DATA SECURITY & PROTECTION TOOLKIT
Data Security & Protection Toolkit (DSPT) Support and Audit Services
For organisations working in the health and care sector, the NHS Data Security and Protection Toolkit (DSPT) is a mandatory annual assessment. Your DSPT submission demonstrates how well you meet national data security, cyber security and information governance standards, but completing it accurately and on time can be challenging.
At Iniver, we provide expert DSPT support, consultancy and independent DSPT audit services to help health and care organisations complete their submission with confidence. With over a decade of experience supporting DSPT and IG Toolkit returns, including supporting clients through NHS England audit requirements, we help organisations of all sizes meet their obligations efficiently and correctly.
Whether this is your first DSPT submission, you are looking for full DSPT support, or you require a formal independent DSPT assessment, we offer flexible, tailored packages that match your assurance needs.
Why the DSPT Matters
The DSPT assigns every organisation to a specific category, each with its own evidence obligations and audit requirements. Being correctly classified and submitting accurate evidence is essential. Incorrect categorisation or missing evidence can lead to unnecessary work, delays, or compliance issues.
For organisations in categories requiring an independent DSPT audit, Iniver delivers this through our Validate and Assure package, ensuring your submission meets every required standard.
Whatever level of support you need, we begin with an initial conversation to understand your organisation, your DSPT history, and the level of assistance required. From there, we guide you through each step of your DSPT journey.
Our DSPT Support Packages
We offer clear, structured services designed to meet different levels of DSPT readiness, from quick reviews to full DSPT consultancy and formal audits.
Service | Double-check | First Time or Full Support | Validate and Assure |
|---|---|---|---|
Support with DSPT Registration where needed | |||
Initial Gap Analysis | |||
DSPT portal management by Iniver | |||
Support completing assertions where areas are missing | |||
Pre-submission Gap Analysis | |||
Final review by Iniver before submission | |||
Formal DSPT Independent Assurance and Audit |
What is the NHS Data Security and Protection Toolkit (DSPT)?
+
The DSPT is an online self-assessment tool used by organisations that process NHS patient data. It helps demonstrate compliance the National Data Guardian’s 10 data security standards. Completion is mandatory for NHS suppliers and care providers.
Who is this service designed for?
+
- NHS organisations;
- NHS contractors and suppliers;
- GP practices, dental clinics, and pharmacies;
- Care homes and domiciliary care providers;
- Charities and third-sector organisations handling NHS data; and
- Any organisation required to complete the DSPT annually
How long does it take to complete the DSPT?
+
Completion times vary on a number of factors, including the type of organisation, their starting point and internal capacity. Iniver would recommend a minimum of four weeks, with most non-NHS organisations taking 4-12 weeks to complete.
Will this help us meet the National Data Guardian’s standards?
+
Absolutely. The toolkit is built around the 10 data security standards, helping you demonstrate:
- Leadership commitment
- Staff training and awareness
- Secure systems and processes
- Effective breach response and reporting
How long does a formal Independent DSPT Assessment take?
+
Where required to undertake an Independent DSPT Assessment, Iniver would recommend engaging three months beforehand to ensure this detailed review can be completed before the submission deadline.
What happens after we complete the DSPT?
+
You will receive a confirmation of submission and can share your compliance status with NHS partners.
Iniver also offer:
- Post-submission reviews
- Support for future audits or re-submissions