CCS deploys phishing simulation to help find security weak spots

Written by Sam Trendall on 18 November 2022 in News

Procurement agency invests in security tool

Credit: Tumisu/Pixabay

The Crown Commercial Service has invested in a phishing-simulation tool to help its security professionals identify areas for improvement.

Newly published commercial documents reveal that the government procurement agency has signed a deal with specialist firm MetaCompliance. The company will provide software intended to help its information security and assurance (ISA) function “to test security awareness” across the organisation and find “areas that need extra support”.

“The tool should allow the ISA team to craft realistic-looking emails that mimic real lift phishing attempts, for example NHS Covid 19 emails, HMRC tax refunds and missed parcel collections,” the contract said. “The tool should have pre-crafted templates that the ISA team can use or tweak to quickly send simulations The tool should allow ISA to customise target lists, for example people in finance get a different phishing email to those in HR.”

The document added that CCS’s security team will require “detailed reports showing who opened a simulation email, who clicked on the link, and if any credentials were entered – but not reveal the credentials entered”. 

Related content

“The tool must allow the ISA team to craft ‘from addresses’ to look like legitimate senders and domains… [and] must allow for custom pages to be displayed when a link is clicked,” it said.

Specialising in cyber awareness, MetaCompliance’s MetaPhish product is designed to support security teams in “embedding automated phishing tests into… training programmes, [to] prepare employees to recognise, remediate and report phishing emails and ransomware”, according to the company’s website. 

“The anti-phishing software includes an extensive range of customisable and regularly updated phishing templates and multilingual point-of-need learning experiences,” it added. “The reporting dashboard provides an in-depth analysis of specific phishing campaigns and identifies weaknesses within the organisation.”

Although it has only just been published, the company’s contract with CCS came into effect in October 2021. It runs for two years, is worth £8,000, and was awarded via the G-Cloud 12 framework.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

EXCL: Work starts on £6m cross-government digital system for civil servants to move between departments
27 March 2023

Fujitsu awarded contract to build platform that intends to enable transfers ‘at pace and without friction’

DWP-led shared services group signs £1.4m consultancy deal to help shape ‘technical vision’
22 March 2023

Synergy cluster seeks input ahead of going to market

GDS taps online recruitment specialist in £50k deal
21 March 2023

Digital unit signs one-year contract for platform to match software developers with employers

Research firm brought in to improve assessment of major tech projects
17 March 2023

Government’s Evaluation Task Force has signed a deal with Ipsos to address ‘significant lack of good quality evaluation’

Related Sponsored Articles

Digital transformation – a guide for local government
6 March 2023

Digital transformation will play a key role in the future of local government. David Bemrose, Head of Account Strategy for Local Government at Crown Commercial Service (CCS), introduces a new...