The Energy Act: Future regulation of energy smart appliances

View All

Case Studies

Powering Alt HAN Co.'s Smart Meter Rollout

View All

Upcoming Events

LEMA Summit 2024

View All


Digital Operation Resilience Act (DORA) - Is your organisation on track?

View All

The NHS Data Security and Protection Toolkit

If your organisation accesses or processes NHS patient information, you must provide assurances to the NHS that you are practicing good information governance.

This assurance is undertaken by submitting an annual Data Security and Protection Toolkit (DSPT).

What is DSPT?

The DSPT is an online tool that enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care (DHSC), notably the 10 data security standards set out by the National Data Guardian in the 2016 Review of data security, consent and opt-outs.

Metaverse digital cyber world technology concept businessman success working with his team as concept with virtual digital dashboard interface with The real world with the virtual world overlapped

Who needs to complete a DSPT?

All organisations that have access to NHS patient data and systems must use this Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. Such organisations are required to carry out self-assessments of their compliance against the assertions and evidence contained within the DSP Toolkit.

How can Gemserv help you?

We are experts in completing DSPTs and have built a reputation for helping organisations meet these standards due to our experience of working with hospitals and the supply chain due to our knowledge and experience of cyber security and data protection.

Our holistic approach to the DSPT means that you will receive a critical insight into how your policies, procedures and processes operate in practice. In particular, as the DSPT will be changing to demonstrate compliance with the Cyber Assurance Framework (CAF) by 2024/25 our experience and skills will prepare your organisation for what needs to be achieved to demonstrate compliance to meet your regulatory requirements.

We offer a number of services

    DSPT compliance support service

    Bespoke consultancy service that delivers a detailed review of your organisation’s data protection and cyber security posture, including recommended corrective actions for achieving full compliance with the DSPT standards.

    DSPT compliance support service

    We will assist you in checking the requirements and reviewing the documentation and evidence you present. We will advise you of any recommendations and changes to be made for the submission.

    Independent Assurance and Audit Service

    We follow the DSPT independent assessment/guidance mandated framework that includes a risk rating against each of the 10 data security standards, an overall risk rating and an overall confidence rating.

    Remediation Services

    Include implementation and remediation support to comply with relevant requirements.

Get in touch

If you would like to know more about our work, or would like to speak with one of our experts, please complete our contact us form.