All Posts

Does Your School Meet the Updated DfE Filtering & Monitoring Standards?

Ask most headteachers whether their school has filtering and monitoring in place and the answer will be yes. Ask whether that filtering and monitoring meets the DfE's current standards and the answer becomes much less certain.

Filtering and monitoring is one of the most misunderstood areas of school IT. Many schools have systems in place that were set up years ago, never properly reviewed and quietly drifting further from compliance with every passing term. Meanwhile the DfE has updated its standards twice in the last two years — most recently in October 2024 — and the expectations on schools continue to rise.

This post explains what the current standards require, what's changed and what your school needs to do to be confident it's meeting its obligations.

What Are the DfE Filtering & Monitoring Standards?

The DfE's filtering and monitoring standards sit within its broader digital and technology standards framework for schools and colleges. They are directly linked to the statutory safeguarding guidance in Keeping Children Safe in Education (KCSIE), which means compliance is not optional — it is a legal requirement.

At their core, the standards require schools to have two things properly in place:

Appropriate filtering — systems that prevent pupils and staff from accessing harmful, inappropriate or illegal content online, without blocking legitimate educational content unnecessarily.

Appropriate monitoring — systems that identify and flag concerning online activity so that safeguarding leads can respond to potential risks involving pupils.

The key word in both cases is appropriate. The DfE does not mandate a specific product or provider. What it does mandate is that whatever systems your school has in place actually work as intended — and that your leadership team can demonstrate that they do.

What Changed in October 2024

The DfE updated its filtering and monitoring standards in October 2024, introducing changes designed to address evolving digital risks and strengthen safeguarding measures.

Governing body responsibility is now explicit The updated standards place a stronger emphasis on the governing body's responsibility to ensure their school has appropriate filtering and monitoring systems in place. This means governors can no longer treat filtering and monitoring as purely an IT matter — it is now explicitly a governance responsibility that should be on the agenda at board level. NSPCC Learning

Real-time scanning is now required Schools are expected to ensure their filtering solution is capable of detecting and blocking harmful content in real time. This helps minimise the likelihood of students accessing inappropriate or unsafe online content.

Safe search must be enabled by default Safe search must now be enabled by default on any search engines used across school devices and networks — including on devices used by staff as well as pupils. NSPCC Learning

Student risk profiles must be considered The updated standards include a more comprehensive assessment of what to consider in student risk profiles. Schools need to think about which pupils may be at greater risk online and ensure their monitoring approach reflects that — not just apply a blanket one-size-fits-all approach. NSPCC Learning

Clearer roles across the organisation Schools should have clearly defined roles and responsibilities for filtering and monitoring. Senior leaders should oversee the operation of these systems, approve content filtering decisions, and ensure relevant staff training is in place. Effective collaboration between IT staff and safeguarding leads is essential to address both technical and safeguarding risks.

The Four Core Requirements Every School Must Meet

Regardless of size or setting, every school must be able to demonstrate it meets these four requirements:

1. Identify who is responsible A named member of the senior leadership team must take overall responsibility for filtering and monitoring. Your Designated Safeguarding Lead (DSL) should be involved in reviewing what monitoring flags and how concerns are escalated.

2. Have filtering that blocks harmful content without blocking learning Your filtering system must block illegal content, content that is harmful to children, and other inappropriate material — while not unreasonably restricting legitimate teaching and learning resources. Getting this balance right requires ongoing review, not a set-and-forget approach.

3. Have monitoring that actually works Monitoring tools generate alerts. But alerts are only useful if someone is reviewing them. Schools must have a clear process for who receives monitoring alerts, how quickly they act on them and how concerns are escalated to the DSL. The technology alone is not enough.

4. Review your systems at least annually Schools must ensure that filtering and monitoring systems are reviewed at least annually. Current standards expect formal, documented reviews to take place alongside enhanced monitoring processes, ensuring ongoing compliance with online safety requirements. A lack of evidence of a recent review indicates that this requirement may not be being met.

Why Many Schools Are Still Falling Short

The most common reasons schools fail to meet the filtering and monitoring standards are not technical — they are organisational.

The system was set up once and never revisited. Technology changes, the DfE standards change, and the risks children face online change. A filtering system configured in 2019 is almost certainly not meeting the 2024 standards without review and update.

