top of page


The Digital Technology Assessment Criteria (DTAC) was officially launched in 2021 and acts as a centrally developed guide for healthcare organisations in the UK to perform an initial vetting exercise on technology vendors across a number of compliance areas. These criteria are now increasingly being put in front of technology vendors prior to any procurement or even an initial pilot exercise, meaning that compliance with these areas can now become a barrier to procurement.


The DTAC areas that need to be answered by vendors can be found online, but in brief they are as follows:

  • Value Proposition – This is considered a ‘non-assessed section’ but evidence of utility, value proposition, proposed benefits and user journeys used in the development of the product are expected to be included here

  • Clinical Safety – Full compliance with DCB0129, provision of a named Clinical Safety Officer (CSO) and Medical Device Eligibility are required in this section

  • Data protection – A nominated Data Protection Officer (DPO), Data Security and Protection Toolkit compliance, related Data Protection Impact Assessments (DPIAs) and mitigations need to be outlined here

  • Technical Security – A range of technical security questions and processes need to be answered or provided here

  • Interoperability Criteria – Compliance with interoperability standards, best practices and personal health data standards needs to be shown in this section

  • Key Principles for Success – In this section, vendors need to document or provide compliance with usability and accessibility and information about their ways of developing and maintaining the product in line with the NHS Service Standard Points

Meeting at office
Notes on glass pane


The main challenge we see with navigating these criteria is managing the sum total of all of these in an effective and efficient way. There are a substantial number of compliance standards and questions to cover here and it is a sizeable exercise for any vendor, be they a global multi-national corporation or an SME or start-up.


Furthermore, although this is a set of criteria that need to be covered off, vendors need to ensure that this isn’t just a tick box exercise and make sure that the core principles are built into the product on an ongoing basis. In our opinion, given the complexity, importance and risk profile of healthcare, this is not something that can be done on the fly or on the cheap. We have frequently seen vendors run into compliance issues and incidents down the line because the fundamentals haven’t been captured in detail or well enough initially.

Our solution

At the AbedGraham Group, we can assist vendors of any size in navigating the complexities of these compliance standards and ensuring true ongoing quality. We have undertaken DTAC compliance work for companies across the full spectrum of healthcare and can help in all the categories mentioned above. Our rapid, cost-effective 'DTAC Gap-Analysis Service' allows vendors of any compliance level to swiftly see where their DTAC compliance stands and understand how we can support your organisation to effectively complete the outstanding areas of their DTAC submission including:

  • Value Proposition – Our extensive benefits realisation expertise can be included here

  • Clinical Safety – As one of the longest serving providers of DCB0129 services in the UK, we can manage all aspects of this area on your behalf

  • Data Protection – Our experience in data protection allows us to answer any DSP Toolkit or DPIA questions you may have

  • Technical, Interoperability and Key Principles for Success – Our extensive client work has given us an unrivalled ability to manage any vendor through the suite of technical and user questions provided

Doctor in Hospital Corridor

Copyright © 2023  AbedGraham Healthcare Strategies Ltd.

bottom of page