top of page

Making Sense of the DfE’s Six Digital Standards: A No‑Nonsense Briefing for Trust Leaders

  • Feb 16
  • 4 min read

The 2025 Academy Trust Handbook has slipped in something significant: by 2030, every academy trust must meet six core digital and technology standards. These underpin everything from safeguarding and cyber resilience to learning continuity and DfE governance expectations.


These aren't suggestions. The DfE has made them part of the accountability framework, meaning inspectors, auditors and the ESFA will expect to see evidence you're meeting them.


The six standards cover broadband, network switching, wireless, cybersecurity, filtering and monitoring, plus digital leadership and governance. Together, they're designed to build resilient, well-governed, safe digital environments across all schools.


This guide cuts through the jargon to explain:

  • What each standard actually means in practice

  • How to tell if your IT team is making real progress

  • What "good enough" looks like for your setting

  • Where schools typically overspend or underinvest

  • The questions operational leaders should be asking

Let's get into it.


1. Broadband Internet—It's About Reliability, Not Just Speed


What the DfE expects: Reliable, high-speed internet that supports teaching, admin systems, safeguarding and future growth.


What this actually means: If you've got a 1 Gbps leased line serving 600 pupils, you probably don't need to jump to 2.5 Gbps just because a supplier recommended it. What matters is utilisation, not headline speed.


Questions to ask:

  • What percentage of our bandwidth are we actually using at peak times?

  • When we have slowdowns, is it bandwidth or is it dubious switching or Wi-Fi?

  • Do we have automatic failover if the main connection drops?

And please—if your backup plan involves someone driving across town with a Starlink dish to plug in manually, that's not a backup.


2. Network Switching—The Bit Nobody Sees (Until It Breaks)


What the DfE expects: A modern, secure, centrally managed switching infrastructure that keeps your network resilient.


What this actually means: Switches older than 7–10 years struggle with VLAN segmentation, buckle under Wi-Fi 6 loads, pose security risks, and cost you more in engineer hours than replacing them would.


Questions to ask:

  • Do all our schools have a standardised switching setup?

  • Are firmware updates happening monthly?

  • Are there still unmanaged switches daisy-chained in cupboards like it's 2009?


3. Wireless Networks—Can Your Wi-Fi Actually Handle Real Life?


What the DfE expects: Robust wireless that can support 1:1 devices and digital learning.


Reality check: If teachers are muttering that "the Wi-Fi dies whenever Year 5 go into the hall," that's a capacity, placement or design issue—not a bandwidth problem.


Questions to ask:

  • Has each site had a proper Wi-Fi heatmap survey in the last two years?

  • Are we keeping old access points because "they sort of work"?

  • Can the network safely handle BYOD and unmanaged iPads (where tracking and monitoring gets tricky)?


4. Cyber Security—Because You're Not Allowed to Pay Ransoms

DfE and NCSC guidance: Don't pay ransomware demands—it funds criminals, doesn't guarantee recovery, and makes you a target again. More importantly, if your cybersecurity is strong enough, you'll never be in that position.

That makes cyber resilience non-negotiable.


Questions to ask:

  • Do we have MFA on everything, including admin accounts?

  • Do we have an actual cyber incident response plan (not just "ring IT")?

  • Is the IT team patching systems weekly, not termly?

  • Are backups immutable and stored off-site?


5. Filtering & Monitoring—Safeguarding Is a System, Not Just Software


What the DfE expects: Effective, reliable filtering plus active monitoring that extends to all devices—including BYOD and those hard-to-track iPads.


This ties directly into your statutory safeguarding duties under Keeping Children Safe in Education 2025.


Questions to ask:

  • Does our filtering cover all devices, not just Windows laptops? What about offsite?

  • Are alerts actually reviewed by humans, or just logged and ignored?

  • Are DSLs getting meaningful, triaged reports—not hundreds of false positives?


6. Digital Leadership & Governance—The One Everyone Forgets


What the DfE expects: Strategic oversight, accountability and continuous improvement across digital and technology systems.

This is where many MATs fall down, because:

  • IT reports are too technical

  • Boards don't get risk-based updates

  • There's no framework for measuring IT progress


Questions to ask:

  • Do we have KPIs for IT (outage minutes, safeguarding response times, patch compliance)?

  • Are IT risks on the main organisational risk register?

  • Do Trustees actually understand where we sit against the six standards?

 

How to Tell If Your IT Team Is Making Progress


A good IT team will:

  • Provide a baseline audit mapped directly to all six standards (not just "a list of problems")

  • Deliver termly progress reports in plain English for CFOs and Trustees

  • Present options with value-for-money analysis, not just vendor quotes

  • Demonstrate resilience planning (automated failover, tested backups)

  • Show evidence of monitoring improvements, not just "we have filtering installed"


A struggling IT team will:

  • Only react to issues, never plan ahead

  • Fail to provide documentation

  • Over-spec or under-spec solutions without evidence

  • Ignore BYOD, legacy iPads and pupil-owned devices

  • Rely on manual workarounds ("We'll drive a Starlink around if needed")

 

Do All Six Standards Apply to Your Setting?


Short answer: Yes—but scaled appropriately.


The standards are universal, but implementation varies. A small rural primary doesn't need enterprise 10Gb core switching. A large secondary with 1,500 pupils absolutely does. A trust with high mobility or multiple sites needs stronger network redundancy than a single-school academy.


The point is consistency, resilience and good governance—not unnecessary spending.

 

The Bottom Line—This Isn't About Tech. It's About Governance, Safeguarding and Risk.


The six core standards are fundamentally about:

  • Protecting children and staff

  • Maintaining continuity of learning

  • Using public money wisely

  • Strengthening trust-level governance


For CFOs, Trustees and Governors, the most important action right now is demanding visibility: Where are we today? Where do we need to get to? And what's the plan?


Meeting these standards means investing in proper systems and tooling. You can't track progress, prove compliance or produce meaningful KPIs without platforms that actually capture the data.


You can't expect your IT team—internal or external—to conjure up monitoring dashboards, patch compliance reports or safeguarding metrics out of thin air. These things require proper tooling: asset tracking systems, network monitoring platforms, incident response software.


If you want evidence-based reporting, you need to fund the systems that make it possible. Without them, "IT progress" is just guesswork.


When done properly, these standards create stronger, safer, more resilient schools across every setting.

 

Want to dive deeper?

I'm running a free webinar on 18th March 2026 where we'll unpack these standards in detail, answer your questions, and share practical guidance on implementation.

 

 
 
 

Comments

bottom of page