DSPT Framework

The Data Security and Protection Toolkit (DSPT) Framework defines how we ensure that our university research adheres to the requirements of the Toolkit.  The Framework is governed by the FMS Information Governance for Health Research Group (FMS IGHR) which has responsibility for DSPT across the University.   One of the main objectives of the Framework is to use University policy and procedures and only create additional items that are required to meet the DSPT standards.  

The DSPT is made up of the National Data Guardian's 10 Data Security Standards with 137 pieces of evidence items. If the following process is followed completely then this provides us with all the evidence that is needed for a Toolkit.

Step 1

Meeting with the Information Governance Officer.

They will take you through the Project Enrolment Form, and ask for further information to be provided including:

  • Project Data Protection Impact Assessment 
  • Project Information Asset register - what data do you have and where is it stored.
    Project Members list – full list of all individuals that are to be included in the Toolkit.
    Project Hardware – all equipment that will be used to access IGT data.
  • Copies of Participant Information Leaflets, Privacy Notice if transparency materials not in leaflets, link to project webpage if available with published privacy notice and documentation.   
  • Copies of Data Flow Diagrams for the research project.
  • Copies of valid ethic forms and Caldicott approvals. 

Step 2

Email sent to all members of the toolkit with a copy of the 3 key documents.

  • Toolkit Information Governance Statement
  • DSPT Handbook
  • Toolkit Information Security Policy

All project members must respond to acknowledge that they have received a copy of the documents and that they have read and understood them. They must also sign the agreement contained in the handbook and return this to the Toolkit IG Lead.

Step 3

All members must complete the IG Training or provide evidence that they have completed the NHS IG training by sending either a certificate of completion or a screen dump/copy of email confirming training to recman@newcastle.ac.uk.

Once the above steps have been completed the project can be enrolled onto the Toolkit.  

 All project data must only be used and stored in the Technical Environment provided on secure University filestore. Data must only be accessed by designated members of the project, and access to the secure storage will only be given after the above steps have been completed.