1. A list of all external suppliers, contractors, or partner organisations who currently fall within the remit of the NHS Data Security & Protection Toolkit (DSPT) for your organisation.
This includes any supplier that handles patient data, accesses NHS systems, or provides digital, software, cloud, data-processing, or cyber-security services requiring DSPT compliance.
The Trust does maintain a list of essential functions as part of the DSPT requirement however the Trust considers this information to be exempt from disclosure under section 43(2) of the FOIA, and it is therefore withheld. Under section 43(2) of the FOIA, information is exempt if its disclosure would, or would be likely to, prejudice the commercial interests of any person. Section 43 is a qualified exemption, so we have considered the public interest and have determined that the balance lies with withholding this information:
|
Withhold information
|
Release information
|
|
• Releasing the requested information could prejudice the Trust’s future negotiation capabilities and reduce confidence third parties have with the trust in order to facilitate the decision-making process. Both the trust and any third-party contractor would be reluctant to have free and frank discussions if all that is discussed is subject to scrutiny with no safe space for ‘confidential communications’, the requested information may prejudice pending or future decisions which would be detrimental to the trust and or third parties.
|
· The general proposition of maximising openness that the FOIA and the trust aspire to.
· The benefits of ensuring transparent and accountable government by disclosing how the trust receives and spends public money
|
2. A list of any new, incoming, or planned suppliers (contracted or due to go live within the next 12 months) who will fall within the DSPT remit for the same reasons.
Information not held
3. For each supplier identified in Q1 or Q2, please confirm (if recorded):
- Whether they are required to maintain a “Standards Met” DSPT submission
See response to Q1
- The date you last checked or verified their DSPT status (or expected verification date for new suppliers)
As above
4. Does your organisation maintain an internal register or log of DSPT-relevant suppliers (including planned or onboarding suppliers)?
The Trust does maintain a list of essential functions as part of the DSPT requirement however the Trust considers this information to be exempt from disclosure under section 43(2) of the FOIA, and it is therefore withheld. Under section 43(2) of the FOIA, information is exempt if its disclosure would, or would be likely to, prejudice the commercial interests of any person. Section 43 is a qualified exemption, so we have considered the public interest and have determined that the balance lies with withholding this information:
|
Withhold information
|
Release information
|
|
• Releasing the requested information could prejudice the Trust’s future negotiation capabilities and reduce confidence third parties have with the trust in order to facilitate the decision-making process. Both the trust and any third-party contractor would be reluctant to have free and frank discussions if all that is discussed is subject to scrutiny with no safe space for ‘confidential communications’, the requested information may prejudice pending or future decisions which would be detrimental to the trust and or third parties.
|
· The general proposition of maximising openness that the FOIA and the trust aspire to.
· The benefits of ensuring transparent and accountable government by disclosing how the trust receives and spends public money
|
- If yes, please provide the relevant extract.
N/A
- If no, please confirm that no such register exists.
N/A
