Managed Support

DSP Toolkit Guidance / Assurance

Supporting our clients through the DSP process

BLS DSPT Independent Audit & Compliance Services

BLS provide independent DSPT audits and hands-on compliance support to ensure your organisation meets all NHS Data Security and Protection Toolkit (DSPT) requirements.

Navigating DSPT assertions and evidence can be complex and time-consuming.

Assessing your current position early helps you understand what support you need and choose the right expertise to stay compliant.

What is the DSPT?

The DSPT is an online self-assessment tool used to measure how well organisations meet the National Data Guardian’s 10 Data Security Standards and depending on your organisation’s category, the National Cyber Security Centre’s Cyber Assessment Framework (CAF).

Any organisation that accesses NHS patient data or systems must complete the DSPT annually and maintain compliance throughout the year.

How can BLS support your DSPT compliance?

We offer end-to-end support for your DSPT submission, from general advice and assistance in completion, walking you through each assertion (and the evidence required) through to gap analysis and independent audit services.

Our service is unique to each client; whether you require a full review of your data protection practices or targeted support for specific DSPT requirements.

Our DSPT services help you to:

  • Identify gaps in your current data security and protection measures
  • Receive practical advice and guidance on how to meet DSPT obligations
  • Access the documentation needed to evidence compliance
  • Obtain an independent audit aligned with the NHS England framework
  • Recommendations report on suggestions, with a red amber green approach (RAG)
  • Ongoing support/mentoring for future submissions

Latest DSPT Updates for 2025–2026 Submissions:

https://www.dsptoolkit.nhs.uk/News/162

NHS England has recently introduced updates to the DSPT assessment process.

The Cyber Assessment Framework (CAF) now applies to:

Category 1 NHS organisations

Category 2 Operators of Essential Services (OES) Independent Providers

Genomics organisations nominated by the Department of Health and Social Care

The non-CAF DSPT continues to apply to:

Category 2 Key IT Suppliers

Category 3 organisations

Category 4 organisations

An independent audit remains mandatory for all Category 1 and Category 2 organisations.

Category 1 Organisations:

  • NHS Trusts
  • CSU 
  • Arm’s Length Bodies
  • Integrated Care Boards (ICB) 
  • Genomics

Category 2 Organisations:

  • IT Suppliers

Category 3 Organisations:

  • Dentists
  • Local Authorities
  • OES Independent Providers
  • Opticians
  • Pharmacies
  • Other (including charities and NHS Business Partners)
  • Social care services
  • Universities (including researcher / department / secondary use)

Category 4 Organisations

  • General Practices (GP) 

For more information on categories visit the DSPT website here:

https://www.dsptoolkit.nhs.uk/Help/Org-Types

Contact Us
All News

Services at BLS Stay Compliant

Audits

GDPR Audit

GDPR Audit

DSP Toolkit Audit & Support

DSP Toolkit Audit & Support

Physical Security Review

Physical Security Review

Data Protection Impact Assessment

Data Protection Impact Assessment
Policy Creation & Review

Policy Creation & Review

Policy Creation & Review

DPIA Assessment & Support

DPIA Assessment & Support
Managed Support

Freedom of Information Requests (FOI)

Freedom of Information Requests (FOI)

Incident & Breach Management

Incident & Breach Management

Subject Access Requests / Redaction

Subject Access Requests / Redaction

DSP Toolkit Guidance / Assurance

DSP Toolkit Guidance / Assurance

Managed Data Protection Service (DPO)

Managed Data Protection Service (DPO)

Information Sharing

Information Sharing
Bespoke Training
Our In House bespoke training is designed around your needs
Online Courses
Find out when our next online courses are and book here
Contact Us
If you have any questions about our services