← All services
Assurance 4-6 weeks

NHS Data Security & Risk Assurance Review

A board-level, independent opinion on whether an organisation is genuinely safe to access NHS data.

Assurance work: we form an independent opinion. We do not implement what we assure.

Delivered by: ISO/IEC 27001:2022 Lead Implementer (BSI); BCS Practitioner Certificate in Data Protection

NHS Data Security & Risk Assurance Review

Scope

Independent assurance on whether an organisation is genuinely safe and appropriate to access NHS data. This is not a DSPT submission service. It is a defensible risk opinion for the decision makers responsible for NHS data access and data sharing. We do not implement the controls we review, which keeps the opinion independent.

What you get

  • Assessment against NHS DSPT assertions and evidence expectations
  • Review of UK GDPR Article 32 (security of processing)
  • Evaluation of ISO/IEC 27001 controls where claimed or referenced
  • Identification of residual risks where organisations technically pass but remain high risk
  • Clear decision framing: proceed / proceed with conditions / do not proceed

Deliverables

A board-level assurance report with a clear statement of residual risk and accountability, suitable for procurement, data sharing, or partnership decisions

Price

£9,500-13,500

All prices exclude VAT.

Frameworks referenced

NHS DSPT UK GDPR (Article 32) ISO/IEC 27001 NCSC Cyber Assessment Framework (CAF)

Readiness and assurance, kept separate

Where we have built or prepared evidence for a client, we do not also sell that client an independent assurance opinion on the same work. Independence is only worth anything if it is real, so we protect it rather than blur it.

Not sure if this is the right engagement?

Book a free scoping call. We will point you to the right next step, whether that is this service, our paid diagnostic, or something else.