Desuto Ltd have provided NHS and Local authority services with decision support and automated report writing tools for several years. As a very small business we were intimidated by the data governance requirements of managing personal confidential data, so in our earlier products, we opted for a service model that avoided this altogether. Feeling restrained by this choice and the limitations it placed on our product development, we reached out to CentriVault. Completing the DSPT and meeting the National Data Guardian (NDG) standards for data security is one of the steepest challenges in our company history and we couldn’t have done it without CentriVault's expert guidance and support
CEO, Desuto Ltd
Desuto was a new developing health tech business that was working with some early adopters with their decision support platform. As the trials had been successful, the company needed to ensure it could provide the necessary services for the industry with the right compliance measures. This was to meet not only GDPR regulations as it involved processing highly sensitive data but also against the strict NHS Data Standard and Protection Toolkit and the Cyber Essentials assessments.
Therefore, the company needed expert data protection, information security and accreditation support to ensure that their system could be delivered and deployed successfully into a highly regulated industry.
CentriVault worked closely with the Desuto board and supported in all areas required to demonstrate complete compliance – whether it was from the data regulations. GDPR, or the necessary data security requirements from the NHS.
CentriVault also worked closely to ensure the company would pass Cyber Essentials certification first time and provided dedicated expert resources as an external DPO and security advisor.
CentriVault appointed a dedicated data security expert and Virtual Data Protection Officer to Desuto to work closely with their team over several months and to plan out a challenging process in achieving the necessary certification and accreditation.
This started with Cyber Essentials and then moved on with compliance needed against the NHS Data Standard and Protection Toolkit – both were required to provide the services into the health sector and also using NHS data.
Acting as Desuto's security and data protection partner, CentriVault ensured that the company was able to become Cyber Essentials certified and achieved a successful assessment against the NHS Data Standard and Protection Toolkit.
This allowed Desuto to continue the deployment of its platform and officially enter the marketplace with the necessary sensitive data being stored in its database to assist with clinical decision-making. It also allowed the company to plan for a wider development and expansion into further disruptive product offerings.
Delivered the expert resource at the budget required from a small business.
Produced key policies and procedures needed to support a robust security and data management programme.
Compliance & Certification
Desuto was able to demonstrate legal compliance of GDPR
Cyber Essentials certification was achieved first time.
The NHS Data Standard and Protection Toolkit assessment was successful and met the deadline required for submission.
Peace of Mind
Provided a virtual DPO service.
Provided peace of mind for early customers using the platform and helped plan the next development iteration of the tool through the Therapy Record Online Portal.