Monitoring alerts are going nowhere. Many schools have monitoring tools in place that generate alerts nobody is reading. The DfE is clear that monitoring is only appropriate if someone is actually acting on what it finds.

Governors don't know what's in place. Under the updated standards, governors must be able to confirm that appropriate systems exist. If your IT provider has never briefed your governing body on filtering and monitoring, that's a gap.

The DSL and IT provider aren't talking to each other. Filtering and monitoring sits at the intersection of safeguarding and technology. It only works well when the people responsible for both are aligned. In many schools they operate in entirely separate silos.

What DCAD Does for Schools in Hertfordshire & Essex

At DCAD we configure, manage and review filtering and monitoring for schools across Hertfordshire and Essex as part of our managed IT service. In practice that means:

• Reviewing your current filtering and monitoring setup against the October 2024 DfE standards

• Identifying any gaps and recommending the right solutions for your school's size and budget

• Configuring filtering systems to block harmful content without disrupting teaching

• Ensuring monitoring alerts reach the right people and that there is a clear process for acting on them

• Briefing your DSL and, where required, your governing body on what is in place and how it works

• Reviewing systems annually to keep pace with DfE updates and changing online risks

We work with nurseries, primaries, secondaries, academies and multi-academy trusts — and we understand that the right approach for a 100-pupil primary is very different from a MAT managing multiple sites.

Not Sure If Your School Is Compliant?

If you're not confident your current filtering and monitoring meets the October 2024 DfE standards, the honest answer is that it probably needs reviewing. Most schools we speak to have something in place — but something in place and something that meets the current standards are two very different things.

DCAD offers a free, no-obligation IT audit for schools across Hertfordshire and Essex. We'll review your filtering and monitoring setup against the current DfE requirements and give you a clear, jargon-free picture of where you stand — and what, if anything, needs to change.

No sales pressure. No jargon. Just honest advice from people who know schools.

Call us: 03300 553 993 | Email: info@dcad.co.uk

DCAD Ltd — Specialist School IT Support, Cyber Security & Microsoft 365 for Schools Across Hertfordshire & Essex. Supporting education since 2003.

Schools Aren't Businesses — So Why Treat Their IT That Way?

When a pipe bursts, you call a plumber. When a tooth aches, you see a dentist. You wouldn't call a general handyman and hope for the best. Yet when it comes to IT support, many schools in Hertfordshire still rely on generalist providers — companies that support accountancy firms, retailers and local businesses alongside their school contracts.

The problem? Schools aren't businesses. The IT challenges they face, the regulations they must meet and the consequences of getting it wrong are entirely different. A missed Windows update at a logistics company is an inconvenience. The same oversight in a school can mean failing a safeguarding audit, a data breach involving pupil records, or devices that grind to a halt on exam day.

This post explains why specialist education IT support isn't a luxury — it's a necessity.

What the DfE Now Expects from School IT

The landscape of school IT compliance has shifted significantly. The Department for Education has published digital and technology standards that set out clear expectations for every school and college in England — covering network infrastructure, cyber security, filtering and monitoring, wireless networking, broadband and digital leadership and governance.

These aren't suggestions. The DfE expects all schools, colleges and multi-academy trusts to be actively working towards meeting these standards, with a target of full compliance by 2030. The standards are regularly updated — most recently in October 2024 — and they place a direct responsibility on whoever provides your IT support to understand and help you meet them.

Schools are also required to assign a senior leadership team member to oversee digital technology, maintain up-to-date asset registers, incorporate IT into their disaster recovery planning, and produce a digital technology strategy that is reviewed every year.

That's a significant compliance burden — and it falls on your IT provider as much as your leadership team. A generalist who has never read the DfE guidance cannot support you with any of it.

Safeguarding Isn't Optional — and It's Increasingly Technical

Perhaps the starkest difference between school IT and business IT is safeguarding. Keeping Children Safe in Education — known as KCSIE — is statutory guidance from the DfE that sets out the legal requirements for safeguarding children in schools and colleges across England. It is updated annually and compliance is not optional.

From an IT perspective, KCSIE has direct and specific implications for how your school's technology must be configured. Schools are legally required to have appropriate filtering in place to prevent pupils accessing harmful content, and appropriate monitoring to detect and respond to safeguarding concerns. These aren't features you can switch on and forget — they require proper configuration, regular review and an IT partner who understands what "appropriate" actually means in a school context.

