We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
We offer free on-site assessments to help your NHS organisation identify vulnerabilities and understand and overcome areas of high risk. This will help your organisation to achieve the Cyber Essentials Plus accreditation.
About on-site assessments
The recommendation plan will help you to prioritise which actions to take to improve your organisation’s cyber security levels.
These assessments are for NHS trusts and Commissioning Support Units (CSUs).
Improve your organisation’s cyber security and increase patient safety
Achieve the Cyber Essentials Plus accreditation and Cyber Essentials Plus (CE+) equivalence
Fulfil your obligations under the Network and Information Systems (NIS) directive and prepare for the cyber security element of the Care Quality Commission (CQC) inspection
What the assessment involves
You need to complete a self-assessment questionnaire two weeks before the assessment, to give you an overview of your current cyber security position.
An independent team will carry out the four-day on-site assessment. This will involve a detailed technical review of your organisation’s workstations, providing evidence of compliance.
Find out what the assessment covers by expanding each option:
Access control management
Ensuring all staff can access systems and have the correct level of access to only the data that they need.
Verifying the effectiveness of protection mechanisms and the detection of malicious files entering the network via website and email traffic.
Checking that there is correct information being stored securely to support the investigation of a cyber incident.
Looking at the capability to deploy updates to the hardware and software used across the organisation.
Threat and vulnerability management
Supporting the ability to identify cyber vulnerabilities and understanding the threat exposure.
After the assessment
You will receive a detailed report within 10 working days of the assessment, outlining the highest risks and critical areas. This report will include suggested actions and how we can support your organisation, including technical fixes, training and communications.
To support progress, there will be a follow-up on-site assessment (lasting one day) two months later. A full review will be carried out annually.
Register for an on-site assessment
To register for an assessment, email email@example.com. Please include the following information for two suitable contacts in your organisation:
The supplier will then be in touch to arrange your on-site assessment.