Skip to main content

Arco Free Version is now live. Check it out here

The landscape of healthcare cybersecurity is evolving.

Starting September 2024, the Data Security and Protection Toolkit (DSPT) will undergo significant changes, integrating the National Cyber Security Centre's Cyber Assessment Framework (CAF).

This pivotal shift aims to refine how cybersecurity and Information Governance (IG) assurance are approached across NHS Trusts, CSUs, ALBs, and ICBs. It marks a critical step toward empowering organisations with better decision-making capabilities and fostering a culture of continuous improvement. 

Understanding the Changes to DSPT 

New Interface and Requirements

The revised DSPT toolkit will present a different user interface that aligns with the CAF, detailing specific Objectives, Principles, and Outcomes. This alignment ensures that cybersecurity measures are not just about compliance but about achieving security readiness. Users will encounter a CAF-profiled interface that guides them through various cybersecurity outcomes and good practice indicators, categorised into levels: Not Achieved, Partially Achieved, or Achieved.

Consistency with Current Standards 

Despite these changes, the overall expectations for cybersecurity and IG controls will remain comparable to the existing DSPT standards, tightening only where necessary. This ensures that the transition can be as smooth as possible without lowering the security guardrails that organisations are accustomed to.

Why the DSPT is Changing 

Focus on Effective Decision-Making 

The shift towards the CAF framework emphasises the importance of localised decision-making and ownership of information risks. This approach encourages organisations to comply with standards and effectively understand and manage their unique cybersecurity challenges.

Encouraging Continuous Improvement 

By integrating CAF, the DSPT fosters an environment where organisations are motivated to evaluate and enhance their cybersecurity practices continually. This is based on effectiveness rather than mere compliance, ensuring efforts are focused on what genuinely secures data and systems.

Adapting to Emerging Threats 

The updated framework will enable organisations to stay abreast of new security measures to counteract evolving threats and risks. This dynamic approach is crucial in a sector where technological advancements and cyber threats constantly exist.

How Arco Cyber Can Support You Through These Changes 

At Arco Cyber, we understand the complexities of aligning with new frameworks like the CAF within the DSPT. Our platform offers a robust suite of tools to help healthcare organisations effectively assess and enhance their cybersecurity posture.

Contextual Impact Understanding 

Understanding the impact of risks is critical. Arco Cyber synthesises threat data with compliance and control monitoring, enriching this information with industry benchmarking and peer insights. This multi-dimensional view aids in appreciating the full context of your security posture within the healthcare sector. 

Leveraging Existing Investments 

Extract maximum value from your current investments with Arco Cyber. Our platform integrates with your existing tools, enhancing their utility. It provides actionable insights that help reduce risk while optimising value, ensuring your cybersecurity spending is impactful where it matters most. 

Regulatory Compliance as an Enabler 

Compliance with regulatory changes, such as the DSPT's shift towards the CAF, can be complex. Arco Cyber simplifies this process. The platform ensures that security becomes an enabler, helping you efficiently meet regulations, supplier demands, and insurance policy terms. 

Cybersecurity Budget Optimisation 

Maximise your cybersecurity budget by optimising the use of existing tools through Arco Cyber's platform. By reducing overlap and boosting the utility of underutilised investments, we ensure that every pound spent on cybersecurity is invested towards a more robust defence system. 

Comprehensive Risk Assessment and Defence Gap Analysis 

Arco Cyber's advanced capabilities in data ingestion across all controls, along with layers of threat data and industry context, equip you to assess risks accurately. Our platform specialises in evaluating, discovering, and pinpointing gaps in defences, thus enabling a more fortified cybersecurity framework aligned with the CAF outcomes. 

Strategic Support for Board-Level Discussions 

With the DSPT changes and the CAF integration, board-level discussions on cybersecurity will become more crucial. Arco Cyber equips leaders with clear insights and strategic advice to drive these conversations, ensuring that cybersecurity remains a top priority in the strategic planning of healthcare organisations. 


Integrating the CAF into the DSPT represents a significant shift towards a more dynamic and practical approach to cybersecurity in healthcare. As these changes unfold, Arco Cyber remains committed to supporting healthcare organisations through this transition, ensuring they are well-equipped to meet the challenges and leverage the opportunities that come with these new standards. 


By embracing these changes, healthcare providers can ensure a more secure and resilient digital environment, leading to better patient care and data protection.

Adam Louca
Post by Adam Louca
Apr 29, 2024 2:59:24 PM