CPOMS Service Disruption: Critical Update for UK Schools

Current Situation and Impact

Schools across the UK are experiencing significant challenges with the CPOMS safeguarding platform following a system update on 14 January 2025. Reports indicate that approximately 18,500 educational institutions have encountered difficulties accessing this essential child protection management system. These technical challenges have raised concerns about schools' capacity to maintain their safeguarding responsibilities effectively.

The reported technical difficulties manifest in various ways, including unreliable system access, degraded performance and, in some instances, the inability to record new safeguarding concerns. Designated Safeguarding Leads (DSLs) face particular challenges in maintaining their statutory obligation to keep precise and current records. Contemporary safeguarding practices rely significantly on dependable digital infrastructure, as outlined in current safeguarding guidance and training resources.

A review of the situation reveals a progressive deterioration in service reliability. In the hours following the system update, educational institutions began reporting performance degradation. By the next day, many schools experienced complete system unavailability during crucial operational periods. In response, institutions have implemented interim paper-based documentation procedures. Whilst necessary, this alternative approach requires additional staff resources and may present challenges in maintaining comprehensive safeguarding records.

Within the affected educational sector, independent schools present distinct operational considerations. These institutions often employ integrated digital systems where safeguarding platforms connect with broader student management frameworks. Such interconnected arrangements mean that technical disruptions can affect multiple aspects of student welfare monitoring, extending beyond core safeguarding functions.

Technical Details and Workarounds

Technical analysis indicates that the underlying cause relates to authentication complications within the platform's Microsoft Azure integration framework. Users attempting to access the system encounter recurring authentication failures or receive system notifications indicating access denial. The CPOMS service status indicates that these difficulties predominantly affect institutions utilising Microsoft-based authentication protocols. This specific technical context helps explain the widespread nature of the disruption observed across educational establishments.

In response to the ongoing technical difficulties, CPOMS has recommended several temporary measures that educational institutions can adopt:

• Clear the web browser's cache and cookies before initiating a new login attempt
• Access the platform through a private browsing session or incognito window
• Access the system using either Google Chrome or Microsoft Edge browsers
• Deactivate all browser extensions whilst accessing the platform

Reports from educational institutions suggest these interim solutions have varying effectiveness. While cache clearing may provide temporary relief for some users, browser switching appears to offer more consistent results for others. CPOMS has suspended its scheduled platform migration for affected institutions pending a comprehensive resolution of the authentication challenges.

To support educational institutions affected by these technical challenges, CPOMS maintains a dedicated service status portal at status.cpoms.net. This resource provides real-time updates regarding system performance and ongoing remediation efforts.

When the suggested technical solutions prove ineffective and urgent system access is required, educational institutions should communicate directly with their designated CPOMS representative. These specialists can offer tailored guidance based on specific institutional configurations and may facilitate alternative access arrangements whilst the authentication challenges are being resolved.

Data Protection and Compliance Implications

Beyond the operational challenges, this service disruption raises important considerations regarding data protection compliance. Educational institutions must evaluate how the current situation affects their obligations under UK GDPR and the Data Protection Act 2018, particularly concerning the accessibility and security of safeguarding records. The temporary inability to access these sensitive records may have implications for statutory compliance requirements.

Educational institutions should assess whether the current system unavailability requires notification to regulatory authorities. According to Information Commissioner's Office (ICO) guidelines, the temporary inaccessibility of personal data may constitute a reportable incident if it potentially compromises individuals' rights and freedoms. Key considerations include the duration of service disruption and its effect on essential safeguarding functions. Should an institution determine that the situation meets reporting criteria, the ICO stipulates that notification must occur within 72 hours of breach identification.

To maintain data protection compliance during this period, schools should consider implementing the following measures:

• Establish secure, standardised paper documentation protocols with clear staff guidance
• Create a chronological record of safeguarding concerns with appropriate confidentiality measures
• Maintain an audit trail of system accessibility issues and vendor correspondence
• Document any operational adjustments required to ensure continuous safeguarding provision

Educational institutions should maintain regular consultation with their Data Protection Officer (DPO) throughout this disruption. The DPO can provide essential guidance on ICO reporting thresholds and assist in formulating appropriate responses. Any decisions regarding regulatory notification should be formally documented, including the rationale for either reporting or not reporting the incident.

Following service restoration, institutions should implement a systematic approach to digitising temporary paper records. This process requires careful documentation, including timestamps and verification procedures for each transferred record. Maintaining a detailed log of the transfer process helps ensure data integrity and provides essential documentation for potential future audits or enquiries regarding safeguarding record management during the system disruption.

This experience highlights the importance of reviewing and updating data protection impact assessments (DPIAs) and business continuity strategies. Educational institutions may benefit from evaluating their current contingency measures and considering supplementary safeguarding platforms that could provide additional resilience during system disruptions.