ScholarPack Management Information System (MIS)

ScholarPack is an easy-to-use, management system (MIS) which allows schools to make sense of their data. Built for primary schools we provide all the tools needed to run your school. From attendance and assessments to accidents and incidents, ScholarPack helps schools record, manage and review everything that’s going on.


  • Meets all statutory requirements for attendance, assessment and census
  • Powerful reporting on all data with easy access exports
  • Send SMS, email and letters from the in-built communications panel
  • Track all aspects of progress and attainment for any group
  • Comprehensive personnel management module
  • Meals management with links to teacher registers
  • Interventions management linked to outcomes and spending
  • Clubs management with registers for any extra-curricular activities
  • Available on any device from any location
  • Behaviour management module for recording positive and negative behaviour


  • Save time with every click - make daily tasks faster
  • Get support fast - with our in-built instant chat system
  • Save money - up to 50% cheaper than legacy systems
  • No installation, upgrades or patches - even for census
  • Real-time data - our modules are always in sync
  • Join over 350 schools who switched last academic year
  • Real-time notifications when things happen in school
  • Simple migration - we take care of moving your data
  • Safe and secure - we backup data three times daily
  • Intuitive - our system is simple, even for non-techie people


£1500 to £10000 per instance per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

5 0 0 4 3 2 6 4 5 1 7 5 9 3 9



David Collins


Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints The service is subject to planned maintenance. We always give advanced notice and plan maintenance outside of school working hours.
System requirements
  • Web browser: Google Chrome, Internet Explorer or Apple Safari
  • Internet connection: 2Mb minimum

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We always aim to answer calls within 60s. This academic year average wait time was just 59s.

First contact resolution this academic year is 90% - meaning 90% of issues are resolved on the call, chat or ticket without further follow-up needed.

Our average chat response time was just 57s this academic year.

24/7 emergency technical support is available at weekends.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing N/A
Onsite support Yes, at extra cost
Support levels During migration and implementation schools have a named migration manager who oversees the process. All schools receive one day on-site training as part of their initial setup - this is included in our setup fees.

When required, additional on-site support and training can be delivered.

We also provide remote support via tickets, chat, email and phone. Web training and remote support can also be provided if needed.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Last academic year we migrated 350 schools onto the ScholarPack platform - we know that for a successful implementation, the migration and training process needs to be simple and hands off for schools.

We handle the entire process ensuring that there is minimal disruption to the office and classroom. Schools are census ready on day 1 for students and staff ensuring that data is ready to go. Our team is able to quickly deploy the system to groups of schools - since Jan 2018 we’ve migrated 150 schools to ScholarPack. We have experience migrating schools from SIMS, RM Integris, Arbor, Pupil Asset and Bromcom as needed.

Schools receive 1 day on-site training as part of initial setup - we have a template format for this session which is typically split into sections based on each school’s preferences (e.g. Admin, Assessment, SLT, SEN). Initial training sessions are always tailored to meet the needs of individual schools and our trainers confirm the outline for each session on the phone before delivery. This level of flexibility ensures that schools can get the most out of the day, regardless of their size, with different staff focusing on functions for their specific job role.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction ScholarPack can provide data in a number of formats. Most commonly these are Common Transfer Files (CTF), Excel or XML. These exports are available within the system.

Data can also be extracted via the API.
End-of-contract process Schools wishing to terminate their contract must give 30 days notice after the minimum period. Contracts are typically 12 or 36 months and renew automatically unless notice is given.

All data can be exported from the system prior to the end of the contract therefore schools must extract their data before the end of their contract.

Once a contract is terminated data is permanently deleted in-line with our data retention policy. Schools can request that we hold data for longer if required (fees apply).

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service N/A
Service interface No
What users can and can't do using the API ScholarPack provides a REST API for read/write access to the database for integration purposes. All data can be made available via the API, with granular controls provided for school users.

Schools can approve 3rd party access within the software and revoke this at any time.

We work with over 100 3rd parties who integrate with our system out of the box.

We provide restrictions on what data can be written into the system to ensure data integrity for schools - these restrictions have been implemented in response to school feedback.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Assessment - users can customise statements used within the assessment module for tracking granular progress. Statements can be added within the system or imported from a spreadsheet.

