DSPT vs Cyber Essentials
The Data Security and Protection Toolkit (DSPT) and Cyber Essentials are both cybersecurity frameworks used in the UK, but they have different purposes, scopes, and requirements. Hopefully this page will explain how they are different but complementary
DSPT (Data Security and Protection Toolkit)
- Purpose: A self-assessment tool for UK healthcare organisations and social care providers to demonstrate compliance with data security standards set by NHS Digital and the Department of Health and Social Care.
- Scope: Focuses on protecting patient and service user data, emphasizing data security, information governance, and best practices in data handling.
- Requirements: Includes detailed questions across domains such as policies, staff training, data security measures, incident management, and systems architecture.
- Compliance: Required for organisations involved in health and social care to safeguard sensitive information and demonstrate compliance during audits.
Cyber Essentials
- Purpose: A government-backed certification scheme that helps organisations protect against common cyber threats.
- Scope: Broader than DSPT, applicable to organisations across various sectors, focusing on fundamental cybersecurity controls.
- Requirements: Includes five basic controls: secure configuration, boundary firewalls and internet gateways, access controls and administrative privileges, patch management, and malware protection.
- Compliance: Certification demonstrates that an organization has basic cybersecurity measures in place, often required for contracts with government or organizations handling sensitive data.
Comparison Summary
| Feature | DSPT | Cyber Essentials |
|---|---|---|
| Aim | Data security in healthcare and social care | General cybersecurity for all organisations |
| Scope | Data protection, information governance | Basic cyber hygiene and security measures |
| Requirements | Detailed, healthcare-specific questions | 5 fundamental technical controls |
| Certification/Assessment | Self-assessment, NHS Digital review | Certification issued upon successful assessment |
| Mandatory/Voluntary | Mandatory for NHS/social care providers | Voluntary, but often a requirement for contracts |
| Focus | Sensitive data protection | Broad cyber defense mechanisms |
DSPT Standards Exceeded
This is where the DSPT and Cyber Essentials start to come together.
The DSPT contains a number of mandatory and non mandatory questions. Completion of all the mandatory questions ensures that you meet the DSPT standard. Completion of all of the non mandatory questions does not meen you exceed the standard.
In order to be DSPT Standards Exceeded you must have a valid Cyber Essentials Plus certificate. This can then be connected to a DSPT Standards Met publication to achieve DSPT Standards Exceeded
In Summary
The DSPT is health and social care specific, focusing on protecting patient data, whereas Cyber Essentials provides a foundational cybersecurity baseline for organisations across sectors. Organisations involved in socail care are typically required to complete the DSPT as a part of a contractual requirement, while Cyber Essentials is widely adopted across industries to ensure basic cybersecurity measures.
The DSPT is essentially process and procedure driven whereas Cytber Essentials is more about technical standards
How can we help?
The Data Security Protection Toolkit (DSPT)
The West Midlands Care Association is part of a FREE national program - Better Security Better Care - to assist all CQC registered care providers with this.
To find our what you need to do next, just click on the button below.
Cyber Essentials
Mitigate your cyber security risk with a unique, state-of-the-art, cloud-based hub which provides the products and services that are vital for an effective cyber security strategy.
West Midlands Care Association is pleased to announce that we have expanded our long term partnership with Citation to include Citation Cyber!
We can now offer a range of cyber security solutions at discounted rates to our members
Contact us
If you need additional help or advice then our dedicated digital team are here to assist
They are available during normal office hours (Mon - Fri 9.00am - 5.00pm).
Use the chat facility on this website during office hours (Select department WMCA Digital Team)
or
Phone 01384 943000 opt 1
Email enquiries@wmca.digital
