Skip to main content
Back to Shop
NHS DSPT Auto-Scorer & Compliance Tracker preview
CYBERSECURITY

NHS DSPT Auto-Scorer & Compliance Tracker

NHS DSPT deadline 30 June each year. Inadequate score = loss of NHS contracts. Auto-test all 10 standards with evidence tracking and gap alerts.

NHSDSPThealthcareNHS-supplierCE-2026MFA-mandatoryCyber-Essentials-2026NCSC-2026

🛡️ CYBER ESSENTIALS 2026 UPDATE — EFFECTIVE 28 APRIL 2026

The Cyber Essentials scheme is updated from 28 April 2026 with stricter criteria: mandatory multi-factor authentication (MFA) for all cloud services and admin accounts, tighter password policies, expanded scope for home workers and BYOD devices, and new vulnerability management timelines. All UK government suppliers must meet the updated standard. This product is aligned with the CE 2026 requirements.

What is the NHS DSPT Auto-Scorer & Compliance Tracker?

The NHS Data Security and Protection Toolkit (DSPT) is mandatory for every organisation that has access to NHS patient data or NHS systems. Missing the annual 30 June deadline — or submitting with an "Approaching Standards" or "Not Published" status — means automatic exclusion from NHS contracts and data-sharing agreements. This tool automates the entire assessment process, continuously testing your compliance against all 10 National Data Guardian standards so you submit with confidence.

Built specifically for NHS suppliers, GP practices, pharmacies, care homes, and any organisation processing NHS data, the Auto-Scorer eliminates the spreadsheet chaos that causes most DSPT failures and replaces it with a live dashboard that tracks your readiness in real time.

Who needs this?

  • NHS IT suppliers and software vendors requiring DSPT compliance for contract eligibility
  • GP practices and primary care networks completing annual DSPT submissions
  • NHS Trusts and Integrated Care Boards managing multi-site compliance
  • Social care providers and care homes processing NHS patient data
  • Pharmacies connected to NHS systems (EPS, SCR, GPES)
  • Clinical research organisations handling NHS data under Data Sharing Framework Contracts
  • MSPs and IT service providers supporting NHS clients

What's included?

  • Automated compliance testing across all 10 NDG data security standards with real-time scoring
  • Evidence management system — upload, tag, and map evidence documents directly to DSPT assertions
  • Automated deadline alerts at 90, 60, 30, 14, and 7 days before the June submission deadline
  • Gap analysis dashboard showing exactly which assertions are unmet with remediation guidance
  • Staff training tracker integrated with IG e-learning completion monitoring
  • Historical submission tracker — compare year-on-year progress and identify recurring gaps
  • Pre-submission validation check that mirrors NHS Digital's own assessment criteria
  • Exportable compliance report for board reporting and commissioner assurance requests

Key Benefits

  • Reduce DSPT completion time from weeks to days — automated testing replaces manual evidence gathering
  • Eliminate last-minute panic with 90-day advance warning system and progressive readiness scoring
  • Maintain NHS contract eligibility — an inadequate DSPT means losing access to NHS systems and contracts worth £thousands annually
  • Pass NHS commissioner spot-checks with exportable evidence packs that satisfy Data Protection Officer reviews
  • Track multi-site compliance from a single dashboard — ideal for GP federations and care home groups
  • Stay compliant year-round, not just at submission time — continuous monitoring catches drift before it becomes a gap

UK Regulatory Context

The DSPT is mandated by NHS England and underpinned by the National Data Guardian's 10 data security standards. All organisations with access to NHS patient data must publish a DSPT assessment annually by 30 June. /24, NHS England has tightened requirements and introduced mandatory evidence assertions that cannot be self-certified. Organisations rated "Approaching Standards" are placed on improvement plans and may face restricted data access. For NHS suppliers, DSPT compliance is a contractual requirement under the NHS Standard Contract and Data Processing Contracts — non-compliance is grounds for contract termination. The 2025/26 DSPT includes updated cyber security assertions aligned with the Cyber Assessment Framework (CAF) and requires demonstration of active vulnerability management.

