The CAF DSPT refers to the Data Security and Protection Toolkit’s alignment with the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF). This integration enhances the assessment’s focus on cyber resilience and data security controls.
For the current DSPT submission year, the CAF-aligned DSPT applies to the following organisations:
- Category 1: NHS Organisations
- Category 2: Operators of Essential Services (OES) and Independent Providers
- Genomics Organisations designated by the Department of Health and Social Care
The non-CAF DSPT remains applicable to:
- Category 2: Key IT Suppliers
- Category 3: Organisations such as social care services and local authorities
- Category 4: General Practices
This phased alignment ensures the DSPT continues to evolve in line with national cyber security standards, promoting consistency across NHS-connected organisations.
