Skip to main content


Open Statistics - Cyber Security


This project is currently in development. An overview of methodology and caveats are given below. For more information please contact
Opinions expressed in this page are not representative of the views of NHS England and any content here should not be regarded as official output in any form. For more information about the NHS England Transformation Directorate please visit our official website.

The Data Security and Protection Toolkit is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. This includes trusts, commissioners and CSUs.

The data displayed in this page will show all organisations open as of 9th of September 2022. Any organisations which have merged and do not have a DSPT status will inherit the DSPT status of the merged organisation.

The following information displays data taken from a specific snapshot of the DSPT data. The latest status information was downloaded on the 9th September 2022.

You can find the previous iteration of this page showing the 20/21 DSPT data at 20/21 Open Cyber Page

For more information on the Data Security and Protection Toolkit, please visit the DSPT portal.

Notes on Methodology

Composite Metrics for ICS

The DSPT status for Clinical Commissioning Groups (CCGs) and Trusts are coded (scored) as follows to create the proxy for Integrated Care System (ICS) summary metrics:

  • Status Exceeded = 3
  • Status Met = 1
  • Approaching Standards = -1
  • Not Published/Not Met = -3

  • CCG scores within an ICS are then weighted based on the resident population.

    Trust scores within an ICS are weighted as a simple average.

    Finally, for each ICS, the CCG and Trust scores are weighted equally to arrive at the ICS composite score.

    The final scaling for each of the summary metrics displayed will have an upper bound of 3 and a lower bound of -3.

    Summary of DSPT Compliance (2021/2022 edition).

    Summary statistics from the DSPT 2021/22 toolkit are shown.

    <!DOCTYPE html>

    Primary.Sector 21/22
    Not Met
    CCG 22 ( 20.8% ) 82 ( 77.4% ) 2 ( 1.9% ) 0 ( 0.0% ) 106 ( 100.0% )
    Commissioning Support Unit (CSU) 4 ( 80.0% ) 1 ( 20.0% ) 0 ( 0.0% ) 0 ( 0.0% ) 5 ( 100.0% )
    Trust 15 ( 7.1% ) 129 ( 60.8% ) 63 ( 29.7% ) 5 ( 2.4% ) 212 ( 100.0% )
    Total 41 ( 12.7% ) 212 ( 65.6% ) 65 ( 20.1% ) 5 ( 1.5% ) 323 ( 100.0% )

    Generated by summarytools 1.0.1 (R version 4.2.1)

    CCGs and Trusts - Individual Compliance

    The compliance of individual CCGs and Trusts are mapped below, with ICS boundaries. Toggle the boxes on the top right-hand side to add layers.

    CCGs and Proportions of Trusts Compliance - Colour Coded Population

    The proportions of trust compliance within each ICS with boundaries (in black) are shown. The ICSs are colored to represent the patient population level. The darker the shade of blue the higher the patient population level.

    ICSs Composite Compliance - CCG and Trust Score Average Weighted For Population

    The compliance of individual ICSs, made up of a composite score of 50% CCG scores which have been weighted for population and 50% of a simple average of Trust scores. Region boundaries are displayed in blue.

    Template for end-to-end open source analytics:, and github actions.

    Analytics leverages open source data and R libraries such as leaflet for interactive maps, plotly for other interactive visualisations and summarytools for descriptive statistics.