Your business processes millions of data points every day, with multiple NHS services and providers relying on you to process vast volumes of the most sensitive and confidential information in the world. You’re the backbone of a digitally enabled healthcare service and are critical to its safe delivery.
This responsibility must be underpinned by effective Governance.
That’s where we come in.
We’re your partner to:
Our in-house team of Data Protection and Information Security experts have decades of experience in governance best practices, helping your business assure your clients and partners.
Supporting organisations with over 50 staff and £10 million of Revenue to achieve compliance with the enhanced DSPT requirements.
We undertake expert, impartial audits of Category 2 DSPT submissions to help organisations meet their mandatory requirements.
The best practice standard for Information Security Management. We help organisations build, integrate and maintain ISO certified management systems.
The national baseline for cyber-security best practice, we help organisations meet Cyber Essentials and Cyber Essentials Plus standards.
We support organisations to expand internationally, leveraging their existing compliance portfolio to expedite market access.
The DSPT is an online self-assessment designed to help NHS suppliers and health and care organisations measure their data security and protection practices against national standards.
All organisations that handle personal data, including NHS providers and third-party service providers, are required to complete the DSPT annually.
Organisations that have implemented HIPAA thoroughly and effectively and/or are SOC2-certified will likely have few issues aligning with DSPT – there is quite a lot of overlap between the requirements.
However, because DSPT reflects the NHS’ interpretation of UK data protection and security law as well as organisation-specific controls that they use to minimise risks, you should expect to see some UK- or NHS-specific requirements that you don’t currently cover, such as application of UK citizens’ data protection rights and subscription to UK-specific cybersecurity notification services, like the National Cyber Security Centre.
Yes – every organisation must submit their DSPT even if they have certification to ISO 27001 with a UKAS certification body. Many of the controls in ISO 27001 align with DSPT so there are opportunities to consolidate evidence.
If you are submitting as a Category 2 organisation, you will still need to provide all of your evidence via the portal; however, you will also be asked for an Audit Report. You will need to undertake an impartial third-party audit to validate your controls. This is something we can help you with.
Yes, it is a mandatory requirement essential for organisations to achieve a ‘Standards Met’ status on the DSPT portal.
Explore how our team of Data Protection and Information Security experts can help you build upon you compliance foundations to build “good governance” into your organisation.
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |