DESHA.AI Trust Center
NHS DSP Toolkit
NHS Data Security and Protection Toolkit
Status: Working toward
Jurisdiction: United Kingdom (NHS)
Reviewed: June 2026
At a glance
- Framework
- NHS England DSP Toolkit
- Basis
- National Data Guardian, 10 standards
- Cadence
- Annual self-assessment
- Status
- Aligned; publication tracked per engagement
The ten data-security standards
The DSP Toolkit groups the National Data Guardian’s standards under three themes, people, process and technology. Desha.ai maps its controls to each.
- People: information-governance training, clear accountability, and a culture of confidentiality.
- Process: data flows documented, access on a need-to-know basis, suppliers managed, incidents reported within required timeframes.
- Technology: unsupported systems removed, protective measures (encryption, monitoring) in place, and continuity tested.
How we align
- Information-asset and data-flow mapping for any NHS data in scope.
- Role-based access, MFA and audit logging across systems that touch patient data.
- Supplier / sub-processor due diligence with contractual data-protection flow-down.
- Documented incident management aligned to NHS reporting expectations.
Status & evidence
DSP Toolkit submissions are organisation- and engagement-specific. For an NHS procurement we provide our current alignment evidence and complete or confirm the relevant Toolkit publication as part of onboarding.
Documentation available on request
- DSP Toolkit alignment mapping (10 standards)
- Data-flow and information-asset register summary
- Supplier due-diligence summary
Provided to qualified reviewers under a mutual NDA via contactus@desha.ai.
