NHS DSP Toolkit

Self-assessment framework for organisations handling NHS patient data.

The NHS DSP Toolkit is a UK self-assessment standard for organisations that handle NHS patient information. It sets expected security, governance and accountability controls and requires evidence to demonstrate those controls.

Operationally it requires mapping controls to systems, collecting technical and policy evidence, and keeping assessments current as systems change. That often means coordinating identity, logging, backups and supplier controls across mixed estates.

NHS DSP Toolkit: access and security controls

Requirements for access restrictions, privileged account controls, authentication and authorisation in the NHS DSP Toolkit.

PAM360

Centralises privileged credential management and session control to enforce secure administrative access.

WALLIX PAM

Manages privileged accounts, session brokering and access policies to control administrative rights.

AD360

Provides centralised IAM, MFA and SSO controls to enforce and manage user access across services.

Specops Password Policy

Enforces password composition and breach checks in Active Directory to strengthen authentication.

Specops uReset

Delivers secure self-service password reset with secondary verification to reduce account risk.

WALLIX Remote Access

Provides controlled remote access with authentication and session recording for auditable access.

uniqkey

Stores and controls access to shared credentials in an encrypted vault with administrative oversight.

NHS DSP Toolkit — Audit evidence and supporting records

Retention and presentation of logs, reports and records to support NHS DSP Toolkit assessment and audit enquiries.

ADAudit Plus

Records AD changes, user logons and file access, producing searchable reports for audit evidence.

NetWrix Auditor

Collects and stores tamper-evident configuration and activity logs to support DSP Toolkit audits.

MOVEit Transfer

Produces detailed, tamper-evident transfer logs and reports to provide audit evidence for transfers.

M365 Manager Plus

Collects activity and configuration logs across Microsoft 365 to produce audit reports and alerts.

MOVEit Cloud

Maintains comprehensive transfer logs and activity reports to demonstrate compliance for audits.

AD360

Consolidates access events and audit trails for directory accounts to support compliance reporting.

Patch Manager Plus

Provides patch-status reporting and deployment records to demonstrate device patching for audits.

NHS DSP Toolkit: data protection and handling

Standards for protecting, classifying, transferring and retaining NHS patient and service data, including controlled handling and storage.

RecoveryManager Plus

Performs scheduled AD and Microsoft 365 backups enabling point-in-time recovery of sensitive data.

Netwrix Data Classification

Discovers and labels sensitive records across repositories to support data handling and protection duties.

MOVEit Transfer

Encrypts and enforces controls on file transfers to protect NHS patient data in transit and at rest.

MOVEit Cloud

Cloud service encrypts, controls and stores transfers centrally to ensure secure handling of patient data.

Netwrix Endpoint Protector

Monitors and blocks unauthorised data transfers from endpoints to protect patient information.

NHS DSP Toolkit — Governance & Compliance

Map and evidence organisational oversight, accountability and policies against NHS DSP Toolkit assertions for compliance and risk management.

CyberSmart

Centralises security controls, checks and training to help organisations meet DSP Toolkit compliance.

Where NHS DSP Toolkit fits

It ties into identity and access systems, storage and backup platforms, logging, and supplier integrations. Evidence usually comes from system configurations, audit logs and documented processes.

You should consider the toolkit when selecting or configuring security and data protection tools. Assessment outcomes influence internal control priorities and how teams manage access, suppliers and data flows.

Discuss your NHS DSP Toolkit implementation

Speak to a specialist