April Newsletter

This month, we're celebrating helping Think ADHD achieve full DTAC compliance through a new partnership with Acorn Compliance. Supporting clients with AI system risk assessments, we’re proud to be guiding innovative teams through complex standards with clarity and confidence. We're preparing for the DSPT audit deadline in June, which is fast approaching.

Client Success: Think ADHD Achieves Full DTAC Compliance

We’re thrilled to announce that Think ADHD is now fully DTAC compliant—a major step forward in delivering safe, secure, and accessible digital health services to the NHS.

“I am absolutely thrilled to say that Think ADHD is fully DTAC compliant, thanks in no small part to Acorn Compliance and Periculo, who have been absolutely crucial to the whole process. I’m over the moon. It’s been a journey, but a fantastic one to be on with two excellent companies.”

This was made possible through our strong collaboration with Acorn Compliance. We’re proud to work in partnership with Acorn to support digital health innovators like Think ADHD in meeting complex standards like DTAC with confidence and clarity.

As the penetration testing partner, we provided security assurance across their platform, ensuring that key DTAC technical requirements were met with robust evidence and clear reporting.

Our penetration testing methodology follows a comprehensive procedure designed to cover a wide range of scenarios—including network, web application, physical, and social engineering. This framework is based on leading standards such as:

• PTES (Penetration Testing Execution Standard)

• CREST

• OWASP Top 10

• IEC TR 60601-4-5:2021, where applicable

This multi-layered approach ensures we can provide meaningful, audit-ready results while helping clients understand and address their real-world risk exposure.

Huge congratulations to the team at Think ADHD for their focus and determination—we’re proud to have been part of your journey.

Spotlight: AI in Healthcare – Real-World Lessons

AI is the hottest topic in healthcare tech right now, and for good reason. But beyond the hype, what does real implementation actually look like?

We’ve been working hands-on with a long-standing client to map out AI systems and conduct risk assessments aligned with current legislation. It’s not just about building smarter tools—it’s about doing so responsibly and compliantly.

If you’re introducing AI into your product and need a practical approach that fits within the evolving regulatory landscape, book a call with us to talk about how we can help.

We’re excited to share more about our work in AI and healthcare soon—watch this space.

DSPT Deadline Reminder – Are You Ready?

The NHS Data Security and Protection Toolkit (DSPT) submission deadline is 30th June 2025—and it’s approaching fast.

For the 2024–25 cycle, the requirement to complete a DSPT audit is mandatory under evidence item 9.4.5. This means organisations must not only submit their DSPT but also have a formal audit conducted to validate their submission.

We’re already supporting digital health companies and NHS suppliers with:

• DSPT readiness reviews

• Policy and evidence development

• Harpe-powered compliance tracking

• End-to-end audit support

• Final checks before submission

Don't leave it until the last minute—audit slots will fill quickly in the run-up to the deadline.

Book a call today to find out how we can help you prepare with confidence.

Security Fact of the Month

Healthcare organisations experienced a 60% increase in ransomware attacks in 2024.
According to industry reports, healthcare remained the most targeted sector due to the critical nature of data and services. Cybercriminals know that disruption can cost lives—making quick ransom payouts more likely.

Security Tip of the Month

Backups Only Work if You Test Them: It’s not enough to back up your data—you need to know you can restore it quickly when disaster strikes.

Set a recurring reminder to test your backup restore process at least once per quarter. This ensures data integrity, recovery speed, and business continuity when it counts most.

Jargon Buster

Business Continuity Plan (BCP) – A documented strategy outlining how your organisation will continue operating during an unexpected disruption, such as a cyberattack or system failure.

It’s not just about IT—it’s about keeping your whole organisation functioning when things go wrong.