How to use the MIS Core Principles
Updated 17 July 2026
Applies to England
A school management information system (MIS) fulfils the scope of core functionality requirements including:
- school census data collection
- pupil data
- pupil relationship mapping
- admissions and transfers
- attendance management
- the mandatory reporting requirements for children with special educational needs and looked after children
MIS procurement
The MIS Framework procurement aims to address issues reported to us by schools in relation to their MIS solutions.
The Department for Education (DfE) aims to support those schools that need to procure a new MIS contract before the MIS Framework is established in June 2027. We advise schools to include the principles in Annex One (“Core Principles”) in those new procurements for this transitional period to ensure alignment and consistency with, and smooth transition to, the forthcoming MIS Framework.
These Core Principles will form the basis of the MIS Framework procurement.
MIS Core Principles
In developing these Core Principles, DfE has actively engaged with suppliers and, where possible, has sought to incorporate feedback to help schools align their new procurements with the anticipated requirements of the forthcoming MIS Framework during this transition period.
It should be noted that while these Core Principles will form the basis of the future MIS Framework, DfE may, at its sole discretion, amend or supplement the Core Principles as necessary when finalising the terms and conditions of the future MIS Framework.
These Core Principles are specific to MIS solutions and are aimed at resolving the issues reported to us by schools. As such, the Core Principles will not be relevant to suppliers providing other goods and services to schools such as:
- other education technology software
- catering
- facilities management
They will not apply to existing contracts awarded through:
- direct award
- other means such as open tender or an already established framework
Using the Core Principles
Suppliers should draft their contracts to align with the Core Principles from the outset. This will ensure certainty and avoid any conflict in the first place.
The requirement in the Core Principles for suppliers to confirm their terms reflect the Core Principles is designed to achieve exactly this. The statement regarding the Core Principles taking precedence is a contingency should this not have been done (either at all or adequately) and therefore rather than creating uncertainty, we are providing clarity by establishing a clear hierarchy of terms.
Where a school is procuring via an existing framework, DfE is engaging with existing framework providers to encourage them to update their terms to incorporate the Core Principles.
When issuing their call-off procurement packs via framework providers, Schools can still ask suppliers to confirm and agree to the Core Principles. If a framework provider has not updated their terms to incorporate the Core Principles (either at all or adequately) then, subject to the terms of the respective framework, schools can include the Core Principles as part of their call-off terms and conditions and the statement regarding precedence can still apply and provide clarity if there is a conflict.
Cyber security
It is important the suppliers can demonstrate that they already hold, or are actively working towards, Cyber Essentials Plus and ISO 27001 accreditation. Both are third-party accredited. This is different to the standard level of Cyber Essentials accreditation which is self-certified. Companies are accredited for Cyber Essentials Plus (or ISO 27001) by an IASME (or UKAS) accredited certification body.
Auto-renewal
DfE has heard from numerous settings across the sector that have fallen foul of auto-renewal provisions in their contracts. For this reason, we have included a principle that prohibits the use of auto-renewal clauses beyond one 12-month period. This Core Principle is designed to ensure schools make conscious, informed decisions about their MIS provider at the end of each contract term, consistent with good procurement practice and value for money obligations.
Service continuity safeguards
We recognise suppliers’ legitimate concerns about service disruption as part of their feedback to DfE on the Core Principles. Therefore, we have introduced a minimum 6-month advance notice requirement (suppliers have flexibility to do this more than 6 months ahead of expiry) which is intended to provide sufficient time for schools to take action.
Data retention
Suppliers should not delete school data immediately upon contract expiry. Core Principle 17 requires continued access to school data during any exit period. The exit period may either be included within the contract term or be after expiry or termination of the subscription term for the purposes of data export, transition to a new supplier.
DfE expects a reasonable data retention period to allow schools to retrieve their data or complete a late renewal.
Definition of “contact”
We have set a minimum expectation for contacting schools. Suppliers can of course do more than this (for example phone calls, more than 6 months, more than once) to mitigate supplier concerns of service continuity.
School responsibility
We acknowledge that schools bear responsibility for managing their contracts and responding to renewal notices. The Core Principles do not absolve schools of this responsibility – they simply ensure schools are not bound by default where no active decision has been taken.
Designated representative
Where a multi-academy trust (MAT) or local authority procures on behalf of multiple schools, the “designated representative” for the purposes of Core Principle 4 would be the authorised representative of the MAT or local authority (as applicable), not each individual school. The Contract would be between the supplier and the MAT or local authority as the contracting party (with each school benefiting as end users).
