LOADING…
E2E RiskPLATFORM
Platform  /  Health & care  ·  Sector
Health & care

The DSPT is CAF now.Are your suppliers ready?

Trusts and care providers running patient-facing services on supplier-heavy estates, with the Data Security and Protection Toolkit now aligned to the CAF.

See the platform
DSPT CAF-alignedDTAC readyUK GDPR native
The brief

Assurance across health & care.

Without E2E Risk
Clinical systems and data sit with dozens of third parties
The DSP Toolkit cycle is a yearly evidence scramble
Patient data flows you cannot fully see or evidence
A supplier outage becomes a patient-safety incident
With E2E Risk
Every clinical supplier assessed by the data they touch
DSPT evidence captured once and kept current
Processing mapped to suppliers, assets and DPIAs
Critical suppliers mapped to the services that depend on them
See it

Patient data, assured at the source.

CLINICAL SUPPLIERS · live live
Onboard
Supplier and data flow logged
Classify
By the patient data it touches
auto
Assess
DSPT & CAF-aligned
DPIA link
Tied to processing
linked
Remediate
Gaps closed, owned
Monitor
Exposure watched live

You know which supplier holds which patient data - and that it is assured.

How it works

One lifecycle, end to end.

01 Onboard
It starts at intake
New suppliers captured the moment they are engaged.
No more shadow vendors found at audit.
02 Profile
Right depth
Criticality and data exposure set the assessment depth.
Effort lands where the risk actually is.
03 Assess
Native to your frameworks
Assessed against the regimes you answer to, at control level.
Defensible judgements, not a tick-box.
04 Evidence
Capture once
Evidence inherits across every overlapping requirement.
Re-used, not re-collected, each cycle.
05 Remediate
Close the gap
Findings become owned actions with dates.
Progress tracked, not forgotten.
06 Monitor
Stay current
Outside-in signals and review dates keep it live.
You learn before the auditor does.
The difference

The DSPT cycle, rebuilt.

What you doToolkit + spreadsheetsE2E Risk
DSPT evidenceAssembled once a year, by handCaptured once and kept current
Clinical suppliersTracked looselyAssessed by the data they touch
Patient data flowsHard to see end to endMapped to suppliers and DPIAs
DPIAsWord filesA living register, ICO-ready
ContinuityPer-supplier guessworkSuppliers mapped to clinical services
An auditA fire drillAn evidence pack on demand
Where to start

The modules that matter most here.

Supplier Assurance →

Assess clinical suppliers by the patient data they hold.

DPIA Register →

ICO-aligned, living register linked to processing and suppliers.

CAF Assessment →

DSPT- and CAF-aligned, assessed natively.

Business Resilience →

Map critical suppliers to the clinical services they support.

1
register for every clinical supplier
100%
of DPIAs linked to processing & suppliers
0
DSPT evidence rebuilt from scratch
24/7
outside-in exposure monitoring
Native to your regimes

Defensible against all of them.

DSP ToolkitUK GDPRNCSC CAF v3.2Cyber EssentialsISO 27001:2022NIS Regulations
Next step

Assure the data, protect the service.

A 30-minute walkthrough on your clinical suppliers and the DSPT - no slides.

Explore Supplier Assurance →