If your company handles NHS patient data or provides services to NHS organisations, you're likely familiar with the Data Security and Protection Toolkit (DSPT). The DSPT is an online self-assessment tool that allows organisations to demonstrate they are practising good data security and protection. Each year, organisations must complete and publish their DSPT assessment. For the 2024/25 cycle, the deadline is 30th June 2025.
For those who must comply, the DSPT is not optional; it’s an annual requirement.
However, meeting the DSPT standards isn’t just about ticking boxes. One particular requirement—Evidence Item 9.4.5—is gaining attention because it goes beyond self-assessment and introduces a mandatory independent audit.
Check out our Blog: NHS DSPT Requirement 9.4.5: Independent Data Protection Audit Explained, for a detailed