How it works

  1. Connect your organisation profile and the system pre-populates your DSPT scope based on your ODS code and data access level
  2. The auto-scorer runs diagnostic checks against each of the 10 standards, flagging unmet assertions with specific remediation steps
  3. Upload evidence documents and the system maps them to relevant assertions automatically using intelligent tagging
  4. Monitor your live readiness score on the dashboard — aim for "Standards Met" status at least 30 days before the deadline
  5. Run the pre-submission validator to catch any gaps, then export your finalised assessment for DSPT portal submission

Pricing

£99/month — includes automated scoring across all 10 standards, evidence management, deadline alerts, staff training tracker, pre-submission validation, and exportable compliance reports. Annual billing available at £999/year (save £189).

📌 ICO ENFORCEMENT CONTEXT (2025-2026)

UK ICO has issued multiple six-figure fines for NHS data exposure incidents (Capita, Advanced, NHS trusts). Post-incident enforcement reviews now scrutinise DSPT submissions, IG Toolkit gaps and supplier-chain controls. This product is positioned for trusts and health-sector organisations strengthening evidence packs ahead of the next enforcement cycle.

📅 How this subscription works — month-1 to month-12

  • Day 1 onboarding: instant portal access, automated onboarding checklist and baseline assessment intake — getting started guide delivered automatically.
  • First week setup: integrations wired, first report generated, MLRO / DPO / IT lead invited to the portal.
  • Ongoing monthly delivery: updated compliance report, new-regulation tracker delta, audit-trail snapshot, continuous regulatory updates aligned to your sector.
  • Cancellation: cancel any time from the portal — no contract lock-in; 30-day data export window after cancellation.

⚠️ Legal disclaimer (COMPLIANCE): This product is provided for information and compliance documentation only; it is not regulatory advice. Read the full disclaimer below or in our Terms of Service before purchase.

Cyber Essentials 2026 Coverage (NHS Context)

NHS DSPT requires Cyber Essentials certification as a baseline; this scorer maps DSPT controls to the CE 2026 five-control framework:

  • Firewalls — Network boundary requirements for trust networks + DMZ configuration for patient-data systems
  • Secure configuration — CIS-benchmark and NHS Digital secure configuration baseline mapping; hardening checklist for clinical workstations and servers
  • User access control + MFA mandate — MFA enforcement audit (CE 2026 mandate effective 28 April 2026) covering NHSmail, clinical systems, and admin accounts; RBAC matrix for role-based clinical access
  • Malware protection — Endpoint protection coverage verification + EDR baseline for clinical estate
  • Security update management — Patch management cadence aligned with NHS Digital guidance + vulnerability management for medical devices

£99.00/mo

MONTHLY SUBSCRIPTION · No VAT (not registered)

Delivery: Instant on payment
Refund: 14-day satisfaction guarantee
Instant download after payment
UK GDPR compliant
Secure checkout via Stripe
Not VAT registered — no VAT charged

Trust & Delivery

ICO registered ZC112810

UK Information Commissioner's Office data controller registration.

Companies House 16419201

SummitBridge Horizon Ltd — registered 30 April 2025, London.

14-day satisfaction guarantee

See refund policy for full terms.

Sample materials available

Request a sample

Compare with the market

3 direct and adjacent competitors tracked.

VendorTheir priceThreatvs SBHTheir advantagesOur advantages
qPro (Quality Professional)

GB

CRITICALsimilarNHS incumbent
IT Governance UK

GB

£800+ per assessmentMEDIUMpricier
Log my Care

GB

LOW

Compliance Snapshot

Regulatory posture for this product — for procurement and security teams.

General-purpose (limited- or minimal-risk)

Conformity scaffold in place — formal record not yet published