Let AbedGraham guide you.
Background
A core part of the Digital Technology Assessment Criteria (DTAC) officially launched in 2021 that guides health IT procurement for NHS organisations across England is cybersecurity. This is seen across both the 'Data Protection' and 'Technical Security' sections. The most labour intensive part of this is for technology suppliers to demonstrate they meet or exceed the exhaustive annual requirements of the Data Security and Protection (DSP) Toolkit.
Meeting and, ideally exceeding, the DSP Toolkit's requirements involves:
-
25 Assertions – There are approximately 25 'assertions' that vendors must fulfil through a range of evidence based requirements
-
40 Requirements – Each assertion can have one or multiple requirements associated with it against which evidence must be provided
-
>20 Evidence Items – There are over 20 different types of evidence that need to be developed, structured and updated as submittable documents corresponding to each DSP Toolkit Requirement.
-
Regular Audits – Many of the evidence items require associated annual process audits and version updates in order to be submittable each year
-
Training – Cybersecurity awareness and compliance training for all staff from the most junior to the boardroom is an essential part of fulfilling the requirements of the DSP Toolkit
-
Accountability – There must be clear evidence of board level engagement and accountable stakeholders responsible for cybersecurity


Challenge
DSP Toolkit requirements are increasingly either being audited or being reviewed as a core part of NHS procurements as seen with DTAC. The issue is that the DSP Toolkit is one of the most document and process intensive requirements that technology suppliers to the NHS face.
Successfully fulfilling the DSP Toolkit's requirements necessitates effective project management to gather evidence, complete annual audits and communicate effectively across departments including HR, legal, IT and at the executive level. This complexity means there's a high risk of missing submission deadlines, not having the appropriate evidence impacting your ability to fulfil the assertions and significant costs to complete the DSP Toolkit at the last minute.
Our solution
At the AbedGraham Group, we can assist vendors of any size in navigating the complexities of the DSP Toolkit. Through our team of NHS compliance consultants, project managers and cybersecurity experts your organisation can fully outsource its DSP Toolkit completion processes to The AbedGraham Group in the full knowledge that we will assist you to complete your submissions ahead of time with a focus on exceeding NHS expectations whenever possible. Our support service is:
-
Efficient – We use specialised sets of 'in-house' evidence templates to accelerate document creation
-
Engaging – We communicate effectively with all key stakeholders in your organisation to ensure necessary processes, audits and evidence are generated in a timely manner every year
-
Granular – Our cybersecurity consultants have worked extensively with local and central NHS organisations and understand how to structure cybersecurity best practice standards so they are right sized to your organisation and your NHS customers' environments
-
Cost-effective – Retaining our support service for a fixed annual fee will be more cost effective than in-house processes or ad-hoc engagements with 3rd party consultants
