Appointing an Independent Assessor for your NHS DSPT Submission
As a supplier to the NHS, you’re likely familiar with the NHS Data Security and Protection Toolkit (DSPT) assessment.
This comprehensive self-assessment tool is used by health and social care organisations serving the NHS in the UK. It provides a structured framework to measure performance against the National Data Guardian’s 10 data security standards, ensuring that personal information is managed securely and effectively.
Got a query, or need to speak to us?
Get a Quote
Why complete a DSPT assessment?
For organisations handling NHS patient information, demonstrating robust data security is not just a best practice—it’s a contractual obligation.
Completing the DSPT is a requirement under the NHS England Standard Conditions contract and aligns with the Department of Health and Social Care’s policies. It assures that organisations processing NHS patient information are adhering to stringent data protection measures.
Preparing for DSPT Changes
Starting September 2024, the DSPT will transition to incorporate the National Cyber Security Centre’s Cyber Assessment Framework (CAF) for cyber security and information governance assurance.
This shift will introduce new CAF-aligned objectives, principles, and outcomes for organisations such as NHS Trusts, CSUs, ALBs, ICBs, and IT Services, while others will continue with the existing DSPT protocol.
The Need for an Independent Assessment
- The NHS Standard Contract and DSPT requirements stipulate that certain NHS organisations must undergo an annual DSPT audit or independent assessment. This includes:
- NHS Trusts (Acute, Foundation, Ambulance, and Mental Health)
- Integrated Care Boards
- Commissioning Support Units
- DHSC Arm’s Length Bodies
- Independent Providers designated as Operators of Essential Services
- IT Suppliers
How ISOQAR Can Assist
As an UKAS accredited certification body, ISOQAR is committed to supporting your compliance journey. Our team of experienced auditors brings extensive industry knowledge and a thorough understanding of the Cyber Assessment Framework (CAF). We are experts in data security and protection best practices, providing you with the reassurance you need.
One of our clients shared: “The auditors already had extensive knowledge of ISO 27001, NIST, and Data Protection, integral to the NHS-DSPT framework. Their thorough understanding of audit requirements enabled them to effectively evaluate our assertions.”
Following on from the assessment, I am confident in the assurance of our system, both organisationally and personally. The independent assessment has elevated our NHS-DSPT from a level of compliance to a level of assurance.”
Let ISOQAR be your trusted partner in navigating these changes and ensuring your DSPT submission is both compliant and robust. Reach out to us to find out how we can support you.
Purpose of a DSPT
Comply with the Data Protection Act 2018 and GDPR.
Meet the standards set out by the National Data Guardian’s data security standards.
Demonstrate good data protection practice.
Identify areas for improvement in data security and protection.
Case studies
How our customers have benefitted from The DSPT (Data Security and Protection Toolkit) assessment with us.
