Introducing MetaCompliance

NHS computer

Information Governance, Data Protection, Information Security, Cyber Security. The words are familiar and are becoming part of our everyday life.  EEAST take these very seriously and are implementing a range of software applications to enhance, improve and build on those already in place.

Part of this is the new MetaCompliance system. MetaCompliance are a market leader in some of the key elements to achieving a data safe environment.

The various elements covered by their application bring together a range of tools that aim to raise the internal understanding of information security by raising user awareness, helping to reduce avoidable human errors and to adopt a more comprehensive approach to data security both at home and at work.


MetaLearning provides responsive and appropriate content in small bitesize pieces.  The content will be delivered through direct emails, links from Need to Know as well as many other places.  The content is updated regularly and takes into consideration the current cyber and data security landscape. This application is designed to compliment the mandatory training provided through the evolve platform with agile and dynamic content.

If a data breach has occurred then specific content, is available to help raise awareness at an individual level, team level or Trust level. This will ensure that the knowledge loop has been closed.


The MetaPolicy module is designed to make finding policies, procedures and other important documents easier. It will also deliver new and updated polices via a link to your inbox ensuring that you are aware of the most recent copy.  It will also provide you a personal online portal, helping you to locate the policies you need.  Over the coming months this will be further enhanced so that smaller groups can have more relevant content for example AOC, Paramedics, IM&T etc.

This module also allows groups of documents to be placed into workbooks, for example an agency paramedic workbook containing EEAST specific information, or a paramedic that is about to start in ECAT.


The MetaPrivacy module ensures that the Trust is compliant with one of the key requirements of UK Data Protection Legislation.  This is to maintain a comprehensive list and evidence of Information Assets, those responsible for them, the way they are used (processing activities) and the legal basis for the processing activity.

The MetaPrivacy module has been designed to meet the needs of a modern large-scale organisation and incorporates the requirement listed in the UK GDPR and the DPA 2018. It also has provision for extra assessment requirements to be added such as those in the NHS Data Security and Protection Toolkit (DSPT).


Currently the Trust has no system for raising the awareness of phishing attacks and the many variants that have appeared over the last few years.  This leaves the Trust in a vulnerable position, open to social engineering, credential harvesting, ransomware, and malware attacks.

The MetaPhish module provides a whole suite within which to plan and design a robust program of simulated phishing attacks (including whale and spearfishing).  These can include both social engineering (which can also be backed up with a vishing attack), as well as credential harvesting.

The system maintains a full reporting set that indicates the types of attack and their success rate.

These simulated attacks can correspond with MetaLearning to provide reinforcement for those who click and endorsement for those who do not.

The IG Team will also be introducing a monthly blog that will be delivered via an email link or your MetaCompliance portal.  The blog will aim to bring together news and information around data and cybersecurity, data protection law and useful tips on data security that are applicable at home and in the workplace.

Re-published 11th October 2021