Change of https://www.gov.uk/guidance/meeting-digital-and-technology-standards-in-schools-and-colleges

Change description : 2025-11-17 10:06:00: IT support standards for schools and colleges – New section added. [Guidance and regulation]

Showing diff : 2025-03-10 15:46:23.026393743 +00:00..2025-11-17 10:07:25.081269686 +00:00

Summary

How schools and colleges can meet IT service and digital equipment standards.

These standards should be used as guidelines to support your school or college use the right digital infrastructure and technology. More digital and technology categories will be added to the service.

Meeting themthese canstandards will help you make more informed decisions about technology leading to safer, more cost-efficient practices and new learning opportunities for students.

The

Core standards

All areschools toand becolleges usedshould bybe everyoneworking involvedtowards inmeeting the6 planningcore andstandards useby of technology within schools and colleges, including:2030:

TheMeeting these core standards canwill help yourmake schoolsure oryou collegehave with:the essential infrastructure and governance to:  

  • budgetinghave fora technologystrong procurementdigital andstrategy 
  • make maintenanceinformed decisions to get the best use out of your digital technology 
  • buyinguse digital technology equipmentsafely and servicessecurely 
  • renewingmeet athe contractremaining withdigital aand technology providerstandards 

Our toplan ensuretechnology theirfor purchasesyour school service will help you to meet these 6 core standards. 

You should continue to use the remaining standards to support the effective use of digital technology in your needsschool or college.

How to use these standards

The standards are to be used by everyone involved in the planning and use of technology within schools and colleges, including: 

  • correctlysenior installingleadership newteams 
  • IT equipmentstaff 
  • suppliers 
  • technical advisers 
  • teachers

You should:

  1. Read each technology category and its standards.

  2. Review the standards and see if your school or college meets them.

  3. Speak with your ICTIT supplier or in-house support team to find out what can be done if you’re not currently meeting the standards.

If you need to buy new technology to meet the standards, you can get help buying for your school.

Our plan technology for your school service will help you to meet these standards.

Contents

Update history

2026-02-12 16:20
Cyber security – core standard – Updated references to ‘Action Fraud’ to the organisations new name ‘Report Fraud’.

2026-02-02 09:27
Filtering and monitoring – core standard – Updated to clarify when the standard should be met.

2026-01-28 09:17
Filtering and monitoring – core standard – Added additional information on filtering solutions to the ‘Technical requirements to meet the standard’ section.

2025-11-17 10:06
IT support standards for schools and colleges – New section added.

2025-03-10 15:46
Wireless network standards for schools and colleges – Updated the guidance on how to meet the latest wireless network standards and the associated technical requirements. Added extra information on how to ensure a fully functional signal from a wireless network.

2025-01-07 16:24
Cyber security standards for schools and colleges – Clarified that Cyber Essentials is a requirement for colleges under their ESFA funding agreement.

2024-11-06 16:31
Digital leadership and governance standards – Added a link to DfE contracts register template, asset register template and information asset register template.

2024-10-22 16:56
Filtering and monitoring standards for schools and colleges – 1. Identify and assign roles and responsibilities to manage your filtering and monitoring systems. Updates include: emphasis on the responsibility of governing bodies and proprietors to make sure appropriate systems are in placeoutlining Keeping children safe in education (KCSIE) requirements in relation to online safety and how the standards can help you meet those requirements Review your filtering and monitoring provision at least annually. We have added a more comprehensive assessment of student risk profiles, including the use of generative artificial intelligence. Filtering systems should block harmful and inappropriate content, without unreasonably impacting teaching and learning. Updates to this standard include:using safe search in browsers or search engines establishing clear expectations for the use of devices without functioning filtering and monitoring ensuring that bring your own devices (BYOD) have adequate filtering and monitoring measures in place awareness of new technologies that reduce the effectiveness of filtering measures Have effective monitoring strategies that meet the safeguarding needs of your school or college. Updates to this standard include: clarification on the role of in-person monitoringnew information added to ‘The technical requirements to meet the standard’new information added to the technical requirements to meet the standard, regarding school managed device, monitoring reports and incident response, stating schools should have a policy for incident response in relation to monitoring incidents

2024-05-20 16:09
Cyber security standards for schools and colleges – The cyber security standards have been updated to address tasks that should be completed by both the senior leadership team (SLT) and IT support. Cyber security is not something that IT teams can carry out alone, it is a shared responsibility between multiple roles and teams. The new cyber security standards contain the same key information that the previous cyber security standards held, but the format of this has changed to make them more accessible to staff without cyber expertise. The previous cyber security standards have been mapped to the new ones below, so that you can see where the previous information now lies. ‘Conduct a cyber risk assessment annually and review every term’. This new standard addresses: elements of the previous standard titled ‘Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack’  the importance of risk assessments; helping users understand where they are now and where they need to go next to improve their cyber security ‘Create and implement a cyber awareness plan for students and staff’. This standard addresses: the previous standard titled ‘Train all staff with access to school IT networks in the basics of cyber security’ the importance of students and staff understanding the risk of cyber security as your first line of defence against cyber incidents and attacks – this includes both training students and staff, as well as developing and implementing an acceptable use policy ‘Secure digital technology and data with anti-malware and a firewall’. This standard addresses the previous standards titled: ‘Protect all devices on every network with a properly configured boundary or software firewall’ ‘Network devices should be known and recorded with their security features enabled, correctly configured and kept up-to-date ‘ ‘You should use anti-malware software to protect all devices in the network, including cloud-based networks’  ‘An administrator should check the security of all applications downloaded onto a network’  ‘Control and secure user accounts and access privileges’. This new standard addresses the previous standards titled: ‘Accounts should only have the access they require to perform their role and should be authenticated to access data and service’ ‘You should protect accounts with access to personal or sensitive operational data and functions by multi-factor authentication’ This standard covers password security, multi-factor authentication and account management. ‘License digital technology and keep it up to date’. This new standard addresses the previous standard titled: ‘All devices and software must be licensed for use and should be patched with the latest security updates’ ‘Develop and implement a plan to backup your data and review this every year’. This new standard addresses:  the previous standard titled ‘You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be offsite’ the need to analyse what your current backup plan looks likethe need to plan and action how to backup and restore your data ‘Report cyber attacks’. This new standard addresses:  the previous standard titled ‘Serious cyber attacks should be reported’ reporting a cyber attack both internally within your school or college and to external bodies In addition to the above changes, the DfE have also removed the below standards and have explained why. ‘Your business continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack’.  This has been removed as it is now addressed in the DfE’s new digital leadership and governance standards under the title ‘Include digital technology within disaster recovery and business continuity plans’. It is also referenced throughout the new standards.  ‘You must conduct a Data Protection Impact Assessment (DPIA) by statute for personal data you hold as required by General Data Protection Regulation’. This has been removed because: this is included in the existing ‘servers and storage’ and ‘cloud solution’ standardsDPIA is now mentioned throughout the new cyber security standards ‘Network devices should be known and recorded with their security enabled, correctly configured and kept up-to-date’.  The important content from this is now within the relevant sections in the new standards.

2024-01-24 10:25
Digital accessibility standards – New section added.

2024-01-16 10:32
Laptop, desktop and tablet standards – New section added.

2023-03-29 08:30
Servers and storage standards for schools and colleges – New section added.

2022-10-10 11:00
Cyber security standards for schools and colleges – New section added.