The Data Security and Protection Toolkit (DSPT) is an online self-assessment required to be completed by all suppliers to the NHS.
For IT suppliers or providers of critical services, each years DSPT submission now requires a mandatory impartial audit to validate the controls in place based on the assertions within the self-assessment.
Collaborate with us to undertake an impartial audit of your Data Protection and Information Security measures in line with the Data Security Protection Toolkit requirements.
Following recent changes to the DSPT guidelines, any organisation with over 50 staff and £10 million revenue is required to undertake a Category 2 DSPT and an externally validated audit of the submission.
You can read more about the differences in Category 2 submissions in our latest blog here
Unsure if your organisation meets the criteria?
Underpinned by our experience in Information Governance and Management System standards, our team deploy a proven methodology that is proportionate and pragmatic. Our team will:
At the conclusion of the Audit, we will provide an assertion of conformity with the DSPT requirements alongside a detailed report outlining improvements that can be made to existing procedural and technical controls.
Unsure about the resources required to complete the audit?
Schedule a no-obligation readiness review with a member of our team.
The DSPT portal has an approved list of Auditors – one of whom is 8foldGovernance. Organisations that need to complete this mandatory audit should choose a supplier from this list for it to be accepted by the NHS.
The Audit focuses on validating controls across the 12 mandatory areas of the DSPT submission. This includes assessing the effectiveness of your accountability and governance framework for data protection and security, and that controls are established for identity & access control, access to privileged accounts, business continuity, software/vulnerability patching, and supplier management.
Your results will not be shared by us with the NHS if you fail the first time. If there are controls we can help you strengthen or processes we can help you embed, our expert team will be able to advise and support remediation and a free re-Audit of those controls can be conducted at no extra cost. Please contact the team to learn more about our approach.
The Audit will be conducted asynchronously over the course of 14 working days. We will need access to several key stakeholders across the business, but we will proactively schedule calls and work with you to ensure minimal business disruption.
We provide all clients with a certificate and a badge for their website as proof of a successful Audit.
We’ll walk with you every step of the way to evidence your governance, advise on how you can strengthen controls and complete your annual DSPT submission.
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |