What is Data Protection Consultancy?

Data protection consultancy involves expert guidance and support from professionals to ensure compliance with data protection laws and regulations. Consultants help organisations implement effective data protection measures to safeguard sensitive information.

What Services Do Data Protection Consultants Offer?

Data protection consultants offer a range of services including GDPR compliance audits, data protection impact assessments (DPIAs), policy development, staff training, breach response planning, and ongoing compliance monitoring.

How Can Data Protection Consultants Help My Business?

Data protection consultants provide tailored solutions to address your organisation's specific needs. They offer expert advice, implement best practices, conduct risk assessments, and ensure continuous compliance to protect your business from legal and reputational risks.

What Are the Benefits of Hiring a Data Protection Consultant?

Hiring a data protection consultant brings specialised expertise, saves time and resources, ensures regulatory compliance, enhances data security, boosts customer trust, and mitigates the risk of data breaches.

How Do I Choose the Right Data Protection Consultant?

When selecting a data protection consultant, consider factors like their experience, track record, industry knowledge, compliance expertise, customised services, and client testimonials to ensure they meet your specific needs.

What Industries Can Benefit from Data ProtectionConsultancy Services?

Data protection consultancy services are beneficial for organisations across various sectors including healthcare finance, ecommerce, IT, legal, and more, ensuring compliance with industry-specific regulations.

What Steps Are Involved in the Data Protection Consultancy Process?

The data protection consultancy process typically involves assessment, planning, implementation, training, monitoring, and continuous improvement to establish and maintain robust data protection practices.

How Can I Get Started with Data Protection Consultancy Services?

Getting started is easy! Simply reach out to a reputable data protection consultancy firm, schedule a consultation to discuss your requirements, and they'll guide you through the process tailored to your organisation's needs.

What Sets IG-Smart Ltd Apart in Data Protection Consultancy?

IG-Smart Ltd stands out in data protection consultancy with a team of experienced consultants, proven track record, industry recognition, client satisfaction, and customised solutions tailored to your business needs.

What is CREST Accreditation?

CREST accreditation is a globally recognised certification that validates the competence and professionalism of cybersecurity service providers. It ensures that organisations adhere to rigorous standards and best practices in conducting penetration testing and other security assessments.

Why is CREST Accreditation Important for Penetration Testing?

CREST accreditation demonstrates that our penetration testing services meet the highest industry standards for quality, reliability,and integrity. It provides assurance to clients that our testing methodologies are thorough, rigorous, and effective in identifying and mitigating security vulnerabilities.

What are the Benefits of Choosing a CREST Accredited Penetration Testing Provider?

By choosing a CREST accredited penetration testing provider like us, clients can have confidence in the credibility and competence of our testing services. They can trust that our assessments are conducted by experienced professionals using industry-leading methodologies,resulting in accurate and actionable findings to improve their cybersecurity posture.

What Types of Penetration Testing Does CREST Accreditation Cover?

CREST accreditation covers various types of penetration testing, including network penetration testing, web application penetration testing, mobile application penetration testing, and more. Our accredited team is capable of conducting comprehensive assessments tailored to the specific needs of our clients.

How Does CREST Accreditation Ensure Confidentiality and Data Protection?

CREST accreditation includes stringent requirements for confidentiality and data protection to safeguard sensitive information obtained during penetration testing. Our accredited team adheres to strict protocols and ethical guidelines to ensure the confidentiality, integrity, and privacy of client data throughout the testing process.

Can CREST Accredited Penetration Testing Help Meet Compliance Requirements?

Yes, CREST accredited penetration testing can help organisations meet regulatory and compliance requirements, such as those outlined in standards like PCI DSS, HIPAA, GDPR, and more. Our testing services provide valuable insights and evidence to demonstrate compliance with security standards and regulations.

How Often Should Penetration Testing Be Conducted?

The frequency of penetration testing depends on various factors, including the organisation's risk profile, industry regulations, and changes to the IT environment. Generally, it is recommended to conduct penetration testing on a regular basis, such as annually or after significant changes to systems or applications.

How Can I Get Started with CREST Accredited Penetration Testing Services?

Getting started with our CREST accredited penetration testing services is simple. Contact us to discuss your requirements and schedule a consultation with our team. We'll work with you to understand your needs, tailor our testing approach, and provide a proposal outlining the scope, timeline, and cost of the engagement.

ISO 27001 is an international standard for information security management systems (ISMS). It provides a framework for organisations to establish, implement, maintain, and continually improve their information security management processes and controls.

Why is ISO 27001 Penetration Testing Important?

ISO 27001 penetration testing helps organisations assess the effectiveness of their information security controls and identify vulnerabilities that could compromise the confidentiality, integrity, and availability of their sensitive information. It is a critical component of maintaining ISO 27001 compliance and ensuring the security of organisational assets.

How Does ISO 27001 Penetration Testing Differ from Regular Penetration Testing?

ISO 27001 penetration testing is specifically tailored to assess the effectiveness of information security controls implemented as part of an organisation's ISMS. It focuses on evaluating compliance with ISO 27001 requirements and identifying gaps in security controls that could impact the organisation's ability to achieve ISO 27001 certification.

What Types of Penetration Testing Does ISO 27001 Cover?

ISO 27001 penetration testing covers various types of security assessments, including network penetration testing, web application penetration testing, mobile application penetration testing, and more. It evaluates the security of information assets, processes, and systems to ensure compliance with ISO 27001 requirements.

How Often Should ISO 27001 Penetration Testing Be Conducted?

The frequency of ISO 27001 penetration testing depends on factors such as changes to the organisation's IT environment, updates to security controls, and the results of previous assessments. It is recommended to conduct penetration testing regularly, such as annually or after significant changes to the ISMS.

Can ISO 27001 Penetration Testing Help Achieve ISO 27001 Certification?

Yes, ISO 27001 penetration testing is an essential component of achieving ISO 27001 certification. It helps organisations identify vulnerabilities and weaknesses in their information security controls, allowing them to address issues and demonstrate compliance with ISO 27001 requirements during the certification process.

How Does ISO 27001 Penetration Testing Ensure Confidentiality and Data Protection?

ISO 27001 penetration testing includes measures to ensure the confidentiality, integrity, and availability of sensitive information throughout the testing process. This includes strict controls for handling and protecting confidential data obtained during penetration testing to prevent unauthorized disclosure or misuse.

What Are the Benefits of Choosing an ISO 27001 Penetration Testing Provider?

Choosing an ISO 27001 penetration testing provider ensures that assessments are conducted by experienced professionals with expertise in information security and ISO 27001 requirements. It provides assurance that testing methodologies align with ISO 27001 standards and deliver accurate and actionable results to strengthen information security controls.

What is the NHS DSP Toolkit?

The NHS DSP (Data Security and Protection) Toolkit is an online self-assessment tool designed to help NHS organisations measure their performance against the National Data Guardian's 10 data security standards.

Why is NHS DSP Toolkit compliance important?

Compliance with the NHS DSP Toolkit is essential for NHS organisations to demonstrate their commitment to protecting patient data and ensuring compliance with data protection regulations. It helps build trust with patients and stakeholders and reduces the risk of data breaches.

Can you assist with ongoing compliance monitoring and support?

Yes, we provide ongoing support to help your organisation maintain compliance with the NHS DSP Toolkit. Our services include regular assessments, updates to policies and procedures, staff training, and assistance with any changes in regulations or requirements.

What is an ISO 27001 Gap Analysis?

An ISO 27001 Gap Analysis is a comprehensive assessment conducted to identify the gaps between an organisation's current information security practices and the requirements outlined in the ISO 27001 standard.

Why is an ISO 27001 Gap Analysis important?

An ISO 27001 Gap Analysis is crucial for organisations aiming to achieve ISO 27001 certification. It helps identify areas where security measures may be lacking, allowing organisations to strengthen their security posture and mitigate potential risks.

What does the ISO 27001 Gap Analysis process involve?

The process typically involves a thorough examination of the organisation's existing security controls, policies, procedures, and documentation against the requirements of the ISO 27001 standard. It aims to identify areas of compliance and potential vulnerabilities.

Can IG-Smart Ltd assist with implementing recommendations from the ISO 27001 Gap Analysis?

Yes, IG-Smart Ltd offers comprehensive support in implementing recommendations arising from the ISO 27001 Gap Analysis. Our experienced team can assist organisations in developing and implementing tailored solutions to address identified gaps and achieve ISO 27001 certification.

DTAC Services | Expert Compliance Solutions

Industry Pioneers Since 2009:
IG-Smart Ltd has been at the forefront of the industry since 2009, garnering over 15 years of experience working closely with the NHS and key technology providers. Our enduring legacy is a testament to our unwavering commitment to delivering top-notch services.
Comprehensive NHS Expertise:
We specialise in navigating the intricacies of NHS Digital Technology Assessment Criteria, offering a suite of services tailored to ensure your health and social care technology meets the highest standards for NHS integration.

