standards

DSPT Compliance – Data Security and Protection Toolkit Consultancy

Strengthen patient data security, demonstrate NHS compliance, and simplify annual submissions with DSPT

The Data Security and Protection Toolkit (DSPT) is the NHS’s online self-assessment for organisations that access or process NHS patient data. It ensures you meet the National Data Guardian’s 10 Data Security Standards, showing the NHS, regulators, and patients that you handle sensitive health data safely.

Whether you’re a GP practice, care provider, or supplier working with NHS data, DSPT compliance demonstrates your commitment to protecting personal health information and meeting data protection legislation.

AvISO helps you navigate, evidence, and submit DSPT with confidence — while embedding practical data security and governance processes into your operations.

DSPT Compliance

How AvISO supports DSPT implementation

We guide you through the process of preparing, evidencing, and submitting your DSPT self-assessment — with practical templates, expert consultancy, and fixed-cost support.

  • DSPT scoping and readiness review
  • Gap analysis against NHS 10 Data Security Standards
  • Policy, procedure, and record development
  • Evidence gathering and document preparation
  • Staff training and awareness sessions
  • Support for annual DSPT submissions and updates

Whether you’re working towards your first DSPT, renewing your submission, or aiming for higher compliance levels, our support is tailored to your operations.

Common DSPT challenges — and how we solve them

  • Confusing NHS requirements → We translate DSPT standards into clear, actionable steps.
  • Evidence gaps → We provide templates and map requirements to existing documents.
  • Low staff awareness → We deliver practical data security and GDPR training sessions.
  • Annual submission pressure → Our structured approach ensures you stay prepared year-round.

We help you build a system that not only meets DSPT but also strengthens your overall data protection practices.

Start your DSPT journey with AvISO

Whether you’re preparing your first submission or strengthening your evidence for higher levels of compliance, we’ll help you protect patient data, reduce risk, and meet NHS requirements with confidence.

get in touch

DSPT services from AvISO

Expert consultancy and project delivery

  • Dedicated consultant managing your DSPT project
  • Clear project plan with milestones and submission timelines
  • Remote or in-person delivery aligned with your team’s needs

System development and documentation

  • Development or refresh of policies and procedures (data security, access control, incident management, etc.)
  • Evidence packs aligned with NHS DSPT requirements
  • Support in mapping DSPT to GDPR, Cyber Essentials or ISO standards

Internal training and team engagement

  • Staff awareness workshops on patient data handling
  • Leadership sessions to embed accountability and governance
  • Training on incident reporting, breach response, and data sharing protocols

Annual submission and ongoing support

  • Full review of DSPT submission before final sign-off
  • Support in uploading evidence to the NHS online portal
  • Annual updates to maintain compliance and readiness

Integrated DSPT compliance for long-term value

DSPT aligns closely with other standards and certifications. We help integrate them to reduce duplication, strengthen assurance, and add business value.

  • GDPR compliance – DSPT maps directly to UK GDPR and Data Protection Act 2018 obligations.
  • Cyber Essentials – strengthens DSPT’s technical security controls.
  • ISO 27001 – provides a formal ISMS framework and helps exceed DSPT requirements.
  • ISO 9001 / ISO 22301 – useful for organisations balancing quality, security, and continuity in NHS supply chains.

We design integrated systems where documents, evidence, and audits serve multiple standards — all supported through ISOvA.


ISOvA for digital DSPT management

ISOvA is our Microsoft 365-based platform that keeps DSPT evidence, risks, and actions in one place.

With ISOvA, you can:

  • Track DSPT evidence requirements and assign owners
  • Manage risks, incidents, and access records
  • Store and version key policies and procedures
  • Run reviews and updates ready for each annual submission

Clients and auditors consistently tell us ISOvA reduces stress and keeps DSPT compliance clear and manageable.


Why choose AvISO for DSPT?

  • Approved by and experienced with NHS and social care DSPT requirements
  • Extensive experience across healthcare, care providers, and NHS suppliers
  • 1,000+ audits and compliance projects supported annually
  • Consultants who balance data security, regulatory, and operational needs
  • Digital-first consultancy model using ISOvA
Talk to us about DSPT compliance

Book a call to discuss your scope, timelines, and how ISOvA can simplify your DSPT journey.
Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk

By filling out this form, you agree to the terms laid out in our privacy policy
Thank you!
Your submission has been received, one of our team members will be in touch soon.
Oops! Something went wrong while submitting the form.
ISO consultants kent

DSPT FAQs

Most frequently asked questions

What is DSPT?

The NHS’s Data Security and Protection Toolkit — an annual self-assessment to show you meet national data security standards.

Who needs DSPT?

Any organisation accessing or processing NHS patient data, including GPs, care providers, and suppliers.

What are the 10 Data Security Standards?

Guidelines set by the National Data Guardian covering leadership, staff training, incident reporting, secure data handling, and technical controls.

Do we need ISO 27001 to complete DSPT?

No — but ISO 27001 strengthens your evidence base and demonstrates a higher level of information security maturity.

How often do we submit DSPT?

Annually — with updates and evidence refresh required each year.

How long does it take?

Most organisations complete DSPT in 1–3 months depending on size, readiness, and evidence gaps.

Can DSPT help with NHS contracts?

Yes — it’s often a prerequisite for working with NHS organisations or handling NHS data.

choose a standard

What Standard are you looking to obtain:

ISO 9001 – Quality Management System Standard
ISO 14001 – Environmental Management System Standard
ISO 27001 – Information Security Management System Standard
ISO 20001 - Information Technology Service Management Part 1
ISO27701:2019 – Privacy Management System Standard
ISO 30071-1 - Digital Accessibility Standard
ISO 37001 – Anti-Bribery Management System Standard
ISO 45001 – Health and Safety Management Standard
ISO 50001 – Energy Management System Standard
ISO 14064:1 - Quantification And Reporting Of Greenhouse Gas Emissions And Removals
ISO 14067 - Carbon Calculator
PAS 2060 - Carbon Neutrality
ISO 17024 - Conformity Assessment of the Certification of Persons
ISO 17025 – The competence of testing and calibration laboratories
ISO 20121 – Event Sustainability Management System Standard
ISO 37301:2021 – Legal Compliance Management System 
ISO 31000 - Risk Management
ISO 37002 - Whistleblowing
The Digital Operational Resilience Act (DORA)
ISO 13485 Certification – Medical Device Quality Management Consultancy (QMS)
ISO 22000 – Food Safety Management System Standard
BES 6001 - Responsible Sourcing of Construction Products
ISO 22301 – Business Continuity Management System Standard
IATF 16949 – Automotive Quality Management System Standard
ISO 44001- Collaborative business relationships
BS 8900 - Guidance for managing sustainable development
CYBER ESSENTIALS – Cyber Security
SOC2 Compliance
ESOS – Energy Savings Opportunity Scheme
FIAS – Fertiliser, Security & Traceability
Lexcel – Legal Management System
MOD Standards
SECR - Streamlined Energy and Carbon Reporting
TISAX® – Information Security for the Automotive Industry
AS 9100 - Aerospace Quality Management System | Aqms
esos Energy Audits
B CORP CERTIFICATION
ISO 45003 - Occupational Health and Safety Management
ISO 42001:2023 - Artificial Intelligence 
FIA Environmental Accreditation
DSPT Compliance
Need more info? Let us know how we can help
get in touch
ISO 9001 Quality Management System Kent and London
Ask a Question
By clicking “Continue To Site”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Continue To Site