The NHS DSP Toolkit
Do you have access to NHS patient records? If you do, you must be following the recommendations outlined in the digital toolkit
NHS Digital launches toolkit to help ensure patient data is safe
In April 2018, NHS Digital introduced the new Data Security and Protection Toolkit. The DSP toolkit aims to help healthcare organisations achieve an appropriate level of cyber security to ensure patient data is protected. The Data Security and Protection Toolkit is an online self-assessment tool that allows NHS Trusts and healthcare organisations measure their cyber security processes against the National Data Guardian’s 10 data security standards.
“As a dress rehearsal – as a ‘lesson learned’ – WannaCry was good, it raised awareness of how cyber security can actually impact patient-facing services.”
Dan Taylor Head of the NHS Cyber Security Programme
Ready to achieve your security goals? We’re at your service.
Whether you are a CISO, an IT Director or a business owner, Equilibrium has the expertise to help you shape and deliver your security strategy.
Why has the DSP toolkit been introduced?
Ever since the catastrophic WannaCry attack in May 2017, it became clear that the NHS needed to make some big adjustments to ensure their systems and processes are robust and impenetrable. As we all know, this worldwide ransomware attack severely disrupted the NHS. Not only were 48 NHS trusts hit, a staggering 595 GP surgeries were also infected with the virus.
The NHS was completely paralysed, systems were shut down, thousands of appointments were cancelled and important patient records were unavailable. During this time the NHS received a lot of bad press for ‘not doing enough’ to secure their systems. However, for the past year NHS Digital have worked tirelessly to transform their cyber strategy.
How can Equilibrium help with DSP toolkit compliance?
Data Security Standard 9 states: A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.
Cyber Essentials is a government-backed cyber security certification scheme that sets out a baseline of cyber security suitable for all organisations. The scheme’s five security controls can prevent “around 80% of cyber-attacks”. The certification is a valuable indicator that the organisation has taken the necessary measures to bolster cyber security and reduce the risk of a cyber-attack.
Here at Equilibrium, we are one of the few Cyber Essentials certification bodies in the Midlands area. Equilibrium is a Certification Body under the accreditation body IASME. We can offer Cyber Essentials, Cyber Essentials Plus, IASME Governance and GDPR Readiness Assessments as a Certification Body.
The Cyber Essentials self-assessment is an excellent framework which allows you to review your security strategy and resilience against cyber threats. However, upgrading to Cyber Essentials Plus provides a much higher level of assurance than just the base self-assessment. It involves more rigorous testing and auditing of your security systems and policies. One of our security experts will validate the answers submitted in the self-assessment questionnaire, and perform an in-depth onsite assessment. The CE+ tool actually surpasses the expected standard of the toolkit which helps you complete many of the compliance statements on the portal.
CREST certified penetration testers UK
Standard 9 states that:Our Penetration Testing service is an excellent way to work towards achieving compliance for Standard 9 of the toolkit.
The aim of a penetration test is to simulate a malicious hack on a network to evaluate the effectiveness of the security in place.
Here at Equilibrium, we are CREST-accredited ethical penetration testers. This accreditation is what the DSP toolkit would call a ‘proven cyber security framework’ which can be used to protect your infrastructure from cyber threats. It also demonstrates that we have up to date knowledge of the latest vulnerabilities and techniques used by real attackers. In order to achieve this certification you must undertake a series of thorough examinations which are assessed and approved by GCHQ and NCSC.
Our Penetration Testing Process
Before testing commences, our experts will take time to understand your pen testing requirement in more detail, define the testing scope and gather the necessary technical information and access required to carry out the test.
Using a variety of pen testing tools our qualified penetration testers will manually assess your systems to identify security weaknesses/vulnerabilities which require patching and remediation.
In this phase we will interpret the results, and (if permitted and approved) exploit any vulnerabilities discovered. This will determine whether a hacker could use the vulnerability as leverage to gain wider access to your systems. However, many customers prefer to patch and remediate, rather than risking the potential service disruption that exploitation could cause.
Our experts will analyse the results and present the finding in a comprehensive penetration testing report. This will detail and categorise the vulnerabilities discovered ranked as either ‘Critical, High, Medium, or Low’, as well as outline instructions of how to remediate, patch and strengthen your defences.
After remediation, we can retest your systems to check that all patches have been applied and security holes have been mitigated.
How can we help with DSP Toolkit compliance?
Here at Equilibrium, we are a CREST accredited company and have been offering certified penetration testing services for a number of years. Our penetration testing price packages are straightforward, easy to follow and can be flexible to meet your budget and scope. We are also one of the few Cyber Essentials certification bodies in Birmingham. If you would like to find out more about how we can help you achieve compliance please book an expert call or call us on 0121 663 0055. You can find out more about the full requirements here.
- CREST accredited company
- OSCP certified testers
- A range of penetration services available
- Cyber Essentials Certification body