Integrated Solutions for NHS Markets:
Beyond DTAC services, IG-Smart Ltd provides a comprehensive range of complementary services designed to bolster your presence in the NHS markets:
a. CREST Accredited Penetration Testing: Safeguard your technology with our industry-standard penetration testing services.
b. Cyber Essentials Certification: Ensure your technology meets the Cyber Essentials standards for robust cybersecurity.
c. Clinical Safety Officer Services: Navigate the complexities of clinical safety requirements with our expert officers.
d. Data Protection Officer Services: Secure your data management with our dedicated Data Protection Officers.
e. ISO 27001 Certification: Attain the highest level of information security certification.
f. NHS Data Security & Protection Toolkit Compliance: Streamline compliance with the NHS’s toolkit requirements.
g. NHS DCB0129 and DCB 0160 Compliance: Meet NHS Digital Clinical Safety Group standards effortlessly.

Strategic Guidance: Unlocking Market Potential

Experience an enhanced level of strategic guidance as IG-Smart Ltd empowers you to optimise your NHS market penetration. Our seasoned experts provide valuable insights, mapping out a roadmap tailored to leverage untapped opportunities. By delving into the intricate nuances of the healthcare landscape, we ensure your technology is strategically positioned for success, navigating market complexities with finesse and foresight.

Tailored Solutions: Precision Craftsmanship for Your Technology

Efficiency and Compliance: Streamlined Excellence

Efficiency and compliance are the cornerstones of our service ethos. IG-Smart Ltd prides itself on streamlining processes, fostering operational efficiency without compromising the rigorous standards of compliance. We understand the delicate balance between swift execution and regulatory adherence, providing you with a seamless experience that optimises your operational workflows. Rest assured, as we meticulously navigate the regulatory landscape, ensuring your he

Frequently asked questions

The DTAC sets out the NHS’s minimum clinical safety, data protection, technical security, interoperability, usability and accessibility standards. As a result, IG-Smart Ltd.’s DTAC services enable your organisation to comply with the DTAC, by helping your organisation must satisfactorily complete the DTAC’s detailed questionnaire and provide robust evidence in support of its answers.

Moreover, the complex DTAC questionnaire is divided into the following non-assessed (non-technical) and assessed (technical) domains:

Non-assessed (non-technical) DTAC requirements:

Company information: this section requires organisation to provide basic company and product information.
Value proposition: this section requires organisation to set out the intended product uses and benefits and provide user journey examples.

Assessed (technical) DTAC requirements:

Clinical safety

We aid your organization in implementing a strong Clinical Risk Management system and activities compliant with NHS’s DCB1029 standard. Hence, our Clinical Safety Officer works with stakeholders to conduct Clinical Risk Assessments and create a Clinical Safety Case Report and Hazard Log.

Accordingly, your organization must have a named Clinical Safety Officer, who must have undergone proper training and accreditation and be registered with a clinical professional body. On the other hand, hire an outsourced Clinical Safety Officer service provider that meets these requirements.

Furthermore, if your organisations product/(s) is considered a medical device under the UK Medical Devices Regulations 2002, then you will need to provide details of your Medicines and Healthcare products Regulatory Agency (MHRA) registration. As well as a Declaration of Conformity and, if applicable, certificate of conformity issued by a Notified Body / UK Approved Body.

IG-Smart Ltd.’s DTAC services are designed to both enable your organisation to implement DCB1029 and provide you with the optional benefit of having an outsourced Clinical Safety Officer service that is provided by highly experienced and qualified clinicians.

Similarly our Clinical Safety Officers bring their real-world clinical experience to bear when helping our clients to ensure their digital products are safe for use in clinical settings. They follow clinical risk management frameworks and methodologies that have been tried and tested across the NHS and beyond to ensure your organisations products have been rigorously assessed as being DTAC and DCB1029 compliant.

DTAC services Data protection

To meet the DTACs data protection criteria your organisation will need to:

Ensure it has registered with the UK Information Commissioners Office (ICO), where applicable. You use the ICO’s registration self-assessment tool to determine whether your organisation needs to register.
Provide details of a nominated Data Protection Officer (DPO) if your organisation is required to have one. Also, if your organisation (or its products) routinely processes patient identifiable information, then it is likely to require a DPO.
Comply with the NHS Data Security and Protection Toolkit (NHS DSP Toolkit).
Conduct and submit a Data Protection Impact Assessment (DPIA). The DPIA should clearly demonstrate that your organisation has taken the nature, scope, context and purposes and processing and the sources of any data protection risks, into account, assessed the risks, and treated risks in proportion to the threat they may pose.
Also, ensure that any data your organisation may process outside of the UK is processed in line with current legislation.

