DSPT Framework

The Data Security and Protection Toolkit (DSPT) Framework is how the university runs the DSPT.  The framework is governed by the FMS Information Governance for Health Research Group (FMS IGHR) which has responsibility for DSPT across the University.   One of the main objectives with the toolkit is to use the university policy and procedures and only creat additional items that are required to meet the DSPT standards.  To create a system that does not increase the amount of administration for the researchers.

The DSPT is made up of 10 Data Security Standards with 131 pieces of evidence items. If the following process is followed completely then this provides us with all the evidence that is needed for a Toolkit.

Step 1; Meeting with the Information Governance Officer, They will take you through the Project Enrollment Form, and ask for further information to be provided including

Project Data Protection Inpact Assessment 

Project Information Asset register. - What data do you have and where is it stored.
Project Members list – Full list of all individuals that are to be included in the Toolkit.
Project Hardware – All Equipment that will be used to access IGT data.

Copies of Participant Information Leaflets, Privacy Notice if transparency materials not in leaflets, Link to project webpage if available with published privacy notice and documentation.   

Copies of Data Flow Diagrams.

Copies of Valid ethic forms and caldicott approvals. 

 

Step 2;
Email sent to all members of the toolkit with a copy of the 3 key documents.
Template Email is provided

  • Toolkit Information Governance Statement
  • DSPT Handbook
  • Toolkit Information Security Policy

All project members must respond to acknowledge that they have received a copy of the documents and that they have read and understood them. They must also sign the agreement contained in the handbook and return this to the toolkit IG Lead .

Step 3; All members must complete the IG Training or provide evidence that they have completed the NHS IG training by sending either a certificate of completion or a screendump/copy of email confirming training to Wendy Craig.

Once the above steps have been completed the project can be enroled onto the toolkit.  

 All project data must only be used and stored in the Technical Environment provided. Data can only be accessed by designated members of the project, and access to the secure storage will only be given after the above steps have been completed.