This guidance relates to the 2023-24 (version 6) standard.
About the guides
All health and care organisations are expected to implement the 10 National Data Guardian (NDG) standards for data security. These standards are designed to protect sensitive data, and also protect critical services which may be affected by a disruption to critical IT systems (such as in the event of a cyber attack).
A ‘big picture’ guide has been provided for each of the 10 standards to help organisations understand expectations, and support implementation of good data security and protection.
These guides also help organisations meet the requirements of their annual Data Security and Protection Toolkit (DSPT) self-assessment. Throughout these guides you may see references to DSPT requirements (assertions and evidence items).
The guides aim to support a wide range of health and care organisations, and as such are not exhaustive. They will not cover every eventually and professional judgement will be required in how the standard is met and audited.
See further note on professional judgement, auditing and GDPR.
At times the big picture guides may go further than the audit guides and vice versa. Only the most binary of assertions would lead to one answer. The divergence of guides is either following an implementation theme to the end or the next logical audit artifact.
Last edited: 28 September 2023 10:51 am