Printed from CheckTick DSPT Compliance Documentation
Supplier Security Assurance Mapping
CheckTick has mapped the requirements of the NHS DSPT against the existing certifications held by our key suppliers to ensure 'equivalent or higher' protection.
| Supplier | Certification Held | DSPT Equivalent? | Notes |
|---|---|---|---|
| Northflank | ISO 27001 / SOC2 | Yes | Covers physical, network, and operational security. |
| Mailgun | SOC2 Type II | Yes | Covers security and confidentiality of data transit. |
| GitHub | ISO 27001 / SOC2 | Yes | Covers security of the code management pipeline. |
Assurance Conclusion:
As these suppliers are audited by independent third-party firms (e.g., EY, Deloitte, KPMG) against international security frameworks, CheckTick is satisfied that they reach a higher data security standard than the baseline DSPT.