Skip to content

//NHS Security Assurance Programme

Supporting NHS suppliers to meet security requirements

If you supply digital services, software, or infrastructure to the NHS, you’re expected to demonstrate clear, evidence-backed security compliance.

From DSPT to Cyber Essentials Plus, the bar has been raised, and most organisations struggle not because they lack capability, but because they lack clarity and structured support.

Structured support that keeps you on track—without taking control away from your team

Why Choose The Assurance Programme?

Meeting NHS security requirements isn’t just about knowing what to do—it’s about doing the right things, at the right time, with the right evidence.

Our Security Assurance Programme gives you the structure, expertise, and continuity needed to stay compliant—without handing over ownership.

CE+ mandatory under PPN 014  DSPT clause 9.4.5 audit support  

CYBER ESSENTIALS

CYBER ESSENTIALS PLUS

CREST PENETRATION TEST

DSPT AUDIT/INTERNAL AUDITS

Consistency Over Last-Minute Panic

Most organisations approach DSPT and Cyber Essentials reactively—rushing to prepare evidence weeks before deadlines.

With our programme, you get:

1

Clarity

We help you to understand exactly what is required, to avoid over-engineering or unnecessary work

2

Confidence

We support you to build clear, well-structured evidence, identify and address gaps early, and approach audits with confidence, not guesswork

3

Support

Unlike fully managed services, we don’t take control away from you. Instead, we work alongside your internal team

4

Predictable

Security compliance can become expensive. Our programme allows you to spread costs across the year.

Yearly vs Monthly

Choose the right plan for your organisation's needs.

Yearly Assurance

Cyber Essentials, Cyber Essentials Plus, Penetration Test, DSPT Audit, Internal Audits, Vulnerability Scanning...

From £10,000/Per Year

GET STARTED

MOST POPULAR

Monthly Assurance

Cyber Essentials, Cyber Essentials Plus, Penetration Test, DSPT Audit, Internal Audits, Vulnerability Scanning...

From £900/Per Month

GET STARTED

Built for two types of NHS suppliers.

Whether you're maintaining your current NHS supply chain status or building toward your first NHS contract, the compliance requirements are the same.

Current NHS Suppliers minus-icon

You're already in the supply chain and need to stay there.

You hold DSPT Standards Met and CE+ and you know they need renewing every year. Right now that probably means managing three or four separate vendor relationships, uncoordinated renewal dates, and invoices that land when you least expect them.

The Security Assurance Programme consolidates everything under one team on a single annual programme, billed monthly. Nothing changes in terms of what you're required to do. Everything changes in how much effort it takes to do it.

"We spend more time coordinating compliance than we should. It's the same work every year."
Aspiring NHS Suppliers plus-icon

The compliance bar for NHS IT suppliers has risen significantly.

NHS England has taken a more active stance on supplier security posture following a pattern of supply chain attacks on NHS organisations over the past three years. The regulatory requirements have tightened in parallel. Read our NHS supply chain security briefing →

 

 

PPN 014

Cyber Essentials Plus is now mandatory

NHS IT suppliers are required to hold Cyber Essentials Plus certification. Enforced under PPN 014 as part of NHS procurement and a condition of supply chain participation.

NHS Standard Contract Clause 21.2

DSPT Standards Met is a contractual requirement

Organisations that fail to achieve or maintain DSPT Standards Met status risk losing existing NHS contracts. Annual renewal is a condition of doing business as an NHS supplier.

 

DSPT Clause 9.4.5

Category 2 IT suppliers require an independent audit

DSPT clause 9.4.5 mandates a mandatory independent audit for Category 2 IT suppliers as part of annual DSPT submission. The 2025/26 deadline is 30 June 2026.

Everything an NHS IT supplier needs, under one team.

The Security Assurance Programme packages the mandatory annual assurance activities for NHS supply chain compliance. Scope is confirmed during onboarding, if something isn't applicable, it's removed, and the price adjusts accordingly.

BOOK A CALL
right-white-arrow

Small Organisation

Less than 25 Employees

right-white-arrow

Medium Organisation

25-50 Employees

right-white-arrow

Large Organisations

51-249 Employees

right-white-arrow

Enterprise Organisations

250+ Employees

right-white-arrow

FAQ

WE HAVE A VARIETY OF SERVICES SPECIFIC TO ENSURING THE SECURITY OF YOUR MEDICAL DEVICES.

What is the Security Assurance Programme minus-icon

The Security Assurance Programme is a structured annual service that helps organisations meet NHS supply chain security requirements. It combines Cyber Essentials certification support, NHS DSPT guidance, and independent security testing into one managed programme with predictable monthly costs.

What is the NHS DSPT and why does it matter? plus-icon
Do I need Cyber Essentials to work with the NHS? plus-icon
Is security testing required for NHS suppliers? plus-icon
Who is this programme designed for? plus-icon
How long does it take to become NHS supply chain ready? plus-icon
Do you support renewals? plus-icon
How do we get started? plus-icon