Cambrian · AWS Readiness Scanner
CONFIDENTIAL
Technical Assessment Report

UK GDPR & NHS DSP Toolkit Readiness

A point-in-time review of AWS technical configuration against UK GDPR Article 32 and the National Data Guardian Data Security Standards referenced by the NHS DSP Toolkit. The findings on the pages that follow identify gaps and provide remediation guidance for each control reviewed.
Account
XXXXXXXXXXXX
Region
eu-west-1
Generated
09 June 2026
2026-06-09 07:06 UTC
Report ID
CAM-DFFC5E-2F32
Prepared by
Tasrie IT Services
Tool
Cambrian 0.1.0
Build
2026.06.01-1
Status
FINAL
Scope and limitations. This is an automated review of AWS technical configuration only. It is not a UK GDPR compliance determination, and not an NHS DSP Toolkit submission outcome. For the official DSPT band, complete the assessment at dsptoolkit.nhs.uk. UK GDPR compliance is judged by the ICO against the principles in Article 32; there is no score. This report does not assess policies, staff training, governance, the digital asset register, business continuity, or contractual measures.

1. Executive Summary

46
Met
31
Not Met
4
Partial
0
Unable to Verify
81
Total Checks

2. Status Definitions

METThe required technical configuration is in place on this account.
NOT METThe required technical configuration is missing or misconfigured. See remediation per finding.
PARTIALNot satisfied on this account but qualified. Either advisory (recommended, not strictly required) or governed at the AWS Organization level. Each finding's note explains which.
UNABLE TO VERIFYAn error (commonly a missing permission or AWS API exception) prevented Cambrian from completing this check.

3. Findings

Ref. Status Control UK GDPR (Art 32) NHS DSPT (NDG Std)

4. Methodology and Disclaimers

Cambrian performs read-only AWS API calls against the target account in the region indicated above, using the credentials supplied at runtime. No changes are made to the account. Each control is mapped to a UK GDPR Article 32 sub-clause and to a relevant NHS NDG Data Security Standard. NDG Standard references are stable; per-evidence-item decimals under DSPT v8 vary by organisation type and are marked (verify item). Before using these as exact citations, confirm against the official v8 Assertions and Evidence spreadsheet for the relevant organisation type at dsptoolkit.nhs.uk. The assessment covers technical configuration only and does not extend to documentation, training, contracts, or business continuity.
Engaging on the remediation. The Tasrie IT Services team can plan and implement these fixes against your environment.
cambrian-support@tasrieit.com