21.6 The Provider must ensure that its NHS Data Security and Protection Toolkit (DSPT) submission is audited in accordance with Information Governance Audit Guidance where applicable.  The Provider must inform the Co-ordinating Commissioner of the results of each audit and publish the audit report both within the NHS Data Security and Protection Toolkit and on its website.

Such audits provide a range of positive outcomes for an organisation, most notably of which are:  

1.  Providing an objective and truly independent insight. 
2. Improving the efficiency of operations.
3. Evaluating risks and protecting assets.
4. Assessing and reviewing organisational controls.
5. Ensuring legal compliance.  

Ideally, such a post submission audit should be carried out by an external body as this ensures a completely independent and objective view of the organisation’s current strengths and development needs. 

The main purpose of undertaking an audit is to ensure that your organisation is compliant with current DSPT assertions and provide recommendations to support improvements in systems, as well as identifying any development needs in key areas. 

In September of this year Version 6 of the DSPT was launched and this included a number of key changes and updates. In light of this, conducting an audit now will allow organisations to proactively address any areas of practice that may need to be strengthened in good time before the 2024 submission is due and ensuring peace of mind.  

To support your compliance BLS Stay Compliant can carry out both pre and post submission audits.  

This would be carried out over several days and comprise of: 

• A remote review of key documentation, policies, procedures, and evidence in relation to the DSPT requirements
• Where appropriate, our team highlight where any policies need to be updated;
  for example, due to legal changes, recent court or regulatory decisions or changes in regulatory guidance
• Our team, led by our DSPT expert (who was instrumental in its development) will review your submission, documentation and evidence

After the above reviews have been completed, pre-arranged MS Teams calls with key personnel will take place. Following this we will present our findings through verbal feedback and a preliminary report with ratings and recommendations. 

A final report will be provided when evidence of action on the most urgent recommendations has been provided so that the audit report can be used as evidence for your DSPT. 

If we can support you, please see our audit services here, or contact us and one of the team will be happy to discuss the support we can provide with your DSPT submission.