NHS DSP Toolkit Audit Consultancy
Strengthening assurance reporting requirements
Organisations subject to make a DSP Toolkit return are required to meet all the mandatory requirements for their organisation’s category.
It’s important to check that the assertions made in your DSPT submission are genuine and there is supporting evidence.
The DSPT audit service checks your submission and helps ensure you are on track
Gaining DSP Toolkit
insight - the real value of an independent audit
It’s often useful to get a second opinion especially when it concerns cyber security and privacy control.
Operational security and privacy risks are constantly changing, so it’s important to keep ahead of emerging threats.
Our DSP toolkit audit consultants will use their extensive experience and professional judgement to advise on the controls in operation, the risks identified and suggest practical improvements to reduce the potential of detrimental incidents.
See DSPT independent audit service
G Cloud 13 Approved NHS DSP Toolkit Audit Service
Our audit provides an independent assessment of an organisation’s NHS Data Security and Protection Toolkit (DSPT) submission to NHS Digital, as part of the Strengthening Assurance Framework. The audit is suitable for Trusts (Acute, Foundation, Ambulance and Mental Health), CCGs, ICSs, CSUs, Local Authorities and others seeking an independent assessment.
- Audits are undertaken by experienced Infosec and Privacy practitioners
- Auditor’s professional judgement will guide how the standards are met
- Scope is based upon the NHS Digital audit specification
- DSPT controls found will be reviewed and assessed
- Inconsistencies identified during the audit will be highlighted
- Audit assignment will include a written Audit report and debrief
- Audits undertaken by 2-person team
- Potential cyber security and privacy improvements will be suggested
- Practitioner team has certifications including CISSP, CISM, ISO27001, CIPP/E
- Provides independent assurance on the quality of your DSPT assertions
- Audit is undertaken by experienced information security and privacy experts
- Audit will validate if assertions made meet the DSPT requirements
- Helps highlight, understand and address data security and privacy risks
- Get up-to-date, objective guidance on how to improve controls
- Audit will consider the maturity of the controls found
- Helps identify improvements to controls, not just assess DSPT compliance
NHS DSP Audit FAQ
Organisations (such as NHS Trusts, CCG's, CSUs and DHSC Arms Length Bodies) that require an audit of their Data and Security Protection Toolkit assessment are now required to utilise an independent assessor who must follow the Independent Assessment Framework audit methodology.
When performing the audit, assessors are expected to use their professional judgement and expertise when investigating and analysing the controls deployed, and the associated risks identified.
The framework methodology intentionally goes beyond the DSP Toolkit requirements so that the organisation can get a broader and more objective review of its data security and protection controls in operation. The intention is to inform and drive measurable improvement of data security across the NHS and not just simply assess compliance with the DSP Toolkit.
When selecting a suitable Independent Assessor it's important to use an organisation with significant information security and privacy expertise obtained in the healthcare environment.
A dspt assessor is an organisation that performs independent audits based upon the NHS Digital Data Security and Protection Toolkit (DSP Toolkit) Independent Assessment Framework. The framework describes a methodology on how to review an organisation’s alignment with the 10 Data Security and Protection Standards. Also see: What is an NHS DSPT Audit? in this FAQ
+44 (0)203 397 0142
DLP Assured Services Limited
152 - 160 City Road