Identifying the Designated Representative
The intention is not to create an impossible burden for suppliers. The Core Principle is designed to protect schools from being bound by contracts signed by individuals without proper authority, for example a teacher or school admin assistant signing a multi-year contract without approval. DfE has clarified which roles are designated representatives and that suppliers can rely on self-designation.
Serving contractual notices
Error-free transmission
For an electronic notice to be deemed served, the notice must be “despatched in a legible and complete form to the correct email address without any error message” to the email address specified by the supplier in the contract. This addresses the concern raised by the market about bounced emails – if an error message is received, the notice will not be deemed served.
Clickwrap and portal acceptance
The prohibition on clickwrap portal acceptance is intended to address concerns that schools may be bound by contract terms (including variations) that they have not consciously reviewed or agreed.
DfE is aware of instances where schools have been presented with lengthy terms and conditions through online portals, with acceptance deemed by a single click, without the school having a genuine opportunity to negotiate or even read the terms. This is inconsistent with the principle that schools should make informed contractual decisions.
Electronic signatures
Core Principle 6 does not preclude the use of electronic signature platforms such as DocuSign, Adobe Sign, or similar e-signature solutions. Amendments made to clarify. The distinction is:
- permitted: a school representative reviewing a contract document and applying an electronic signature to signify agreement (equivalent to a wet-ink signature)
- not permitted: a school user clicking “I agree” to standard terms presented via a web portal or software interface without a formal signature process
Contract variations
We acknowledge concerns raised by the market regarding the operational burden of agreeing variations with large customer bases. However, DfE’s position is that material contract variations affecting contract duration and price, and schools’ rights and obligations should require the school’s informed consent, not deemed acceptance through continued use of a portal.
Portal functionality
DfE recognises concerns raised by the market that portals can assist schools in managing contracts. Nothing in Core Principle 6 prevents suppliers from offering portal functionality for contract management, document storage, or renewal tracking. The restriction applies only to the formation or variation of the Contract itself, not to administrative tools.
Contract length
This applies only to contracts issued before the framework is launched. Once the MIS Framework commences in June 2027, schools will be able to award contracts for longer than 3 years if they wish. The limit is in place to enable schools to benefit fully from the framework as soon as possible whilst still recognising the need to secure value whilst we procure the framework itself.
Support services
Before the future MIS Framework is live, schools can continue to procure their MIS support services as they do now, from:
a. the same MIS supplier but under a separate support contract
b. the same MIS supplier as part of the same contract for the MIS
c. other accredited third parties under separate contracts
This Core Principle is designed to ensure that, where (a) applies, the separate MIS and support services contracts are co-terminus.
Once the future MIS Framework is live, schools will be able to procure their MIS support services either:
- under the MIS Framework (and in such circumstances this would form part of the Call-Off Contract)
- from accredited third parties outside the MIS Framework in the same way that they are able to now
The MIS Framework terms and conditions will reflect this Core Principle so that the support services are co-terminus with the MIS.
Location of storage and processing of school data
The policy intention is to provide schools with a high degree of assurance regarding the location and handling of pupil data, recognising the sensitivity of children’s personal data and the resource constraints many schools face in assessing international transfer risks.
Use of school data
It is a fundamental principle that school data is only used for the purposes of delivering the services – it cannot be commercialised by suppliers.
DfE acknowledges there may be occasions where a supplier may need to use school data in order to comply with law, for example audit or prevention of fraud.
With regard to the commercialisation of school data if it has been anonymised, DfE is aware of instances where data has been labelled as anonymised, but there have still been identifiers which led to data subjects being identified.
Schools are therefore very concerned that school data is, in practice, only pseudonymised and small cohorts or school-level reporting may permit re-identification of pupils.
DfE is mindful of the recent findings in the Information Commissioner’s Office (ICO) report on EdTech products. DfE takes some comfort from the positive engagement of EdTech providers with the report’s recommendations and their implementation of the same, however DfE can only permit suppliers to use school data for a purpose other than providing the services if:
- a school has been provided with robust evidence of its compliance with data protection laws
- the school has provided written consent for a supplier to use the school data for another explicit purpose, for example product development and analysis, benchmarking, trend analysis and sector insight purposes
This ensures that, in line with the ICO report, schools can be confident there are no gaps in safeguards to protect children’s data.
Core Principle 13 has been amended accordingly.