<  All Posts

Adopting the Cyber Assessment Framework

What it Means for NHS DSPT in 2024

In September 2024, we will see a significant shift in how data security is managed across the healthcare sector. The Data Security and Protection Toolkit (DSPT) is undergoing changes to align with the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF). This update is a direct result of the Department of Health and Social Care’s (DHSC) commitment to bolster cyber resilience as part of its cyber security strategy through 2030.

But what exactly does this alignment mean for organisations, and how will it impact the way cyber security and information governance (IG) are approached?

The Shift to CAF-Aligned DSPT: A Focus on Outcomes

The move towards a CAF-aligned DSPT brings a fresh approach to cyber security in the healthcare sector. The framework is designed to focus less on rigid compliance checklists and more on principles and expert judgment. This will allow organisations to make informed decisions about their security measures, ensuring they focus on achieving key outcomes rather than simply meeting minimum standards.

In essence, this shift will influence how people, processes, and technology are evaluated and assured within an organisation. It’s not just about having the right tools in place—it’s about making sure those tools are being used effectively, and that the organisation as a whole is well-equipped to manage and mitigate cyber risks.

Why the Change Matters: Three Key Goals

This update to the DSPT isn’t just about making a change for the sake of it. The goals behind aligning the toolkit with the CAF are designed to drive meaningful improvements in how organisations think about and approach cyber security. Here’s what those goals look like:

  1. Good Decision-Making Over Compliance:The CAF-aligned DSPT encourages organisations to shift their focus from simply ticking compliance boxes to understanding and managing information risks at a local level. Cyber risks are dynamic and complex, so having a one-size-fits-all approach doesn’t work. By fostering better understanding and ownership of these risks, local organisations can make more informed decisions about what security measures are truly necessary.
  2. Building a Culture of Evaluation and Improvement:Rather than settling for a compliance pass, organisations will need to regularly assess how effective their practices are at achieving the desired outcomes. This promotes a culture of continuous improvement, where the focus is on what works rather than what’s easiest to implement. This kind of iterative approach is essential in a world where cyber threats are constantly evolving, and organisations must stay ahead of the curve.
  3. Creating Opportunities for Better Practice:Finally, the CAF-aligned DSPT opens the door for organisations to adopt better practices by staying current with new security measures. As the threat landscape changes, so too must the strategies organisations use to protect themselves. The CAF framework enables organisations to adapt to these changes, ensuring that they are always equipped to meet emerging risks head-on.

How to Prepare for the Transition

With the changes set to take effect in September 2024, organisations need to start preparing now. While the shift towards a CAF-aligned DSPT will require adjustments, it also presents a valuable opportunity to rethink how cyber security is handled at a local level.

Here are a few steps organisations can take to prepare:

Conclusion

The upcoming changes to the DSPT, aligned with the CAF, signal a transformative moment for data security in the healthcare sector. By shifting the focus from compliance to outcomes, these changes will empower organisations to take ownership of their information risks and continuously improve their security measures.

For organisations willing to embrace this shift, the benefits are clear: more effective cyber security, a stronger culture of improvement, and the ability to stay ahead of evolving threats. As September 2024 approaches, now is the time to start preparing for a more flexible, future-proof approach to data security.

Protecting Digital Health Solutions

Contact Periculo for expert cyber security solutions tailored to the digital health industry.

Subscribe
Stay updated with our newsletter for the latest features and releases.
By subscribing, you agree to our Privacy Policy and consent to receive updates from us.
Thank you! Subscription received.
Oops! Something went wrong. Please try again.