Zivver achieves ‘Substantial’ rating in NHS DSP Toolkit assessment

📢 News from the Zivver Team 🙌 We’ve officially scored a ‘substantial’ rating in our latest DSP Toolkit assessment conducted by an independent assessor – the highest possible rating. Even better, the assessment also gave us a ‘High’ confidence rating in the accuracy of our self-assessment. This means our data security controls are not only strong but trusted too.  

What is the DSP Toolkit? 

The Data Security and Protection Toolkit (DSPT) is the NHS’s way of making sure that its suppliers meet national data protection standards. As a Category 2 IT Supplier, we are required to complete the self-assessment and undergo an independent review. That means a deep dive into our systems, policies, training and technology to make sure our claims are aligned with our services. 

How did Zivver perform? 

After reviewing the information and the external assessment, we achieved:   

• Substantial Risk Rating (Top Score) 

• High confidence in our self-assessment 

• Zero critical or high-risk findings 

• Strong results across all 10 NDG Standards 

Some of our standout strengths include: 

• Practical, people-first training – Zivver's in-person awareness sessions help make security processes real for our teams. Attendance is tracked, follow up sessions happen, and the result? A workplace where data security obligations are understood. 

• Smart Authentication – For systems that handle healthcare data, we go beyond standard MFA by introducing physical YubiKeys, making phishing a lot less common while keeping our systems user friendly. Adding strong password policies and regular reviews helps to solidify our security. 

• Resilience – Our infrastructure is designed for continuity, with multiple data centres and SMS failovers. We also ensure critical roles are always covered, so even during a disruption, secure communication doesn’t stop. 

Commenting on our achievement, our CIO and Co-Founder Rick Goud said: “For NHS organisations and partners, this accreditation provides added assurance that Zivver is not just compliant but proactive, transparent and committed to keeping data secure. Because good security isn’t just about ticking boxes. It’s about making the right thing easy to do.”