Skip to content
HealthcareWorking toward

NHS Data Security and Protection Toolkit

For engagements that touch NHS patient data, Desha.ai aligns to the Data Security and Protection (DSP) Toolkit, the annual self-assessment against the National Data Guardian’s ten data-security standards. Our controls are designed to meet the “Standards Met” threshold.

Request documentation Last reviewed June 2026
DESHA.AI Trust Center

NHS DSP Toolkit

NHS Data Security and Protection Toolkit
Status: Working toward
Jurisdiction: United Kingdom (NHS)
Reviewed: June 2026

At a glance

Framework
NHS England DSP Toolkit
Basis
National Data Guardian, 10 standards
Cadence
Annual self-assessment
Status
Aligned; publication tracked per engagement

The ten data-security standards

The DSP Toolkit groups the National Data Guardian’s standards under three themes, people, process and technology. Desha.ai maps its controls to each.

  • People: information-governance training, clear accountability, and a culture of confidentiality.
  • Process: data flows documented, access on a need-to-know basis, suppliers managed, incidents reported within required timeframes.
  • Technology: unsupported systems removed, protective measures (encryption, monitoring) in place, and continuity tested.

How we align

  • Information-asset and data-flow mapping for any NHS data in scope.
  • Role-based access, MFA and audit logging across systems that touch patient data.
  • Supplier / sub-processor due diligence with contractual data-protection flow-down.
  • Documented incident management aligned to NHS reporting expectations.

Status & evidence

DSP Toolkit submissions are organisation- and engagement-specific. For an NHS procurement we provide our current alignment evidence and complete or confirm the relevant Toolkit publication as part of onboarding.

Documentation available on request

  • DSP Toolkit alignment mapping (10 standards)
  • Data-flow and information-asset register summary
  • Supplier due-diligence summary

Provided to qualified reviewers under a mutual NDA via contactus@desha.ai.

This page summarises Desha.ai’s posture for due-diligence review and does not disclose internal systems or security-sensitive detail. It is informational and not a warranty or legal advice. For contractual terms request our DPA / BAA at contactus@desha.ai.