The most recent updates to KCSIE have also expanded the definition of online risks to include disinformation, misinformation and conspiracy theories as recognised safeguarding harms. The technical expectations placed on schools continue to rise year on year.

Your Designated Safeguarding Lead needs to be able to rely on your IT systems. A generalist provider maintaining a letting agency's network has no reason to understand any of this. An education specialist builds their entire service around it.

Where Generalist IT Support Falls Short

We speak to school business managers and headteachers regularly who have inherited IT contracts with generalist providers. The same issues come up time and again:

They don't know the compliance landscape. DfE standards, KCSIE, Cyber Essentials, UK GDPR in an education context — generalist providers are often unaware of these requirements, let alone equipped to help you meet them.

They don't understand how schools work. Generalist providers schedule maintenance windows during business hours. They don't appreciate that 8:45am on a Monday is the worst possible time for an update to push. They've never heard of SATs week, don't understand OFSTED readiness pressures, and aren't prepared for the September setup surge that every school faces.

Their response times don't fit school needs. A four-hour response window might be acceptable for a small business. For a school with 300 pupils and an exam starting in 45 minutes, it isn't.

They can't advise on education-specific systems. SIMS, Arbor, Bromcom, Microsoft 365 for Education licensing, Apple School Manager, MAT-wide infrastructure — generalist providers aren't equipped to advise on any of it.

They don't connect IT to the wider school. Safeguarding, SEND, administration, finance, governor reporting — school IT touches every part of the organisation in ways that business IT simply doesn't. A good education IT partner understands that context.

Case Study: NET Academies Trust

NET Academies Trust is a multi-academy trust that came to DCAD needing consistent, reliable IT support across multiple sites — the kind of joined-up provision that a generalist provider simply couldn't deliver at scale.

Working with DCAD, the trust benefited from a single point of contact who understood their environment across every school in the group. Infrastructure was standardised, Microsoft 365 was deployed and managed centrally, and safeguarding and compliance requirements were addressed consistently rather than school by school.

For a MAT, the stakes of getting IT wrong are multiplied across every site. Having a specialist partner who understands multi-school environments — and takes responsibility for compliance across all of them — is the difference between a well-run trust and one that's permanently firefighting.

What to Look for in a School IT Provider

If you're reviewing your current IT support, a genuine education specialist should be able to demonstrate all of the following:

• Clear knowledge of the DfE digital and technology standards and how to meet them

• Experience configuring filtering and monitoring solutions that satisfy KCSIE requirements

• Proven capability with Microsoft 365 for Education and/or Google Workspace for Education

• Familiarity with school MIS platforms such as SIMS, Arbor and Bromcom

• Experience across the full range of settings — nurseries, primaries, secondaries, academies and MATs

• Cyber Essentials guidance and support with certification

• Response times and service levels built around the school day and academic calendar

• Named contacts who know your school — not a rotating helpdesk

That last point is worth emphasising. At DCAD, every client works directly with Darren or Martin. Not an account manager who disappears after the contract is signed. Not a first-line operative who logs a ticket and moves on. The people who answer your call are the people who know your school — and have done since 2003.

Get a Free IT Audit for Your School

If you're a school or trust in Hertfordshire or Essex and you're not confident your current IT provision is keeping pace with compliance requirements — or you simply want to know where you stand — DCAD offers a free, no-obligation IT audit.

We'll review your current setup against the DfE standards, assess your safeguarding technology, and give you an honest picture of what's working and what isn't. No sales pressure. No jargon. Just Darren and Martin, with over 50 years of education IT experience between them.

Managing School Devices Is Harder Than It Looks

If you've ever tried to push a software update to 80 laptops before the school day starts, you'll know the challenge. School IT environments are uniquely demanding — dozens, sometimes hundreds, of devices shared across pupils, teachers and support staff, each needing the right apps, the right restrictions and the right level of security.

Without a proper system in place, IT management in schools typically looks something like this:

• A member of staff manually updating devices one by one

• No visibility over which devices are compliant with school policy

• Pupils able to access settings, apps or content they shouldn't

• No way to remotely wipe a lost or stolen device

• Different setups on different machines — and no reliable way to standardise

It's time-consuming, inconsistent and — from a safeguarding and data protection standpoint — a real risk. This is where Microsoft Intune comes in.

