Case Study: DSPT View at an NHS Ambulance Service

^{Case Study: Improving DSPT Productivity and Cyber Assurance at an NHS Ambulance Service}

An NHS ambulance service adopted DSPT View from McCormickCo Security (MCS) to reduce the effort required to complete its Data Security and Protection Toolkit (DSPT) submission, while maintaining its established record of successful compliance. As a frontline, operationally critical organisation, the Trust required improvements in efficiency, data quality, and assurance without introducing additional risk, cost, or disruption to patient services.

At a Glance

The Trust sought to improve the productivity of its DSPT submission team while closing data gaps in system audits that were increasing manual effort and risk. Budget constraints required a cost-effective solution that would not compromise existing DSPT success. At the same time, the organisation needed to transition away from an incumbent cyber security tool without disrupting operations or reducing compliance standards.

Challenges

Prior to engaging McCormickCo Security, the Trust had invested in a range of cyber security tools and controls. While these supported ongoing DSPT compliance, they did not provide sufficient visibility or data completeness to support a maturing cyber security function. Data gaps within system audits led to increased manual validation, inconsistent evidence, and extended preparation time for DSPT submissions.

The Trust also faced challenges in analysing and interpreting NHS CareCERT alerts efficiently, resulting in additional time spent researching and correlating threats. With limited specialist resource available, the operational burden on the cyber security team was increasing, reducing the time available for proactive risk reduction.

Any new solution needed to be adopted carefully to avoid disruption, maintain confidence across technical and senior stakeholders, and ensure that compliance standards were not reduced during the transition period.

Objectives

The primary objectives of the engagement were to improve the productivity of the DSPT submission team, close data gaps in system audits, and enhance the accuracy and reliability of evidence used for DSPT assurance. The Trust also aimed to improve its ability to analyse and prioritise NHS CareCERT alerts while maximising value within a constrained budget.

A key requirement was to achieve these improvements without compromising the Trust’s successful DSPT track record or introducing additional operational complexity.

Solution

McCormickCo Security provided DSPT View on a 30-day Proof of Value (PoV) basis, allowing the Trust to assess the platform in a live operational environment before committing to longer-term adoption. DSPT View was installed in a single day, enabling the PoV to begin immediately.

Following a short training session, the Trust’s engineers were able to use DSPT View on the same day as installation. The platform was used to support system audits, DSPT preparation activities, and the analysis of NHS CareCERT alerts throughout the PoV period.

DSPT View provided improved data coverage, clearer audit outputs, and a more intuitive user experience than the incumbent tool, reducing reliance on manual processes and improving confidence in assurance data.

Outcomes

During the PoV and DSPT submission period, the Trust identified clear and measurable benefits. DSPT View closed previously identified data gaps in system audits, improving the completeness and reliability of DSPT evidence. The platform was easier to use than the incumbent solution, reducing the time required to locate, validate, and interpret data.

The Trust saved over 20 hours of effort during DSPT preparation, freeing specialist staff to focus on higher-value cyber security activity. DSPT View also provided more accurate analysis and translation of NHS CareCERT alerts, enabling faster prioritisation and response.

Following the successful DSPT submission, the Trust extended its use of DSPT View and adopted it as a business-as-usual platform. It is now used to monitor and manage the organisation’s cyber security posture, prioritise, plan and verify patching activity, and support the production of monthly board-level cyber security reports.

Approach

McCormickCo Security worked closely with the Trust to ensure that DSPT View was implemented in a way that aligned with NHS governance, existing processes, and operational constraints. The engagement focused on rapid value delivery, clear knowledge transfer, and enabling the Trust to build internal capability rather than creating long-term dependency.

The Proof of Value approach allowed the Trust to validate benefits quickly, build confidence across stakeholders, and make evidence-based decisions about longer-term adoption.

Key Services

• DSPT View – DSPT and CAF-aligned assurance and reporting platform
• DSPT Audit and Compliance Support – Independent audit and assurance aligned to NHS expectations
• CareCERT Analysis and Risk Translation – Improved prioritisation and response to national alerts
• Vulnerability Management Support – Enabling prioritised and verifiable remediation
• Board-Level Cyber Reporting – Clear, consistent reporting to support executive oversight

Customer Feedback

A Senior IT Security Engineer commented that DSPT View’s data coverage, accurate translation of CareCERT alerts, and risk scoring significantly reduced the time engineers spent researching and analysing threats. This enabled the team to focus more effort on improving the Trust’s security posture while giving leadership confidence that cyber security activity was delivering visible and measurable benefits.

The Head of IT Security added that DSPT View improved productivity by reducing the effort required to complete DSPT submissions, prepare board reports, and plan remediation activity, allowing compliance to be embedded more effectively into business-as-usual operations.

‍