Renewing Your MIS Contract Advice


If your MIS contract is coming to an end, it is very tempting to simply extend the existing contract. We have even heard that some suppliers are putting pressure on schools to do this without due regard for proper legal procurement processes.

Procurement law exists to ensure that public bodies, such as schools, spend public funds wisely and obtain good value for money.

Your school, academy or local authority will have financial regulations in place. These regulations ensure that when you buy goods or services for your school or academy you do not breach UK or EU procurement law. They also tell you under which circumstances you can:

  • buy a product or service 'off the shelf'
  • should buy under a framework agreement
  • need to get at least 3 competitive quotes
  • when to advertise a contract and run a buying process
  • when you must run a EU compliant tender process

The lifetime monetary value of a contract, including all additional paid for services such as training and support, is usually what determines what kind of procurement process you must run.Your school's MIS contract value is unlikely to be low enough for you to get away with simply extending the contract for another 3 years. Even if you are very close to the end of your contract and can't possibly manage without the service in place, you must follow procurement law. You can even buy the same product that you have had before but you must follow proper procurement proceedures.


Fortunately, you can buy school MIS quickly, easily and in full compliance with the law by procuring via a framework agreement that is recognised and recommended by the DfE such as Everything ICT.

Why use the Everything ICT Framework?

Everything ICT makes buying an MIS easier, faster and cheaper. It's free to use, fully compliant with procurement law and has a great 'customer first' approach.

Seckford Education procured its MIS via EverythingICT and gave us this 5 Star review.
"An excellent process, with all of the hassle taken out. I would strongly recommend."
Mark Burrow - Seckford Education

Before you extend your MIS contract

  • Check your school or academy's Financial Regulations
  • Make sure that you are not breaching EU Procurement law -see DfE guidance here
  • Talk to our procurement experts at Everything ICT


Free Data Protection Inset Training

It has been nearly four years since we all rushed to become GDPR compliant. And whilst you may have been very clear about what you need to do to protect personal data in May 2018 it is easy to for things to slip.

We are delighted to announce that our data partner, Data Protection Education, is offering free online webinars to help you refresh and refocus your practice around securing personal data.

These half-hour sessions are available completely free and will give staff a refresher on what they should and should not be doing as well as bring them up to date on current legislation and explore some of the Myths around Data Protection.

The webinars will run on January the 4th and 5th 2022  with four time slots available each day: 10:00 am; 11:30 am; 1:00 pm; and 3:00 pm.

These sessions are aimed at both the Data Protection specialists within the school and other members of staff that need to keep up to date without current legislation. The half-hour sessions will be non-technical but will also include a Q&A session with a panel of data protection specialists for those of you requiring a more indepth response.

Find out more and book your free session

Improve Cyber Security at your School

The Eastern Cyber Security Resilience Centre is the ''local' point of help and support with all things related to cyber security.
They are running a specific session for education leaders and staff on the fundamentals of cyber resilience. The session will also provide practical steps to improve cyber resilience at your school.
You can attend this free session in-person or virtually.

Further ransomware attacks on the UK education sector

An alert warning of further ransomware attacks on the UK’s education sector has been issued by the NCSC after a notable rise in cases over the past week.

The NCSC previously reported increases in ransomware attacks on the UK education sector in September 2020 and March this year, and has updated this alert in line with the latest activity.

Ransomware is a type of malware which can make data or systems unusable until the victim makes a payment, which can have a significant impact in an education environment.

More recently, there has been a trend for cyber criminals to also threaten to release sensitive data stolen from the network during the attack, if the ransom is not paid. There are many high-profile cases where the cyber criminals have followed through with their threats by releasing sensitive data to the public, often via “name and shame” websites on the darknet.

Alongside acting on the mitigation advice contained within the alert, the NCSC strongly emphasises the need for organisations in the sector to protect their networks from attack.

The NCSC has produced a number of practical resources to help educational institutions improve their cyber security, and they are encouraged to take advantage of our Exercise in a Box tool which helps organisations test and practice their response to a cyber attack in a safe environment.

Organisations in the sector are advised to sign up to the NCSC’s free Early Warning service, which is designed to inform organisations of potential cyber attacks on their network as soon as possible.

Cyber Criminals and Your School

The number of cyber attacks on schools has increased in the last few weeks. These attacks often take the form of a ransomeware attack. Ransomeware is a type of computer virus that corrupts, threatens to destory or locks you out of your school data until a ransome has been paid. Paying the ransome might not result in the safe return of your data and may even identify you as a profitable target for future attacks.

Ransomware attacks can have a devastating impact on organisations, with victims requiring a significant amount of recovery time to reinstate critical services. These events can also be high profile in nature, with wide public and media interest. In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing.

The NCSC (National Cyber Security Centre) has produced a number of practical resources to help schools and other educational institutions improve their cyber security. The resources and further guidance can be found in this week's updated guidance.


Page 1 of 4

Latest from the Blog