What Is Microsoft Intune?

Microsoft Intune is a cloud-based Mobile Device Management (MDM) and Mobile Application Management (MAM) platform. In plain English: it gives your school a central control panel for every device — Windows laptops, iPads, Android tablets, even teacher smartphones — all managed remotely from one place.

With Intune, your school can:

Deploy apps automatically — push Microsoft 365 apps, safeguarding tools or any approved software to devices without touching each one individually.

Enforce security policies — require strong passwords, enable encryption, block USB drives, restrict access to inappropriate settings or websites.

Separate school data from personal data — particularly useful on shared devices or bring-your-own-device (BYOD) setups.

Remote wipe lost or stolen devices — if a laptop goes missing, your data doesn't have to go with it.

Ensure compliance — get a live view of which devices meet your school's IT policy, and automatically flag or restrict those that don't.

Integrate with Microsoft 365 — Intune works natively with Teams, SharePoint, OneDrive and Azure Active Directory, making it a natural fit for schools already using Microsoft 365 for Education.

For UK schools following the Cyber Essentials framework or the DfE's digital and technology standards, Intune directly supports many of the core requirements around access control, patch management and device security.

Case Study: Tenterfield Nursery School

Tenterfield Nursery School is a small but busy nursery setting that came to DCAD with a familiar problem: a growing number of devices, no consistent setup, and staff spending too much time troubleshooting rather than teaching.

Working with DCAD, Tenterfield moved to a fully managed Intune environment as part of their Microsoft 365 setup. The results were immediate:

• All devices configured consistently from a single policy — no more "this laptop works differently to that one"

• Apps deployed remotely in minutes, not hours

• Safeguarding filters and restrictions applied automatically to every device

• Staff freed from day-to-day IT admin, able to focus on what matters
  

For a small nursery with limited IT budget and no dedicated in-house IT staff, having DCAD manage Intune on their behalf meant they got enterprise-level device management without enterprise-level complexity or cost.

Microsoft Intune vs Other MDM Solutions for Schools

Schools sometimes ask us how Intune compares to alternatives. Here's an honest overview:

For schools already using — or moving to — Microsoft 365 for Education, Intune is the clear choice. If you're on Microsoft 365 A3 or A5 licensing, you likely already have access to Intune at no extra cost.

How to Implement Microsoft Intune in Your School

Getting started with Intune doesn't need to be complicated, but it does need to be done properly. Here's a straightforward path:

1. Licensing check Confirm your Microsoft 365 plan includes Intune (A3 and A5 do; A1 has limited MDM features). If you're unsure, we can check this for you.

2. Azure Active Directory setup Intune works with Azure AD (now called Microsoft Entra ID). Your school user accounts need to be properly configured here before enrolment.

3. Define your policies Before enrolling devices, agree what your policies should be — password requirements, app restrictions, content filters, compliance rules. This is where experience counts; getting policies right first time saves hours of rework.

4. Enrol devices Devices can be enrolled manually, via Autopilot (for new Windows devices), or through Apple School Manager / Google Zero-Touch for other platforms. For existing device fleets, DCAD can manage bulk enrolment.

5. Deploy apps and configurations Once enrolled, apps and settings are pushed automatically. Devices are ready to use — correctly configured — without manual setup.

6. Ongoing monitoring The Intune admin console gives you a live compliance dashboard. DCAD can manage this on your behalf as part of a managed service, alerting you to issues before they become problems.

Ready to Take Control of Your School's Devices?

Whether you're a nursery with a handful of tablets, a primary school with a mixed device fleet or a multi-academy trust managing devices across multiple sites — Microsoft Intune can transform how your school manages technology.

At DCAD, we've been supporting schools across Hertfordshire and Essex since 2003. We're a Microsoft 365 partner with hands-on experience deploying Intune in real school environments — from small nurseries like Tenterfield right through to larger academy settings.

Speak to a Microsoft 365 expert at DCAD today.

No jargon. No sales team. Just Darren and Martin, who'll give you an honest assessment of what your school needs and how we can help.

Get in touch with DCAD

DCAD Ltd — School IT Support, Cyber Security & Microsoft 365 for Schools Across Hertfordshire & Essex