Contact Us Contact Us Contact Us
Contact Us Contact Us Contact Us

Data Security Protection Toolkit (DSPT)

Pass DSPT with Confidence. Not Guesswork.

Complete 2025/26 DSPT without audit stress. Evidence based results, not checklist.

Any organisation handling NHS patient data must complete the DSPT annually and demonstrate real cyber resilience, not just tick-box compliance. Dionach helps healthcare and digital health providers meet these requirements with clarity and confidence.

Book a Discovery Call

What is the DSPT and Why It Matters

The Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. DSPT compliance is essential for healthcare and care organisations to meet NHS data security standards, maintain contract eligibility, and protect sensitive patient information. The DSPT framework, aligned with the Cyber Assessment Framework (CAF), requires annual assessments and in many cases, independent validation.

The Data Security Assessment that Dionach delivers on behalf of NHS Digital provides external assurance for up to 15 requirements of the DSPT.

The Cyber Risk Framework Workshop that Dionach delivers on behalf of NHS Digital provides external assurance for up to 6 requirements of the DSPT.

Why DSPT Fails (and How to Avoid It)

Most DSPT submissions don’t fail because organisations ignore security. They fail because:

  • Evidence doesn’t meet reviewer expectations

  • Internal security gaps are discovered too late

  • CAF-aligned controls are assumed, not validated

DSPT is no longer a tick‑box exercise. It requires demonstrable cyber resilience.

We help healthcare organisations identify and fix issues before submission not after rejection.

Checking the tick boxes
Book a Discovery Call

How Dionach Can Help

Dionach provides comprehensive services, including testing, consultancy, auditing, and guidance, to ensure compliance with DSPT requirements and enhance data security.

Test

Testing web applications to provide external evidence that all web applications are protected and not susceptible to common security vulnerabilities, such as described in the top ten Open Web Application Security Project (OWASP) vulnerabilities.

Consult

Consultancy with a member of our assurance team to collate evidence for the DSPT requirements.

Audit

Auditing of the DSPT to ensure that all requirements have been met.

Guide

Guidance on NHS Digital funded services that can assist NHS Organisations in meeting the requirements of the DSPT.

Need Help Navigating DSPT Requirements? Our team provides practical, clear guidance to help you meet NHS expectations with confidence.

Book a Discovery Call

CAF-Aligned DSPT 2025/26 Independent Assessments

Want a deeper look at the new DSPT 2025/26 requirements? Read our full blog post below.

Data Security and Protection Toolkit (DSPT) 2025/2026 CAF
1st December 2025 researchblog

Data Security and Protection Toolkit (DSPT) 2025/2026 CAF

The new DSPT for 2025/2026 is now more closely aligned to the NCSC Cyber Assessment Framework (CAF). This means more outcome-based auditing, focused on how well organisations achieve the intended security and governance goals. Organisations are required to have an independent audit assessment to the agreed CAF-aligned DSPT audit framework.…

“Dionach helped us approach DSPT with confidence rather than uncertainty. Their team clearly explained where we stood, identified genuine gaps, and provided practical guidance aligned with NHS expectations. The process was straightforward, evidence-led, and removed a lot of the stress around submission.”

IT & Operations Manager

UK Healthcare Organisation
Book a Discovery Call

Why Choose Us for Your DSPT?

NHS-Aligned

We deliver DSPT support aligned to NHS expectations, helping you submit clear, defensible evidence with confidence.

Security-Led, Not Tick-Box

Our DSPT approach is driven by real security assurance, not generic compliance checklists.

Minimal Disruption to Patient Services

We work alongside your teams with no impact on live systems or care delivery.

Evidence You Can Stand Behind

We help you produce practical, review ready evidence that stands up to NHS scrutiny.

team work
A man typing on a keyboard while engaging in a discussion with others, indicating collaboration or teamwork

Follow us

Facebook-f X-twitter Instagram Linkedin-in

Ready to Understand Where You Stand on DSPT?

Share a few details and our healthcare security specialists will contact you to discuss your DSPT position and next steps, with no obligation.

Ready to Understand Where You Stand on DSPT?

Discover Our Latest Research

AdobeStock_1697727222

Data Security and Protection Toolkit (DSPT) 2025/2026 CAF

The new DSPT for 2025/2026 is now more closely aligned to the NCSC Cyber Assessment Framework (CAF). This means more outcome-based auditing, focused on how well organisations achieve the intended security and governance goals. Organisations are required to have an independent audit assessment to the agreed CAF-aligned DSPT audit framework. Dionach can provide these independent […]
Read More
ISO 27001

From Policy to Practice: Penetration Testing for ISO 27001

ISO 27001:2022 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). While the standard does not explicitly mandate penetration testing, it remains a critical supporting activity for demonstrating technical assurance and verifying the effectiveness of security controls. By incorporating regular, scoped, and risk-aligned penetration testing into their […]
Read More
AdobeStock_1770408071

ISO 27001 & AI: Don’t Rebuild. Extend.

As organisations race to integrate AI for competitive advantage, we rarely see a lack of activity. Instead, we see a variation in strategy, often resulting in missed opportunities for efficiency.  We tend to see businesses fall into one of three categories.  First, there are those pushing for speed; deploying AI rapidly to gain an edge while viewing […]
Read More
Contact Us

Contact Us Reach out to one of our cyber experts and we will arrange a call