Appointing an Independent Assessor for your NHS DSPT Submission

As a supplier to the NHS, you’re likely familiar with the NHS Data Security and Protection Toolkit (DSPT) assessment.

This comprehensive self-assessment tool is used by health and social care organisations serving the NHS in the UK. It provides a structured framework to measure performance against the National Data Guardian’s 10 data security standards, ensuring that personal information is managed securely and effectively.

Got a query, or need to speak to us?

Get a Quote

Why complete a DSPT assessment?

For organisations handling NHS patient information, demonstrating robust data security is not just a best practice—it’s a contractual obligation.

Completing the DSPT is a requirement under the NHS England Standard Conditions contract and aligns with the Department of Health and Social Care’s policies. It assures that organisations processing NHS patient information are adhering to stringent data protection measures.

 

Preparing for DSPT Changes

 

Starting September 2024, the DSPT will transition to incorporate the National Cyber Security Centre’s Cyber Assessment Framework (CAF) for cyber security and information governance assurance.

This shift will introduce new CAF-aligned objectives, principles, and outcomes for organisations such as NHS Trusts, CSUs, ALBs, ICBs, and IT Services, while others will continue with the existing DSPT protocol.

Independent Assessor for your NHS DSPT Submission

The Need for an Independent Assessment

How ISOQAR Can Assist

As an UKAS accredited certification body, ISOQAR is committed to supporting your compliance journey. Our team of experienced auditors brings extensive industry knowledge and a thorough understanding of the Cyber Assessment Framework (CAF). We are experts in data security and protection best practices, providing you with the reassurance you need.

One of our clients shared: “The auditors already had extensive knowledge of ISO 27001, NIST, and Data Protection, integral to the NHS-DSPT framework. Their thorough understanding of audit requirements enabled them to effectively evaluate our assertions.”

Following on from the assessment, I am confident in the assurance of our system, both organisationally and personally. The independent assessment has elevated our NHS-DSPT from a level of compliance to a level of assurance.”

Let ISOQAR be your trusted partner in navigating these changes and ensuring your DSPT submission is both compliant and robust. Reach out to us to find out how we can support you.

Purpose of a DSPT

Comply with the Data Protection Act 2018 and GDPR.

Meet the standards set out by the National Data Guardian’s data security standards.

Demonstrate good data protection practice.

Identify areas for improvement in data security and protection.

Case studies

How our customers have benefitted from The DSPT (Data Security and Protection Toolkit) assessment with us.