Time is running out... this year's submission deadline is 30th June 2021

Why do I need the DSPT?

The NHS expects you to have it!

Most contracts for NHS services, from healthcare to IT systems, require suppliers to meet the DSPT standards.

It helps you manage information risks

Completing the DSPT properly means your organisation is better able to identify and mitigate information risks before they turn into issues.

Get your DSPT action plan in place today.

Our team will work with you to meet the publication deadline of June 30th 2021.

GET IN TOUCH Book a meeting

Why you should trust Monmouth to support your DSPT.

We deliver positive results

The Monmouth team have been working with the DSPT and it’s predecessor (IG Toolkit) since their inception. Our team includes ex-NHS IG staff as well as experienced data protection, security and privacy specialists.

We don't just 'tick the box'

We do not treat the DSPT as a “tick in the box” exercise. It is an important foundation for your information security and protection processes and can be the trigger for your journey through to certification against industry standards including Cyber Essentials and ISO27001.

Our breadth of experience

We have supported clients across the various organisational 'types' identified within the NHS DSPT, including software and service providers, independent hospitals, GPs and pharmacies.

We help you become self-sufficient

We work in partnership with you, and encourage knowledge transfer to support your business. After a short burst of intensive support upfront most of our clients move to a call-off model with support targeted on specialist issues or new projects.

Frequently Asked Questions

  • Why should I complete the NHS DSPT?

    If you are looking to offer the services of your business to the NHS, one of the pre-requisites is that you must have published an assessment against the most recent DSPT.  Without a minimum compliance of “standards met” against DSPT assessment, you will have difficulty engaging with the NHS.

  • Do you provide documentation?

    Where there are key documents that are required but do not exist currently, we would use our library of templates to produce them for you as part of our support. However, we do not provide you ‘blank’ templates but will localise them for you through our newly gathered knowledge of your organisation and how it functions.

  • How long does it take to complete?

    That depends on where you are starting from, there is not a one-size-fits-all solution as all organisations are different. As part of our introductory discussions with you, we will ask a series of questions that will allow us to understand the organisation and how it is configured – we will then be in a better position to provide a suggested timeframe

  • We are ISO27001 certified, do I still need DSPT?

    Yes. Having an accreditation such as ISO27001 or Cyber Essentials Plus will slightly reduce the number of requirements you have to complete for the DSPT - but any such certification does not preclude you from completing an annual assessment.

What others have to say about Monmouth's support...


We were delighted with the support provided by Monmouth Partners. Alan is clearly an expert in his field and quickly understood our requirements...  the project delivered exceeded my expectations.

Richard Hole - Ash Lane Consulting Ltd 

"These are the people!"

If you need a company to help you understand and enjoy IG, risks and robust policies and procedures then these are the people. You will also benefit from a real hands on and satisfying working relationship.

Georgia Harvey - Invicta Health CIC