automated compliance for modern healthtechs

everything you need to pass NHS security and compliance — in one place.

get started now
  • Cyber Essentials Plus
  • DSPT
  • DTAC
  • GDPR

get NHS-ready faster, with AI

ensure your products are secure and compliant in a fraction of the time

  • No more admin

    A single platform to view and answer requirements from all framework. No more spreadsheet tracking or Word docs.

  • Instant visibility

    Instant assessment of your DSPT, Cyber Essentials, and DTAC posture, so you can focus on the gaps.

  • Safer policies

    Get AI-generated feedback on your existing policies and documentation, or generate compliant policies from scratch.

  • Expert support

    1:1 support for your Cyber Essentials, DTAC & DSPT submissions — we've done it before.

  • Clinical safety (coming soon)

    Risk manage your products from a single place, in line with DCB0129 standards

early access pricing

full support at a discounted early access price to suppliers who are actively working toward Cyber Essentials, DSPT, and/or DTAC compliance.

early access pricing

£2,000

For teams preparing for NHS onboarding or renewing certification. Everything you need to submit your DSPT, Cyber Essentials Plus & DTAC.

  • DSPT, DTAC & Cyber Essentials audit & gap analysis
  • Custom roadmap to certification
  • Generate policies from templates
  • Unlimited 1:1 customer support
  • Full access to all features as they are released at no extra cost
get started

frequently asked questions

if you have anything else you want to ask, reach out.

    • What highguard is?

      A platform to simplify NHS compliance, automate with pre-built controls and policy templates, and manage security posture. Made specifically for IT providers building NHS technology.

    • What highguard is not?

      A plaster over poor security and IG hygene. Whether you use highguard or not, you will only pass compliance if your systems and policies are secure.

    • Do you offer certification?

      We do not yet offer Cyber Essentials assessments nor conduct penetration tests. However, we will offer these services as part of our roadmap.

    • What do healthtech suppliers need to do in order to be procured in the NHS?

      It can be hard to know what frameworks are needed. The minimum requirement for suppliers working with NHS organisations is DSPT, DTAC and Cyber Essentials. Products will also need to undergo clinical safety review and require an actively managed DCB0129 and associated DCB0160.

    • How much do healthtech suppliers currently spend on compliance?

      For a 10 person company with a single product, expect to pay £6,000 - £10,0000 + VAT per year for certification fees, penetration tests and control software subscriptions alone. This is the "barebones" option where you, the supplier, get no support in getting your organisation compliant. Hiring consultants or penetration testers last-minute blows up budgets. Expect to pay £2,000+ for one off support.

    • How long does it usually take to get certified?

      Completing Cyber Essentials Plus, DSPT and GDPR mapping manually can take 80–120+ hours. Your SIRO should be spending time fixing real gaps, not figuring out what needs doing. We aim to cut this down to as close to 0 hours as possible. This will depend on how well your systems and policies are already setup.