Report Engine - bespoke reports can be configured and built using the report engine to generate a report based on any student data field within the system. Custom reports can be saved for future use.

Configuration options - a range of configuration options are provided for turning on/off various aspects of the system. This allows schools to configure the interface based on their requirements. These controls are available to the sysadmin within the config area.

Lookups - many lookups within the system can be configured such as behaviour reasons, locations within the school, rooms etc. These controls are available to the sysadmin within the config area.


Independence of resources ScholarPack operates the main data centre at around 20% load capacity to handle burst load when needed. Commonly this is around morning and afternoon registration and census. We actively monitor the hardware capacity to ensure that we adequately scale the infrastructure in-line with school growth.

Our modern stack ensures that users do not experience slow downs when using the system even when lots of users are connected at the same time.


Service usage metrics Yes
Metrics types We monitor module usage and system uptake to help inform the development roadmap and assist schools with getting the most from our software.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported from ScholarPack as CTF (common transfer files), XML, Excel, Word, PDF, CSV, B2B files or using our API.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • CTF
  • Word
  • Excel
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • CTF
  • ATF
  • API write back

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Targeted availability for ScholarPack services is 99.9% uptime, not including planned maintenance times.

Schools can expect to be informed of scheduled planned maintenance at least one week in advance.

Schools may expect the following level of compensation for failure to achieve the targeted level of availability.

For each 0.5% availability below 100% the school can expect a refund of 10% of the annual subscription.

Any penalties are to be paid within 30 days of the end of the subscription term.
Approach to resilience Information available upon request.
Outage reporting Email alerts to users.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels System access: Access is only granted to explicit employees within the business in-line with our policies. Support agents are only able to access school level data when they are given explicit permission from schools, this access does not include sensitive data.

Demo sites are used to mirror production environments to minimise the need for access to customer data, the majority of support queries can be solved without using customer data.

Server access: Server access is restricted by IP range. We use SSH keys for back end access which is only given to DevOps engineers.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach All ScholarPack services are accredited to (and audited against) ISO/IEC 27001 standard
Information security policies and processes Our internal policies provide controls relating to the protection of all data - these are updated regularly and staff are trained to understand and apply these policies during their regular work.

Security governance and auditing falls under the control of ScholarPack’s senior management team and is led by the CTO. This team is responsible for ensuring that policies are being followed and that all staff members are receiving regular top-up training. Training records for staff are available upon request.

We work closely with an independent external organisation who certifies our policies and audits our compliance.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our main production stack is provisioned using VMware templates - infrastructure updates are deployed through these templates and verified before deployment into production.

Extended services are provisioned through a combination of Terraform and Kubernetes and follow a rigorous automated testing process from staging to production. All changes (infrastructure or software) go through documented data impact risk assessment before deployment to ensure the security and integrity of data.

All software deployments undergo a peer reviewed risk assessment before being deployed into production.
Vulnerability management type Supplier-defined controls
Vulnerability management approach ScholarPack uses an external security agency to identify potential risks. We run a monthly 'security steering group' which discusses incidents, security issues, potential threats and organisational changes which may impact the organisation.

All systems are configured to download and install security updates automatically. We monitor all patches using a centralised log to ensure effective deployment.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Identify: We actively monitor user access into the system to identify suspicious activity. We maintain a complete audit of all data changes made to the database. Access to production servers is limited by IP range to ensure that only authorised users can access the system.
Respond: If we detect unusual activity we will notify the affected school of the potential issue as soon as possible and take action to suspend the affected user account. We respond to incidents as soon as we are made aware, in-line with our incident management policy.
Incident management type Supplier-defined controls
Incident management approach As soon as an incident is discovered a technical team member is allocated the role of 'incident coordinator' to oversee the action plan for remedy.

We use a risk matrix to identify the type and severity of the incident and then use our internal policies to act accordingly. These may include customer disclosure, temporary downtime to minimise impact, emergency bug fixes and policy changes.

Detailed policies are available upon request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1500 to £10000 per instance per year
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