Example engagement — illustrative
A community pharmacy tackling the DSPT and Cyber Essentials together
Community pharmacy (two branches) · DSP Toolkit (DSPT)
The challenge
A two-branch pharmacy needed a current DSPT for its NHS system access and wanted to strengthen its technical security, but was doing the two pieces of work separately and duplicating effort.
What we did
- Reviewed the DSPT assertions alongside the five Cyber Essentials controls to find the overlap
- Aligned patching, malware protection, firewalls and access control to satisfy both at once
- Standardised device configuration across both branches, including the dispensing PCs
- Completed the Cyber Essentials self-assessment through an IASME-accredited route
- Used the resulting technical evidence to close the DSPT's technical assertions
The outcome
The pharmacy reached Standards Met and achieved Cyber Essentials from a single, coordinated body of work rather than two separate projects.
Background
Pharmacies sit squarely inside NHS data flows — the Electronic Prescription Service, NHSmail and the Summary Care Record are all part of the working day — so a current DSPT is essential. In this illustrative example, a two-branch community pharmacy had started its toolkit return and, separately, been advised to look at Cyber Essentials. Treating them as unrelated projects meant answering similar questions twice and configuring the same controls under two headings.
What we did
The insight that shaped the work is simple: the DSPT’s technical assertions and the five Cyber Essentials controls cover much of the same ground. So we ran them as one project. We reviewed both requirement sets side by side, then set up firewalls, malware protection, security update management, secure configuration and user access control once — in a way that satisfied both the toolkit and the certification. Our guide to the five Cyber Essentials controls framed that shared groundwork.
Because the two branches had grown independently, device configuration had drifted, including on the dispensing PCs. We standardised the build across both sites so patching, anti-malware and access control were consistent, which made the evidence far easier to present. We then completed the Cyber Essentials self-assessment through an IASME-accredited route, and reused that verified technical evidence to close the corresponding DSPT assertions.
Result
From one coordinated effort the pharmacy achieved Cyber Essentials and published a Standards Met DSPT, with the certification strengthening several of the toolkit’s technical answers. Doing it once, rather than twice, saved the owner time and left both branches on a consistent, defensible security baseline.
This is an illustrative example of the kind of work we do. Details are representative, not a specific named client.