Internal ScrutinyBy TSO Education
Book a planning callRegister free

Website Compliance Checks for Academy Trusts

By TSO Education27 November 202513 min read

Academy Trust Handbook

Website compliance checks for academy trusts are one of the fastest, cheapest ways to reduce avoidable governance risk. In most trusts, the hard work has already been done. Policies exist. Schemes of delegation exist. Board minutes exist. The problem is publication discipline. Required information is out of date, hard to find, inconsistent across trust and academy sites, or hosted in a way that breaks when someone changes a folder name.

That might sound minor until you see how quickly a website gap becomes a governance problem. Parents, staff, union reps, journalists, local MPs, inspectors and regulators all start in the same place: they look at what the trust has chosen to publish. If a whistleblowing procedure is missing, if business interests are not current, or if the trust accounts cannot be found, the story becomes “lack of transparency” even when the trust is working hard behind the scenes.

A strong trust treats its website as a live compliance control. That means three things:

  • the trust knows what must be published and where it sits
  • someone is accountable for keeping it current
  • the audit trail exists to prove checks were done, issues were fixed, and fixes were verified

This guide sets out a repeatable method for website compliance checks in academy trusts. It is aligned to the Department for Education’s publication guidance and the Academy Trust Handbook, and it is written with audit and risk committees in mind. It also includes a practical remediation sprint for when you find gaps.

The statutory and Handbook duties that sit behind website checks

Before you build a checking process, it helps to be clear about what is driving the requirement. Three strands often get muddled.

First, there are the publication requirements set out in DfE guidance on what academies, free schools and colleges must or should publish online. This is the primary reference most trusts use as the basis for statutory website information. It covers admissions and appeals publication timings (where applicable), complaints procedure availability, SEN information publication, governance and interests, executive pay disclosure and more. It also reminds trusts that parents can request paper copies of information free of charge. (gov.uk)

Second, the Academy Trust Handbook links publication to internal control and governance discipline. The Handbook requires trusts to maintain sound internal control, risk management and assurance processes, using a tiered approach that includes internal scrutiny overseen by an audit and risk committee. That is the governance reason website checks matter. Publication is a visible output of whether controls are operating consistently. (gov.uk)

Third, there are wider public sector website requirements that do not always appear in school focused checklists, particularly accessibility. Public sector bodies must meet accessibility regulations and publish an accessibility statement, keeping it under review. Many trusts miss this because it sits outside education compliance conversations, but it is still a real obligation. (gov.uk)

A practical approach is to build your compliance checks around the DfE publication guidance and the Handbook, then add accessibility as a standard “always check” item. If you have the capacity, you can extend further into privacy notices and cookies, but the core statutory education publication requirements should be secure first.

What “good” looks like for academy trust website compliance

You will sometimes hear “we are compliant, because the document exists”. That is not a helpful definition. DfE guidance is about what must be published online, not what is stored internally. If a required document is present but buried behind three menus, named inconsistently, or linked to a file that no longer opens, the public experience is still a failure.

Good website compliance has four characteristics.

It is complete. The trust and each academy site contains the required headings and content, and it is publicly accessible without barriers.

It is current. Dates, versions and committee approvals make sense, and content is updated when governance or policy changes happen.

It is consistent. Where the trust publishes centrally, academies link consistently and do not publish contradictory versions.

It is evidenced. The trust can show what was checked, when it was checked, what was found, and how fixes were verified.

If you can get those four right, website compliance stops being a frantic pre Christmas tidy up and becomes steady business as usual.

The DfE publication headings you should map to your checklist

The DfE “publish online” guidance is long, and most trusts do not need to reproduce it in full in their own materials. What they do need is a checklist that maps directly to it, so reviewers are not relying on memory.

At a trust level, the areas that commonly trip MATs up include governance and transparency items. The DfE guidance says academy trusts must publish, in an easily accessible format on their website, items such as the memorandum and articles of association, names of members and trustees, relevant business and financial interests, funding agreement and governance arrangements. (gov.uk)

On financial transparency, it also states that academy trusts must publish the number of employees whose salary and related benefits exceeded £100,000 in the previous academic year, presented in £10,000 bandings. (gov.uk)

There are also trust wide publication expectations that are easy to overlook because they feel operational. Whistleblowing is a good example. The Handbook is explicit that the board must agree a whistleblowing procedure and publish it on the trust website. (gov.uk)

At academy level, the DfE guidance covers a wide spread: contact details, complaints procedure availability, SEN information report content, curriculum information, pupil premium strategy publication deadlines, PE and sport premium information (where relevant), equality duty information, and more. The detail matters, but your audit method matters even more, because it is what stops compliance from drifting between terms. (gov.uk)

My advice is to treat the DfE guidance as your “master list”, then build a trust checklist with two layers: a trust wide layer for trust level requirements and a school layer for academy site requirements. That structure makes ownership and reporting much clearer.

