Digital Technology Assessment Criteria

DTAC is made up of five core areas, each requiring evidence and assurance:

1. Clinical Safety

You must demonstrate compliance with:

• DCB0129 (for manufacturers): Clinical Risk Management in the Manufacture of Health IT Systems
• DCB0160 (for deploying organisations): Risk Management in Deployment and Use

This involves:

• Appointing a Clinical Safety Officer (CSO)
• Producing a Clinical Safety Case Report
• Ensuring clinical input throughout development

📎 Read more on DCB0129 and DCB0160 Standards

2. Data Protection

Your product must comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Evidence includes:

• A Data Protection Impact Assessment (DPIA)
• A transparent Privacy Policy
• Lawful basis for processing patient data

If you process NHS data, you must also register and complete the Data Security and Protection Toolkit (DSPT).

3. Technical Security

Cybersecurity is essential. DTAC requires:

• A valid Cyber Essentials certificate (minimum)
• Evidence of penetration testing aligned with OWASP Top 10 vulnerabilities
• Up-to-date software and secure development practices

Higher-risk applications may require Cyber Essentials Plus and additional evidence of secure design.

📎 Cyber Essentials Support at JVR

4. Interoperability

To ensure your technology works with existing NHS infrastructure, DTAC requires:

• Use of NHS-endorsed data standards, such as:
  • FHIR (Fast Healthcare Interoperability Resources)
  • OAuth 2.0 for secure authorisation
  • TLS 1.2+ for encrypted transmission
• A declaration of your system’s integration capabilities

5. Usability and Accessibility

The technology must be accessible to all users, including those with disabilities. Evidence includes:

• Compliance with WCAG 2.1 accessibility standards
• Proof of user-centred design
• Results from usability testing

This ensures the solution is intuitive and equitable for NHS patients and staff.

At JVR Consultancy, we offer full-service support to help you understand, prepare for, and complete the DTAC process with confidence.

Our DTAC Support Services Include:

• Gap analysis – We review your current documentation and processes against DTAC requirements
• Document preparation – We assist with clinical safety cases, DPIAs, penetration test reports, and more
• Cyber Essentials certification – We guide you through the application or renewal process
• Training & guidance – Our consultants walk your team through DTAC evidence creation
• Procurement support – We liaise with NHS buyers to support your product’s adoption

With years of experience supporting digital health innovators and EU medical device manufacturers, our team—including GDPR and Cyber Security expert Tom Hayes—ensures your technology is DTAC-ready.

📞 Speak to JVR about DTAC Support

1. Review Product Scope – Does it use or process health data? Will it be used by NHS staff/patients?
2. Undertake a DTAC Gap Analysis – JVR helps you identify missing documentation
3. Collect and Prepare Evidence – For all 5 DTAC domains
4. Apply for Cyber Essentials – Or Cyber Essentials Plus if higher risk
5. Submit to NHS Buyer – Completed DTAC documentation is shared with NHS Trust or ICB as part of
6. procurement
7. Stay Compliant – DTAC isn’t a one-off. Maintain standards and update documentation regularly.

• Deep understanding of NHS procurement and compliance
• Specialists in supporting EU-based manufacturers and tech suppliers
• Proven track record delivering DTAC, DSPT, UKCA, and Cyber Essentials
• Access to senior consultants with regulatory expertise
• A practical, proactive approach that turns complexity into clarity

Whether you’re launching a digital health app or entering the UK market with connected devices, JVR Consultancy will help ensure your product is compliant, competitive, and ready for NHS procurement.

DTAC can be a hurdle—but with the right support, it becomes a powerful stepping stone to NHS adoption.

📞 Contact JVR Consultancy Today
Let’s make your technology DTAC-ready and NHS-approved.