NHS Data Security & Risk Assurance Review
A board-level, independent opinion on whether an organisation is genuinely safe to access NHS data.
Assurance work: we form an independent opinion. We do not implement what we assure.
Delivered by: ISO/IEC 27001:2022 Lead Implementer (BSI); BCS Practitioner Certificate in Data Protection
Scope
Independent assurance on whether an organisation is genuinely safe and appropriate to access NHS data. This is not a DSPT submission service. It is a defensible risk opinion for the decision makers responsible for NHS data access and data sharing. We do not implement the controls we review, which keeps the opinion independent.
What you get
- Assessment against NHS DSPT assertions and evidence expectations
- Review of UK GDPR Article 32 (security of processing)
- Evaluation of ISO/IEC 27001 controls where claimed or referenced
- Identification of residual risks where organisations technically pass but remain high risk
- Clear decision framing: proceed / proceed with conditions / do not proceed
Deliverables
A board-level assurance report with a clear statement of residual risk and accountability, suitable for procurement, data sharing, or partnership decisions
Price
£9,500-13,500
All prices exclude VAT.
Frameworks referenced
Readiness and assurance, kept separate
Where we have built or prepared evidence for a client, we do not also sell that client an independent assurance opinion on the same work. Independence is only worth anything if it is real, so we protect it rather than blur it.
Not sure if this is the right engagement?
Book a free scoping call. We will point you to the right next step, whether that is this service, our paid diagnostic, or something else.
