Information Services Division


Data Safe Haven (DSH)

This service provides a technical solution for storing, handling and analysing identifiable data.

Service updates

Password Policy Changes

From Wednesday 15th December the DSH password policy is changing following recommendations from our recent penetration test. The minimum password length is being increased to 12. 
In addition to this we have discovered that the limit on the number of times characters can be repeated is 3 and number of sequential characters is 5. This may have resulted in difficulty changing passwords in the past. We are therefore increasing the number of character repetitions to 8 which should reduce the number of issues in future. The sequential characters limit will remain the same. Full details are available on the FAQs page.

Soft Tokens

Since the start of lockdown we have moved to issuing soft tokens to new users. The hard tokens we issued previously are starting are starting to fail and with remote working it is very hard for us to manage and issue these so we are encouraging you all to move to soft tokens if you haven't already. The soft token can be easily installed and configured yourself on your mobile phone. Instructions on how to set them up are available on the FAQs page.

DSH Service Portals

File Transfer Portal

Identifiable Data Transfer logo

Portal for secure transfer of data into the Data Safe Haven.

Applications & Data Portal

Application and Data Portal

Portal for secure handling of data using applications available in the Data Safe Haven and Securely transferring data out of the system.

Security & Tokens Portal

Self Service Portal logo

Self Service Portal for Password Management and Token Management. Including In Case of Emergency (ICE Login) Management.

The Data Safe Haven has been certified to the ISO27001 information security standard and conforms to NHS Digital's Information Governance Toolkit. Built using a walled garden approach, where the data is stored, processed and managed within the security of the system, avoiding the complexity of assured end point encryption. A file transfer mechanism enables information to be transferred into the walled garden simply and securely.

Getting started with the Data Safe Haven

Before requesting access to the Data Safe Haven you must complete the Information Governance assurance process.

If you have already completed the Information Governance assurance process you may request access using the self-service forms. Use the search box and the search term 'Data Safe Haven'. Requests can only be made by the Information Asset Owner or their nominated Information Asset Administrator.

Top FAQs

I don't have my hard token, how do I log in?

You can use the In Case of Emergency (ICE) logon procedure to log in even if you do not have your token.

1. Go to the Security & Tokens Portal
2. Click Use ICE logon procedure
3. Enter your DSH User ID and click Continue
4. Select Static Password from the Authenticator drop-down menu
5. Enter your DSH password and click Continue
6. Answer the security questions and click Continue
    (Answers are case-sensitive)

At this stage, you could create a new soft token. Please see the "How to create a soft token" FAQ for instructions.

7. Click Emergency
8. Click Request
9. Click Submit (you can not change this value)

Note: Your emergency code is displayed under the Code column. It will expire when used, or after 24 hours.

10. Go to the Application & Data Portal
11. Enter your DSH User ID and DSH Password
12. Enter the 8 digit emergency code

How do I create a soft token?

Install the "DeepNet MobileID" app on your smartphone, it is free and can be found on most app stores.
1. On your smartphone, launch App Store (iPhone) or Play Store (Android)
2. Search for ”MobileID” or ”Deepnet MobileID” and install it 

Create Token
1. Log in to the Security & Tokens Portal
2. Click the My Tokens tab and then click Create
3. On the Product drop-down list select MobileID/Timed-Based and click Submit
4. Assign a unique PIN to the new token by clicking the green down arrow on the row of the newly created token and select Reset PIN
5. Enter a new 4 digit PIN in the top text box, type it again in the Confirm text box and click Submit
4. Receive the token by clicking the green down arrow again, select PUSH and then click Email
You will be sent an email shortly with the subject line "DSH - Your Token (MobileID)", follow the instructions in the email to add the token to the MobileID app