A practical audit method that works term after term

The best website compliance checks look boring on paper. That is a compliment. Boring means repeatable, and repeatable means your committee can compare results across terms and years.

Here is a method that works well across multi academy trusts, including trusts with mixed website platforms.

1. Define scope properly

Write down exactly what is being checked. That normally means the trust website plus each academy website. If you use microsites for policies, governance or recruitment, include them too. Website compliance often fails in the gaps between platforms.

2. Freeze the audit date and capture the evidence

Pick a review date and time, then capture evidence against that snapshot. The DfE guidance is about what is published online at the point someone looks. Your evidence should mirror that reality.

For each check point, record the URL and take a screenshot where there is a failure or partial compliance. A screenshot is not about blame. It is about having an objective record of what the public could see.

3. Test both presence and usability

A document can exist and still be non compliant in practical terms. Usability tests do not need to be complicated. Ask:

  • can a parent find the item from the homepage within a reasonable number of clicks?
  • does the link work on a phone as well as a desktop?
  • does the document open and display properly?
  • is the content readable and labelled clearly?

If your trust uses a central policy library, check that each academy site links to it reliably and that links do not break when documents are updated.

4. Rate findings in a way trustees can understand

Risk rating is helpful, but only if it is meaningful. The simplest approach is to rate based on impact and exposure. For example, an out of date trustee interests register is higher risk than a missing archived PE premium report from three years ago.

Keep ratings consistent across sites. Trusts often get into trouble when one academy is judged more harshly than another because different reviewers have different instincts.

5. Assign owners and deadlines that match how your trust works

Some fixes sit with central governance, some with HR, some with finance, some with academy admin teams, and some with whoever holds website permissions. Your action log should reflect that reality, otherwise everything ends up with one over stretched person and deadlines slip.

6. Re test and close based on evidence

Closure should mean the item is now present, current, accessible and accurate. If the same person who makes the change also signs it off, you lose a layer of assurance. A second line reviewer, a governance professional, or internal scrutiny can do the re test depending on your model.

Building a checklist that reduces interpretation drift

A common problem across MATs is “interpretation drift”. Everyone thinks they are checking the same thing, but they are not. One academy checks whether a policy exists. Another checks whether the policy is dated. Another checks whether the link works. You get an action list, but you cannot compare results.

A strong checklist is explicit. For each requirement, define what “pass” means.

For example, on whistleblowing, a strong test point is: “Whistleblowing procedure is published on the trust website, accessible without login, and is the current board approved version.” That aligns to the Handbook duty to publish the procedure. (gov.uk)

On governance transparency, define what “up to date” means for your trust. The DfE guidance expects names of members and trustees, relevant business and financial interests and governance arrangements. That implies the information changes when people change. Your test point can include a simple cross check against your governance records. (gov.uk)

On accounts publication, include the timing. The guidance says academy trusts must publish audited annual report and accounts on their website by 31 January each year. A website check in February should show that the accounts are there and easy to locate. (gov.uk)

A checklist like this sounds strict, but it reduces workload. People spend less time arguing about interpretation and more time fixing issues.

Ownership and cadence across a MAT

Website compliance falls apart when it is treated as “somebody in comms will sort it”. Publishing is a technical action. Compliance is a governance responsibility. The solution is shared ownership with clear boundaries.

A workable model looks like this:

  • An executive owner sets expectations, resources the process and reports exceptions.
  • Content owners sit with the functions that produce the documents, such as governance, finance, HR and SEND.
  • Publishing owners manage the practical steps of uploading, linking and structuring pages.
  • Academy owners confirm academy site content where publication is school specific.
  • The audit and risk committee receives reporting that focuses on high risk exceptions, overdue actions and repeat themes.

Cadence should reflect risk. Many trusts find a termly full check across trust and academy sites is proportionate, with a lighter monthly “delta check” for high change areas such as governance pages, policy libraries and statutory financial disclosures. The aim is steady control, not constant checking.

