Talk to us!
Book a complimentary call to get an expert opinion on where you are on your compliance journey.
Published:
October 15, 2024
-
4 minutes
read
All About DSPT
Set yourself up for compliance success.
Demystifying DSPT
The NHS Data Security and Protection Toolkit (DSPT) is one of the core tenets of DTAC and is therefore mandatory for those looking to sell to the NHS. It’s through conformance with DSPT that you can demonstrate robust security and data protection practices whilst creating a strong foundation for continual improvement in these areas. In a nutshell, being compliant with DSPT sets you up for compliance success in the short, medium and long-term. Not just because there is overlap with global standards such as ISO 27001, but because compliance here will help you avoid the awfully common (and innovation-stunting!) compliance debt.
Foundations of DSPT
Because DSPT is designed to make you compliant with multiple data security requirements, it goes hand in hand with Cyber Essentials (Acorn Compliance Cyber Essentials Guide). By completing DSPT, you will have covered some aspects of Cyber Essentials, e.g. DSPT requires you to have data handling and device protection policies in place which can be called on for your Cyber Essentials evidence.
Completing DSPT will also mean you’re aligned to the 2018 General Data Protection Regulation. DSPT is a contractual requirement for all social/healthcare providers, i.e. anyone who handles NHS patient data, and third party vendors who provide other items to the NHS such as SaaS solutions or physical products used in NHS sites.
For innovators, DSPT can also help engender patient trust in your app and organisation reputation as it demonstrates a commitment to data security to both stakeholders and patients. It contains specific sections on how to mitigate harm to patients if there is a data breach. Through conformance with the DSPT, organisations learn how to reduce the amount of sensitive data being held and to create an emergency plan for how to respond to a theoretical data breach so that the impact of any such incident can be minimised.
Maintaining DSPT Compliance
DSPT must be reviewed each and every year, and the standard itself has been known to go through multiple iterations each year. Through continuous evaluation against the DSPT, you will ensure your data protection and security practices are relevant when considering the current level of threat from things like ransomware, phishing and other kinds of cyber attacks.
Falling to review DSPT yearly after you’ve won NHS contracts likely means you’ll be in breach of your contract with the NHS as you will no longer be DTAC compliant. This can put your contracts, income, and strategy in danger. Therefore, it should be a top priority to continuously monitor your security posture and conformance with the latest DSPT question sets.
Get help with DSPT
A DIY approach to DSPT can be time consuming as there are over 70 questions to answer (not all mandatory) to prove your security posture.
Our advice for innovators is to focus your efforts on conformance with the mandatory questions first. Being able to answer the mandatory questions affirmatively will prove you have a robust base and practices for protecting the data you’re processing.
Breaking down DSPT into bite sized pieces can make it far less daunting. Now, the DTAC Squirrel™ AI can accelerate your path to compliance by streamlining the process into smaller, more manageable tasks and will assist you in maintaining DSPT and DTAC compliance as your organisation and product evolve!
If you’d like to know more about how the DTAC Squirrel™ can help, watch a demo here or book a discovery call. And some even better news! If you’re a non-funded innovator with up to 3 staff and are pre-revenue, you can benefit from our affordable monthly Squirrel™ Starter Plan.