Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security and Protection Toolkit

Published byRodger Little Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Security and Protection Toolkit"— Presentation transcript:

1 Data Security and Protection Toolkit https://www.dsptoolkit.nhs.uk/

2 Re-Designing the IG Toolkit
Provide time to implement the data security standards by reducing burden and duplication in the toolkit. KPIs that leaders can recognise and utilise to change culture. Making the first step more straightforward for smaller organisations. Listening to our stakeholders and piloting the new toolkit. Keeping the toolkit flexible and updated more regularly. Develop suitable guidance.

3 Why is it Changing Static for a long period of time GDPR New Threats
Move to continuous improvement model NDG Report

4 Understanding what the NDG review says on information governance
It’s about Trust! “Trust cannot be ensured without secure systems…” People trust the health and care system to protect information. IG must support digital transformation otherwise the risk of breaches increase and trust will be lost.

5 General Update The requirements of the Data Security and Protection Toolkit (DSPT) are designed to encompass the National Data Guardian review’s 10 data security standards. The requirements of the DSPT support key requirements under the General Data Protection Regulation (GDPR), identified in the NHS GDPR checklist. The IG Toolkit assessed performance against three levels 1, 2 and 3. Organisations were required to provide evidence of compliance with (at least) level 2 for all elements of their assessment. The DSPT does not include levels and instead requires compliance with assertions and (mandatory) evidence items. The assertions and evidence items are designed to be concise and unambiguous. Documentary evidence is only requested where this adds value. Some evidence items will not be required where an organisation uses NHSmail, or has in place an existing relevant standard (Cyber Essentials PLUS, ISO 27001, Public Service Network Information Assurance).

6 How does the scoring work
The assertions sit under each standard. Evidence items sit under assertions and represent an indicator of maturity in that area For an Organisation to be Satisfactory they have to complete all of the mandatory items in their toolkit.

7 Assertions The assertions are not as prescriptive as the predecessor standard contained within the information governance toolkit. Assertions and associated evidence form an indication of good practise not a complete predefined framework allowing greater local integration. Assertions are a confident and forceful statement of fact or belief. Evidence items are used to support the assertion.

8 Assertion Owners There is an optional ability to allocate an owner of each assertion. The Assertion owner confirms the assertion. They must be a user of the DSP Toolkit Before Publication the owner must confirm that they are satisfied that the evidence provided supports the assertion the organisation is making.

9 Evidence Items Evidence items are either Mandatory or Not Mandatory
Mandatory Evidence items should be completed first To meet the Standard all Mandatory Evidence items must be completed Each Evidence item has help text which explains what should be included in the response.

10 Guidance There is guidance available in the Help menu
Guidance is split into general items and a big picture guide for each of the NDG Standards. Guidance for the many specific areas has been migrated from the existing toolkit such as Clinical Coding, Registration Authority etc., Keep Checking as guidance is being updated regularly.

11 User Types Administrator
Can view and confirm assertions, view/add/edit evidence, Allocate owners of assertions, Publish assessment Create/edit organisation profile, Create and edit users for own organisation. Member Can View assertions and view/add/edit evidence items Confirm Assertions where they are the ‘owner’ of the assertion, View organisation profile. Auditor Can view assertions and evidence (but not edit) view organisation profile (but not edit)

12 New requirements in DSPT
Leaders and board members receive suitable data security and protection training. Organisations undertake process reviews to identify and improve processes which have caused breaches or near misses. NHS Organisations must act on CareCERT alerts and notifications. Organisations must complete a specific business continuity test for data security. Organisations must survey their software for unsupported systems. Organisations must ensure all networking components have had their default passwords changed. Large organisations must ensure their web applications are secure against top 10 vulnerabilities. Large organisations must undertake a penetration test annually. Large organisations must flag any suppliers with significant issues complying with the NDG standards to the board.

13 Clinical Coding Still included in the Data Security and Protection Toolkit Incorporated into NDG Standards 1 and 3 Training for Clinical Coders is included in the Specialist training (Assertion 3.4) Clinical coding audit is included in Data Quality Audit (Assertion 1.7) Guidance broadly unchanged from IGT V14.1

14 FAQs SIRI tool being updated to GDPR breach reporting tool and NIS directive for applicable organisations ready for May 2018. Current Toolkit will stay in read-only format. October baseline submission for large NHS organisations. Publication will be at summary level not detailed. Training requirement largely unchanged. Ability to choose “Secondary sectors” to be developed

15 Care Quality Commission (CQC)
CQC well led inspections will include data security, but not fully agreed how this will work. Use information from DSPT and other intelligence from other sources. Data security includes more than cyber.

16 Recommended background reading
National Data Guardians Report Government’s Response Data security standards Overall Guide

Download ppt "Data Security and Protection Toolkit"

Similar presentations

Organizational Governance

Organizational Governance
Document management Rev. Description Author Date 0.0 First draft

Document management Rev. Description Author Date 0.0 First draft
Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.

Rev.DescriptionAuthorDate 0.0First draftDavid Stone14/07/10 0.1ReviewPhil Walker Magi Nwoli Tony Heap Vanessa Kaliapermall 15/07/10 1.0FinalDavid Stone18/07/10.
National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Quality Assurance. Identified Benefits that the Core Skills Programme is expected to Deliver 1.Increased efficiency in the delivery of Core Skills Training.

Quality Assurance. Identified Benefits that the Core Skills Programme is expected to Deliver 1.Increased efficiency in the delivery of Core Skills Training.
Commissioner Feedback for SLAM CQC Inspection in September 2015 Engagement with Member Practices 1.

Commissioner Feedback for SLAM CQC Inspection in September 2015 Engagement with Member Practices 1.
1 Understanding CQC registration Summer 2012. 2 Introduction to CQC.

1 Understanding CQC registration Summer Introduction to CQC.
Healthcare Commission update Sue Fraser-Betts Senior Assessment Manager October 2006 1.

Healthcare Commission update Sue Fraser-Betts Senior Assessment Manager October
SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: +64 4 924 3460 Mob: +64 21 310 216

SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
7/7/20161 The Public Sector Equality Duty for Schools in England Jonathan Timbers – Policy Manager, PSED Team, Equality and Human Rights Commission.

7/7/20161 The Public Sector Equality Duty for Schools in England Jonathan Timbers – Policy Manager, PSED Team, Equality and Human Rights Commission.
1 CQC review of data security standards in the NHS Rosie Wood, Strategy Lead Information Governance Alliance Conference 16 March 2016.

1 CQC review of data security standards in the NHS Rosie Wood, Strategy Lead Information Governance Alliance Conference 16 March 2016.
Audit Committee 1 June 2005 Overview of the Audit Function in the Council and Role of Audit Committee.

Audit Committee 1 June 2005 Overview of the Audit Function in the Council and Role of Audit Committee.
Safe Digital Transformation

Safe Digital Transformation
Patient Administration Performance Delivery Evidence Framework

Patient Administration Performance Delivery Evidence Framework
The Quality Surveillance Team / Programme

The Quality Surveillance Team / Programme
Integration, cooperation and partnerships

Integration, cooperation and partnerships
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management

Similar presentations

Ads by Google