Logo

Assuric

Sign inBook a demo
Data Protection & Security

NHS DSPT

Understand the NHS Data Security and Protection Toolkit and how it affects your business

Framework

NHS DSPT
compliance

The NHS DSPT (Data Security and Protection Toolkit) provides a framework for data protection and security assurance to ensure personal information including patient data is handled correctly across the NHS.

The Assuric platform can help you manage all aspects of data security and protection, ensure standards are met, conduct audits, and streamline NHS cyber security and data protection toolkit compliance.

Request a demo

NHS DSPT

NHS Data Security and Protection Toolkit

70%71 tasks
Not started (16)
In progress (5)
Completed (50)

We are trusted by

  • Kanjo
  • Rosenfield
  • VitVio
  • Megi Your Health Assistant
  • Tandem
  • Chequp
  • Rhades
  • Joy
  • ONION AI
  • Heim
  • Think Divergent
  • Theta
  • Healthnix
  • Kanjo
  • Rosenfield
  • VitVio
  • Megi Your Health Assistant
  • Tandem
  • Chequp
  • Rhades
  • Joy
  • ONION AI
  • Heim
  • Think Divergent
  • Theta
  • Healthnix
Product

How Assuric can help

We can assist you with all aspects of the NHS DSPT certification including:

Automated compliance tracking

Easily fill any gaps, automate tasks, track compliance, and receive proactive alerts - ensuring requirements are met in record time.

Automated compliance tracking

DSPT Policies

Create mandatory policies including automatic creation of Privacy Notices and Data Protection Impact Assessments.

DSPT Policies

Create a Record of Processing Activities and Information Asset Register

Understand where your data is held and log this in your Information Asset Register. Document your processing activities and record this in your Record of Processing Activities.

Create a Record of Processing Activities and Information Asset Register

Track your Suppliers and Subprocessors

Record all third party suppliers and sub-processors who process or store personal data on behalf of your organisation and ensure they are operationally compliant with this legislation.

Track your Suppliers and Subprocessors

Training and Staff Compliance

All the necessary staff training you’ll need (both basic and specialist), combined with automated tracking and reminders to ensure compliance.

Training and Staff Compliance

Implement Cyber Security Controls

Identify what security controls need to be implemented to meet requirements, and how to implement them. Clear guidance based on your organisation’s size and setup, including device management and end-point monitoring as required.

Implement Cyber Security Controls

Penetration Testing

Our expert partners identify vulnerabilities with CREST - accredited security assessments. Receive a report to build trust with users and actionable remediation advice to improve product security.

CREST Penetration Testing

External audits

Generate comprehensive risk reports for leadership teams and auditors, simplifying audit preparation and execution. We work with experts who can perform external audits as needed for large IT suppliers.

External audits

Map to other frameworks

Use intelligent automation and AI to avoid duplication of work, easily meeting NHS DSPT, NHS DTAC and ISO27001 requirements in tandem.

Map to other frameworks
FAQS

Frequently Asked Questions

Get in touch if we haven’t answered your question below, we are always happy to help!

What is the DSPT?

The NHS Data Security and Protection Toolkit is an online self-assessment related to organisations' data protection practices, covering areas such as information governance, NHS cyber security, and data-sharing protocols to ensure compliance with data protection standards in the healthcare sector. These questions aim to assess and improve the security of patient data within NHS organisations.

What are the NHS DSPT requirements?

The NHS Data Security and Protection Toolkit (DSPT) sets out requirements for healthcare organisations, overseen by NHS Digital, to ensure robust data protection practices, ensuring all standards met are aligned with the General Data Protection Regulation (GDPR). It encompasses measures related to information governance, cybersecurity, and data-sharing protocols to safeguard patient data.

What is a DPIA?

A Data Protection Impact Assessment (DPIA) is a systematic process mandated by the General Data Protection Regulation (GDPR) to evaluate and mitigate potential risks to individuals' privacy arising from specific data processing activities. It ensures that necessary safeguards are implemented to protect personal data and align with privacy regulations.

Do I need to complete DPIA?

Completing a DPIA is best practice if your technology collects or processes any personal data. According to GDPR, a DPIA is officially required “whenever processing is likely to result in a high risk to the rights and freedoms of individuals”, and is often required during procurement regardless.

How do I complete NHS DSPT login?

Your organisation must first register for an ODS code with NHS England, before registering for the DSPT online.

What are the DSP Toolkit questions?

There are 10 sections of the DSPT which include handling of personal data, staff training & responsibilities, incident response & business continuity planning and IT protection.

What is the IG Toolkit NHS?

IG Toolkit (Information Governance Toolkit) may be another name used to refer to the DSPT, as managed by NHS Digital.

testimonials

What Our Customers Say

Don’t just take our word for it - discover how we've helped real companies deploy real products into healthcare

Kelly Klifa
Heim

Kelly Klifa

CEO at Heim

Assuric has been transformative for Heim as we looked to achieve DCB0129 and DTAC compliance. The platform is easy to use, and the AI tools and automated reminders make previously dreaded compliance tasks a breeze. Paul and Matt supported us every step of the way.

Katie Baker
Tandem

Katie Baker

Director UK & Ireland at Tandem

Assuric has been fantastic in helping us quickly and safely navigate regulatory compliance in the UK. From completing Cybersecurity requirements to DSPT, DCB0129, and DTAC, the team was supportive, extremely knowledgeable, and the platform made everything quick and straightforward. A separate regulatory company we consulted at the beginning even remarked on how quickly we achieved compliance!

Maks Kozarzewski
VitVio

Maks Kozarzewski

COO at VitVio

We couldn't speak highly enough of both the Assuric team and the platform itself, which is incredibly easy to use, and with the skill and hardworking nature of the Assuric team. They've been a key component in accelerating our progress and deployments!

Maja Mazur
Healthnix

Maja Mazur

CEO at Healthnix

Assuric has been such a blessing in getting our DTAC and GDPR compliance done - completing all the documentation and deciding what needs to be done whilst running the business is very hard, but the team really helped us through that. The platform is easy to use, helps keep track of things and it even allows us to coordinate all the team training easily. Highly recommend them!

Dean Mawson
DPM

Dean Mawson

Clinical Director at DPM

Assuric streamlines the process of achieving and maintaining compliance with DCB0129 standards for digital health technologies. The user-friendly interface simplifies collaboration across multidisciplinary teams, while the built-in templates and workflows save significant time and effort during compliance projects. Assuric’s ability to centralise documentation and provide real-time visibility into project progress is particularly beneficial for Clinical Safety Officers and digital project teams, enhancing both efficiency and assurance.

Blog

Latest articles from the team

View all

Make your life easier
and talk to us to simplify compliance

Goodbye manual processes, hello automation. Let Assuric manage compliance and security, so you can focus on growth.

Talk to us
CTA Image