Looking for HELP?


Ensure Compliance
with our NHS Toolkit Audit (DSPT)

Are you required by NHS Digital to provide a Data Security and Protection Toolkit (DSPT) submission, and want assurance that yours meets the required standards? Perhaps you are in the Tier 1 category, and you have to have your submission externally audited. If so, DPAS are here to help. 

Our DSP Toolkit Audit and Report will assess your DSP Toolkit submission to ensure that the evidence uploaded, and the assertions completed, meet the standards required. By completing an external audit, you can be assured that your organisation is not only meeting the requirements of the toolkit, but you can use it to gain customer trust, enhancing your reputation and demonstrating that you are serious about protecting data.  Just as crucially, it can help to raise awareness internally and promote best practices within your organisation, resulting in long-term culture changes that can benefit compliance.

Led by seasoned Information Governance experts, our independent reviews offer a new level of transparency to the Board and Trustees. We meticulously identify areas of concern and potential risks, providing a comprehensive perspective that helps you support regulatory compliance moving forward. The audit will follow the NHS Digital and Protection Toolkit Independent Assessment framework and we will produce a Board level report with an associated action plan which details the organisation’s level of compliance.

nhs toolkit audit and support

‘On top of an already demanding workload, we had a new system integration, a merger to form a new Trust, and the impact of Covid to deal with. DPAS really helped to take the pressure off by helping with complex SARs, and DPIAs. Having no idea how many SARs you may receive, having the ability to flex by using additional resources can be quite useful. Knowing I can rely on Charlotte’s support with DPIAs and data sharing agreements, really takes the pressure off. It is really helpful, having someone that can take the time out to review requests.’

rhiannon platt

royal devon university healthcare NHS FOUNDATION TRUST


The audit ensures that the evidence provided and assertions made in the DSP Toolkit submission meet the required standards. This assures that your organisation is compliant with the necessary regulations.

Completing an external audit can significantly boost customer trust. It signals to them that you prioritise data protection, thereby enhancing your organisation’s reputation in the market.

The audit process is crucial in raising awareness within your organisation. It fosters a culture of data protection and promotes best practices, ensuring that your team is always informed and vigilant.

The awareness and best practices promoted by the audit can lead to long-term cultural shifts within your organisation. These shifts can greatly benefit compliance and the general approach to data protection.

The audits are led by seasoned Information Governance experts. Their expertise ensures a thorough and meticulous review, providing unparalleled transparency to the Board and Trustees.

The service meticulously identifies areas of concern and potential risks. This comprehensive perspective is invaluable in supporting regulatory compliance in the future.

What's Included?

Pre-audit scoping exercise to determine what will be in scope of the audit.

A pre-audit questionnaire for you to complete, to give us a sense of your existing level of compliance.

A review of the documentation uploaded to your DSP Toolkit submission to ensure that policies, accountability documentation, procedures, and any further documents are compliant.

Phone interviews with key personnel involved with data protection and security, to further determine the level of compliance, as well as identify any gaps or areas that need particular attention.

A high-level review of the policies, procedures and current systems, to meet the conditions of the DSP Toolkit independent assessment requirements.

A report detailing the results against each evidence required per assertion as detailed in the toolkit. This will include a risk rating against each of the standards, an overall risk rating (based on the 10 individual ratings), and an overall confidence rating.

Recommendations for remediation of risk.

Meet Our Team Of DPO's & CONSULTANTS

Nigel Gooding

Chief Data Protection Officer

Natalie Bennett

Head of Data Protection Consultancy

kristal rocks


lauren durham-hutchins


gary o'reilly

legal counsel Consultant

teresa gudge


WE WORK WITH FTSE 100s Multi-National Organisations Schools Universities Councils Local Governments Agencies NHS Trusts GP Practices Retailers Charities Multi-Academy Trusts Housing Associations Ambulance Services Insurance Companies Sporting Associations Airports Retail Companies Hospitality Businesses




Easy to understand data privacy and information security services that are always accessable, consistenty pragmatic and continually exceeding expectations.

Keeping on top of the changing DSPT criteria can be a challenge in itself. By outsourcing to an expert consultancy like DPAS, you can feel confident that you have the resources and expertise to ensure your submission is of a high standard.Having a consultant on hand, whether it is for auditing or completion of the DSPT, will allow you to be confident that you have effectively evidenced the DSPT standards.

At DPAS we pride ourselves on our pragmatic approach, allowing you to be in control of how much support you require, and how that is scheduled. This allows you to work with as little disruption as possible, and make working with a consultant as smooth as possible. 

Choosing an expert data protection consultant means you can feel confident in your DSPT submission. Freeing up time for your team to continue with business as usual, without the stress of the looming submission deadline. DPAS has worked tirelessly to ensure that we constantly exceed our clients expectations. 

DPAS understands the budget restraints within the NHS, we therefore provide bespoke, and flexible, options to ensure that you can feel supported whilst remaining within budget.

We have a wealth of experience delivering data protection and information security projects and training, to public, private, and third sectors. We understand that each organisation faces its own challenges, and always provide tailored solutions to meet your specific requirements.