If your organisation accesses or processes NHS patient information, you must provide assurances to the NHS that you are practicing good information governance.
This assurance is undertaken by submitting an annual Data Security and Protection Toolkit (DSPT).
What is DSPT?
The DSPT is an online tool that enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care (DHSC), notably the 10 data security standards set out by the National Data Guardian in the 2016 Review of data security, consent and opt-outs.
Who needs to complete a DSPT?
All organisations that have access to NHS patient data and systems must use this Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Such organisations are required to carry out self-assessments of their compliance against the assertions and evidence contained within the DSP Toolkit.
How can Gemserv help you?
We are experts in completing DSPTs and have built a reputation for helping organisations meet these standards due to our experience of working with hospitals and the supply chain due to our knowledge and experience of cyber security and data protection.
Our holistic approach to the DSPT means that you will receive a critical insight into how your policies, procedures and processes operate in practice. In particular, as the DSPT will be changing to demonstrate compliance with the Cyber Assurance Framework (CAF) by 2024/25 our experience and skills will prepare your organisation for what needs to be achieved to demonstrate compliance to meet your regulatory requirements.
We offer a number of services
- DSPT compliance support service
Bespoke consultancy service that delivers a detailed review of your organisation’s data protection and cyber security posture, including recommended corrective actions for achieving full compliance with the DSPT standards.
- DSPT compliance support service
We will assist you in checking the requirements and reviewing the documentation and evidence you present. We will advise you of any recommendations and changes to be made for the submission.
- Independent Assurance and Audit Service
We follow the DSPT independent assessment/guidance mandated framework that includes a risk rating against each of the 10 data security standards, an overall risk rating and an overall confidence rating.
- Remediation Services
Include implementation and remediation support to comply with relevant requirements.
Get in touch
If you would like to know more about our work, or would like to speak with one of our experts, please complete our contact us form.