Our DTAC services are designed to enable your organisation to ensure that it meets all the NHS’s minimum data protection standards for DTAC compliance. Including providing your organisation with our multi-award-winning outsourced Data Protection Officer services, enabling NHS DSP Toolkit compliance, completing a robust DPIA, and implementing processes to enable compliant international data processing. You simply need to let us know how much or how little data protection advice and support your organisation requires, and we will provide it to you.

DTAC Services Technical Security

To meet the DTACs technical security criteria your organisation will need to:

Be Cyber Essentials or Cyber Essentials Plus
Provide evidence of external penetration testing of your organisations product/(s). The penetration test must include a review of Open Web Application Security Project (OWASP) Top 10 vulnerabilities from within the previous 12-month period and the assessment report must demonstrate that there are no vulnerabilities that score 7.0 or above using the Common Vulnerability Scoring System (CVSS).
Confirm that all custom code has been security reviewed.
Verify all privileged accounts have Multi-Factor Authentication enabled.
Validate that logging and reporting requirements are clearly defined.
Guarantee that your organisations product/(s) have been load-tested.

Our DTAC services enable your organisation to access any Technical Security advice and support it may require, to meet the DTAC’s requirements, from our multi-disciplinary team of security experts – through a single point of contact.We are proud winners of Best Cyber Security Consultancy Firm of the year for four consecutive years, since 2019 and have a team of Certified Cyber Security, Cloud Security, and Information Security Professionals, Lead ISO 27001 Auditors and Implementors, and Ethical Hackers.

We can also help your organisation to obtain Cyber Essentials and/or Cyber Essentials Plus certification, and through one of our partner organisations complete a penetration test that includes a review of OWASP Top 10 and CVSS vulnerabilities.

Interoperability criteria

If your organisations product/(s) exposes any Application Programming Interfaces (APIs) or integration channels for other consumers, you will need to provide detail and evidence of:

The APIs, with particular regard to any API connections – setting out the healthcare standards for interoperability that are met (e.g., Health Level Seven International (HL7) / Fast Healthcare Interoperability Resources (FHIR).
Adherence to Government Digital Services Open API Best Practice.
The documentation and free availability of APIs.
Reasonable access for third party connectivity.
The use of the NHS number to identify patient data, NHS Login to establish a user’s verified NHS number, unless the product does not identify patient record data or there is a legitimate rationale for not using the NHS number/Login.
Your products your capability for read/write operations with electronic health records (EHRs) using industry secure interoperability standards (e.g. OAuth 2.0, TLS 1.2 or greater).
Your products compliance with ISO/IEEE 11073 Personal Health Data (PHD) Standards if it is a wearable or device.

Whilst most developers know enough about any APIs that are embedded within a product to be able to answer the DTACs interoperability questions themselves, with little to no support, if required, we can provide advice on adherence to UK healthcare industry and government best practice standards.

Usability and accessibility

The Usability and accessibility section of the DTAC is scored (see scoring percentages below) in relation to the NHS service standard. The scoring does not contribute to the overall Assessment Criteria of section C.

To fully meet the DTAC Usability and accessibility standards your organisation will essentially need to:

Engage users in the development of your product/(s) and consider user needs in product development lifecycles – 10%
Map all key user journeys to ensure the whole user problem is solved (or it is clear to users how it fits into their pathway or journey) – 10%
Undertake user acceptance testing – 10%
Ensure Web Content Accessibility Guidelines (WCAG) 2.1 level AA compliance – 20%
Publish an accessibility statement – 10%
Operate a multidisciplinary team – 2.5%
Adopt agile ways of working in product development – 2.5%
Ensure continuous product improvement – 5%
Have a benefits case that includes your organisations objectives and the benefits it will be measuring – 10%
Be aligned with the NHS Cloud First strategy and policy – 5%
Use and contribute to open standards, common components, and patterns – 5%
Operate a reliable service with Service Level Agreements for all customers – providing customers with reports regarding support and product performance and availability. – 10%

What our customers say about us

Client Testimonials

Submit An Enquiry

Request Proposal

Industry Pioneers Since 2009:

Comprehensive NHS Expertise:

Integrated Solutions for NHS Markets:

Frequently asked questions

What is the DTAC?

Non-assessed (non-technical) DTAC requirements:

Assessed (technical) DTAC requirements:

Clinical safety

How do IG-Smart’s DTAC services support clinical safety?

DTAC services Data protection

How do IG-Smart’s DTAC services support Data Protection?

DTAC Services Technical Security

How do IG-Smart’s DTAC services support Technical Security?

Interoperability criteria

How do IG-Smart’s DTAC services support interoperability?

Usability and accessibility

Client Testimonials

Submit An Enquiry

Request Proposal

Request Callback