Evidence packs that stand up to scrutiny

If a trust cannot evidence its checks, it has limited assurance. For committee reporting and internal scrutiny follow up, an evidence pack should be easy to retrieve and easy to understand.

A good pack normally contains:

  1. the checklist version used and the mapping to DfE guidance headings
  2. the scope list of sites reviewed
  3. the test log with URLs and outcomes
  4. screenshots for failed or partial items
  5. the action tracker with owners and due dates
  6. re test evidence and closure notes
  7. a short committee report that summarises themes and escalations

Store it in a central, versioned location. Email chains are not an archive.

The issues that keep coming back, and how to stop repeat failures

Across trusts, repeat website issues tend to cluster around a few themes.

Policy dates drift after board approval cycles. A policy is updated internally, but the website version remains the old one because nobody owns the final publishing step.

Governance pages lag behind real governance. Trustee changes happen, but the website does not reflect them quickly enough, particularly for interests and committee arrangements.

Documents are uploaded but not linked properly. The file exists, but the public cannot find it without searching.

Academy sites diverge. One school links to central policies, another uploads its own copy, and a third has both, which confuses the public and undermines confidence.

The fix is control design. Build publication steps into your governance workflows. For example:

  • when a policy is approved, the paper includes a named publishing owner and a deadline for website update
  • when a trustee or member changes, the governance change process includes website publication tasks
  • when accounts are approved and submitted, publishing by 31 January is treated as part of the closing timetable

None of that is complicated. It simply makes the website part of the control environment rather than an afterthought.

Accessibility: the compliance area most trusts under check

Accessibility deserves its own mention because it is often missing from education compliance conversations. GOV.UK guidance on accessibility requirements for public sector websites and apps explains that public sector bodies must meet accessibility standards and publish an accessibility statement, keeping it under review. (gov.uk)

A practical website compliance check should therefore include:

  • an accessibility statement that is easy to locate
  • a review date for the statement and evidence it is maintained
  • a basic sense check that key documents are accessible, particularly PDFs that are relied on for statutory publication

You do not need to solve every accessibility issue in a week. You do need to show governance awareness and a plan.

A 30 day remediation sprint when you find high risk gaps

If your trust identifies multiple high risk failures, a structured sprint helps you regain control quickly without panic.

A 30 day approach that works in practice:

  1. Days 1 to 3: triage findings and identify critical publication failures, such as missing whistleblowing procedure, missing governance transparency items, or missing accounts publication points
  2. Days 4 to 10: fix critical items first, then re check links and document accessibility
  3. Days 11 to 15: standardise navigation so statutory information is easy to find, and remove duplicate or conflicting versions
  4. Days 16 to 20: review date and version integrity, particularly for policy libraries
  5. Days 21 to 25: independent re test by someone outside the publishing workflow
  6. Days 26 to 30: report closure and any residual risk to the audit and risk committee, with a plan for longer term prevention

The independent re test is important. It is the difference between “we think we fixed it” and “we can evidence it is fixed”.

How internalscrutiny.co.uk can help

At internalscrutiny.co.uk, we support trusts that want publication compliance to be managed as part of the control environment, with clear ownership and evidence that holds up in committee. Our work typically includes a trust wide baseline against current DfE website publication requirements, a standardised review framework across trust and academy sites, risk rated reporting, and follow up verification that supports audit and risk committee oversight.

You can align this with your wider compliance programme through our website compliance support page, use our internal scrutiny readiness checklist, or book planning via Book Audit.

Sources

Checked on 24 February 2026.

  1. GOV.UK, What academies and further education colleges must or should publish online (last updated 24 October 2024): https://www.gov.uk/guidance/what-academies-free-schools-and-colleges-should-publish-online
  2. GOV.UK, Academy trust handbook 2025: effective from 1 September 2025 (updated 22 October 2025), including whistleblowing publication requirement and internal control expectations: https://www.gov.uk/government/publications/academy-trust-handbook/academy-trust-handbook-2025-effective-from-1-september-2025
  3. GOV.UK, Accessibility requirements for public sector websites and apps: https://www.gov.uk/guidance/accessibility-requirements-for-public-sector-websites-and-apps
  4. GOV.UK, Make your website or app accessible and publish an accessibility statement: https://www.gov.uk/guidance/make-your-website-or-app-accessible-and-publish-an-accessibility-statement

Apply this in your trust

Book a planning call or register free at MYAUDIT.school.

Register freeBook a planning call