Gap analysis
Review your current toolkit position, identify missing evidence and prioritise the work that matters most.
Independent DSP Toolkit help for health and care organisations
Practical support for your DSPT submission.
We help suppliers, care providers, clinics and healthcare teams understand what is required, gather the right evidence, close gaps and prepare for submission or audit.
Who this is for
Organisations that access NHS patient data or systems use the Data Security and Protection Toolkit to provide assurance on data security and information handling. This site offers independent support, not an official NHS service.
Core services
Support that helps you move from unsure to submission-ready.
Evidence mapping
Turn policies, registers, technical controls, training records and procedures into usable DSPT evidence.
Submission support
Work through responses, wording, blockers and final checks before the annual toolkit submission.
Audit readiness
Prepare for independent assessment with an evidence pack, mock walkthrough and clear remediation plan.
What we cover
The practical areas behind a stronger DSPT submission.
DSPT is not just a form. The evidence needs to reflect how your organisation handles people, data, systems, suppliers and incidents.
Governance
Senior ownership, accountability, risk registers and evidence of oversight.
Policies
Information security, access control, retention, acceptable use and supplier management.
Data protection
DPIAs, ROPA, privacy notices, lawful basis and data sharing arrangements.
Security controls
MFA, patching, backups, device security, logging and vulnerability management.
Incidents
Breach triage, escalation routes, reporting and lessons learned.
Suppliers
Assurance for outsourced services, processors and hosted systems.
Training and awareness
Make DSPT understandable for the people doing the work.
Training can be tailored for directors, managers, care teams, admin staff, clinicians, IT teams and suppliers. The focus is practical behaviour, clear reporting routes and evidence you can actually use.
Common sessions
- DSPT overview for leadership teams
- Information governance and UK GDPR awareness
- Cyber security basics for health and care staff
- Incident and breach reporting workshops
- Evidence records for annual submission
How it works
A simple route to clearer evidence and better decisions.
Understand
Confirm your organisation type, deadline, current DSPT status and risk areas.
Review
Check documents, technical controls, training records and evidence quality.
Improve
Prioritise fixes, close obvious gaps and prepare evidence for scrutiny.
Submit
Support the final responses and create a plan for the next submission cycle.
brb
Partnered with an East Midlands based independent cyber security consultancy, bringing practical security, governance and assurance experience into DSPT support.
Common questions
Questions people ask before getting help.
Who needs to complete a DSP Toolkit assessment?
It commonly applies to NHS organisations, primary care, adult social care providers, suppliers and organisations that handle NHS patient data or need assurance for NHS work.
Can you complete the DSPT for us?
We can guide, review, map evidence and support responses, but the submission should still reflect how your organisation actually works.
Do DSPT submissions need an independent audit?
Some organisation categories have independent assessment expectations. We can help you understand whether that applies and prepare your evidence.
Are you the official DSP Toolkit?
No. This is independent support. The official toolkit remains the NHS England service.
Enquiry form
Need help with a DSPT submission or question?
Send the basics and we will come back to you. If a call is useful, include your number and preferred time.