT does not include levels and instead requires compliance with assertions and (mandatory) evidence items. The assertions and evidence items are designed to be concise and unambiguous. Documentary evidence is only requested where this adds value. Some evidence items will not be required where an organisation uses NHSmail, or has in place an existing relevant standard (Cyber Essentials PLUS, ISO 27001, Public Service Network Information Assurance).

6 Care Quality Commission (CQC)
CQC well led inspections will include data security, we are testing approaches currently The focus so far has been on how boards gain data security assurance Data security is wider than cyber Use information from DSPT and wider intelligence to set the prompts for the inspection.

7 Help and support Register
Presentation developed to be used by IG Leads. FAQs including Training Tool. DSP Toolkit Support available through. Toolkit training and update events

8


Download ppt "Data Security and Protection Toolkit"

Similar presentations


Ads by Google