Skip to content
Contact Us

NHS Supply Chain

NHS Security Assurance Programme

One specialist team, one annual program, and a predictable monthly cost.

One specialist team handling all your compliance needs
Fixed monthly payments with no surprise invoices
 
 

Pricing & Tiers

Every engagement begins with the full programme. If budget requires, we descope modules while protecting core outcomes.

Small

<25 Employees

£1,245

per month or £15,050/per year

What's included:

  • ✓ Cyber Essentials Certification
  • ✓ Cyber Essentials Plus - Including Audit
  • ✓ Annual penetration test (web application + mobile apps)
  • ✓ Quarterly vulnerability scanning
  • ✓ NHS DSPT audit and submission support
  • ✓ 3 hours FREE consultancy support
  • ✓ New Release/Update FREE 1 Day penetration test
Organisational Size

Medium

25-250 Employees

£1,350

per month or £15,700/per year

  • What's included:

    ✓ Cyber Essentials Certification

    ✓ Cyber Essentials Plus - Including Audit

    ✓ Annual penetration test (web application + mobile apps)

    ✓ Quarterly vulnerability scanning

    ✓ NHS DSPT audit and submission support

    ✓ 3 hours FREE consultancy support

    ✓ New Release/Update FREE 1 Day penetration test

Large

250+ Employees

£1,400

per month or £16,000/per year

  • What's included:

    ✓ Cyber Essentials Certification

    ✓ Cyber Essentials Plus - Including Audit

    ✓ Annual penetration test (web application + mobile apps)

    ✓ Quarterly vulnerability scanning

    ✓ NHS DSPT audit and submission support

    ✓ 3 hours FREE consultancy support

    ✓ New Release/Update FREE 1 Day penetration test

     

Transparent, fixed monthly retainer. Final price reflects company size and any agreed de‑scopes.

What is the NHS Security Assurance Programme?

Maintaining compliance and security certification shouldn't mean juggling multiple vendors, surprise invoices, and gaps in your compliance calendar. Our Security Assurance Programme packages your essential external security services into a single annual programme with predictable monthly costs and one relationship.

Why is This Needed?

NHS organisations require suppliers to demonstrate robust cyber security, data protection, and technical assurance before contracts are awarded or renewed.

 

Mandatory Compliance
Achieve and maintain Cyber Essentials certification and meet NHS DSPT requirements to demonstrate baseline security and data protection standards.
Technical Evidence
Independent vulnerability assessments and penetration testing provide assurance that your systems are secure and aligned to recognised frameworks.
Accreditation Support
Clear documentation and structured guidance to support NHS DSPT submissions and broader NHS supply chain security expectations.
We had a great experience working with Periculo for our Cyber Essentials Plus certification. From the very beginning, their team was incredibly responsive, supportive, and approachable, which made the preparation phase smooth and efficient.

They were always available to answer our questions, clarify requirements, and help us feel fully prepared before the audit. When it came time for the actual audit, the process was handled with impressive professionalism and thoroughness, giving us full confidence in their assessment.

Highly recommended for any organization looking for a dependable and knowledgeable partner for cybersecurity certifications.

 

FAQs

Find answers to frequently asked questions
What is the NHS Security Assurance Programme

The NHS Security Assurance Programme is a structured annual service that helps organisations meet NHS supply chain security requirements. It combines Cyber Essentials certification support, NHS DSPT guidance, and independent security testing into one managed programme with predictable monthly costs.

Do I need Cyber Essentials to work with the NHS?

No. This is a configuration review against CIS Benchmarks. A penetration test (IT Health Check) is a separate requirement for the 'Self-Managed' route. We can offer Penetration Testing as a separate service if needed.

 

What is the NHS DSPT and why does it matter?

The NHS Data Security and Protection Toolkit (DSPT) is a mandatory self-assessment for organisations accessing NHS data. It demonstrates compliance with NHS data protection, information governance, and security standards. Without a compliant DSPT submission, you may not be eligible for NHS contracts.

 

Is security testing required for NHS suppliers?

While requirements vary depending on the contract, many NHS buyers expect independent security testing such as vulnerability assessments or penetration testing — particularly for web applications, cloud platforms, or systems handling patient data. Security testing provides technical assurance beyond basic certification.

Who is this programme designed for?

The programme is ideal for:

  • Health tech startups bidding for their first NHS contract
  • SaaS providers processing NHS data
  • Established suppliers needing ongoing compliance support
  • Organisations that want predictable compliance costs rather than one-off projects

 

How long does it take to become NHS supply chain ready?

Timelines depend on your current security maturity. For most organisations, achieving Cyber Essentials and completing DSPT readiness can take between 4–12 weeks. We provide a clear roadmap at the outset so you know exactly what’s required.

Do you support renewals?

Yes. Cyber Essentials and DSPT require annual renewal. The programme is designed to ensure you remain compliant year after year without last-minute stress.

How do we get started?

Book a call with our team to discuss your current position, upcoming NHS bids, and compliance requirements. We’ll outline a tailored roadmap and pricing structure to get you NHS supply chain ready.

NHS DCB1596 COMPLIANCE

Still Have Questions?

Schedule a call with our founder or a member of our team to create a complimentary action plan.