Help Centre

The NHS Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that NHS organisations must complete annually. Folelse maps every DSPT assertion to the relevant data in your account, automatically linking evidence as you complete compliance activities.

What are DSPT assertions?

The DSPT contains 10 data security standards, each with multiple mandatory and best practice assertions. For example, Standard 3 (Training) requires assertions about IG training completion rates. Standard 7 (Process Reviews) requires assertions about DPIA completion.

How Folelse links to DSPT assertions

• Your ROPA entries auto-populate Standard 4 (Data) and Standard 7 assertion evidence.
• Your policy acknowledgement data populates Standard 3 (Training) assertions.
• Your Information Asset Register populates Standard 8 (Appropriate) assertions.
• Your supplier due diligence records populate Standard 3 and Standard 6 (Cyber Security) assertions.
• Your breach records populate Standard 9 (Unsupported Systems) and incident management assertions.
• Your DPIA records populate Standard 7 (Process Reviews) assertions.

Viewing assertion completion

1. 1 Go to Dashboard → DSPT.
2. 2 Each of the 10 standards is shown with a completion percentage.
3. 3 Click on a standard to expand it and see individual assertions.
4. 4 Green assertions are complete; amber are partial; red are missing evidence.
5. 5 Click on an assertion to see what evidence is linked and what is still needed.