CCS deploys phishing simulation to help find security weak spots

Written by Sam Trendall on 18 November 2022 in News

Procurement agency invests in security tool

Credit: Tumisu/Pixabay

The Crown Commercial Service has invested in a phishing-simulation tool to help its security professionals identify areas for improvement.

Newly published commercial documents reveal that the government procurement agency has signed a deal with specialist firm MetaCompliance. The company will provide software intended to help its information security and assurance (ISA) function “to test security awareness” across the organisation and find “areas that need extra support”.

“The tool should allow the ISA team to craft realistic-looking emails that mimic real lift phishing attempts, for example NHS Covid 19 emails, HMRC tax refunds and missed parcel collections,” the contract said. “The tool should have pre-crafted templates that the ISA team can use or tweak to quickly send simulations The tool should allow ISA to customise target lists, for example people in finance get a different phishing email to those in HR.”

The document added that CCS’s security team will require “detailed reports showing who opened a simulation email, who clicked on the link, and if any credentials were entered – but not reveal the credentials entered”. 

Related content

“The tool must allow the ISA team to craft ‘from addresses’ to look like legitimate senders and domains… [and] must allow for custom pages to be displayed when a link is clicked,” it said.

Specialising in cyber awareness, MetaCompliance’s MetaPhish product is designed to support security teams in “embedding automated phishing tests into… training programmes, [to] prepare employees to recognise, remediate and report phishing emails and ransomware”, according to the company’s website. 

“The anti-phishing software includes an extensive range of customisable and regularly updated phishing templates and multilingual point-of-need learning experiences,” it added. “The reporting dashboard provides an in-depth analysis of specific phishing campaigns and identifies weaknesses within the organisation.”

Although it has only just been published, the company’s contract with CCS came into effect in October 2021. It runs for two years, is worth £8,000, and was awarded via the G-Cloud 12 framework.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Government does ‘not expect public-service disruption’ over UKCloud insolvency
28 October 2022

Public sector hosting provider has suspended itself from frameworks after being placed in compulsory liquidation

HMRC invests in £2m software tool to help manage cloud spend
24 November 2022

Department pursues FinOps practice via commercial agreement

Treasury financial sanctions unit buys software for investigation and digital whistleblowing
21 November 2022

Office of Financial Sanctions Implementation invests in technology tool

EXCL: Government warned of ‘serious risk’ to services as UKCloud customers hit with sevenfold price increase
18 November 2022

Customers that cannot pay fees seven times higher than contracted price face a race against time to migrate data from collapsed £40m public sector hosting firm. PublicTechnology...