Schools in Victoria sit in a unique IT environment. The Department of Education’s Tactical Solutions Service (TSS) covers core infrastructure for government schools. Catholic and independent schools run their own. Either way, the IT brief is broader than most school leaders realise: classroom technology, cyber security, identity management for hundreds of students, ICT funding cycles, vendor management, and increasingly, AI tools and how to govern them.
This post is for the principal, business manager, or head of ICT at a Melbourne school working out what good IT looks like in 2026 — and what the budget cycle should look like.
What’s specifically different about school IT
School IT carries five constraints that don’t apply to typical SMEs:
1. Multi-tenant identity at scale. A 600-student secondary school has 600 active student identities, plus former students whose data is retained for compliance, plus 60 staff, plus a constantly changing roster of parents needing portal access. Identity lifecycle management is bigger than most businesses face.
2. Funding cycles that don’t match equipment lifespans. ICT funding is usually annual or biennial; equipment lifecycles are 3-5 years. Schools that don’t plan ahead end up replacing all their devices in the same year and starving in the others.
3. Curriculum integration. The IT setup has to support specific Victorian Curriculum requirements: digital technologies, media studies, design and technology subjects all have specific software needs. Plus VCE/VET assessment software, NAPLAN platforms, and increasingly AI tools that schools are working out how to govern.
4. Student safety obligations. Online safety, cyber bullying detection, content filtering, age-appropriate access controls. Schools are accountable for what happens on the network in a way most businesses aren’t.
5. The Department’s compliance requirements (for government schools). Privacy and Data Protection Act 2014 (Vic), Schools Privacy Policy, Information Security Standards Manual, plus any specific TSS-related requirements.
What the TSS does (and doesn’t) cover for government schools
The Tactical Solutions Service from the Department covers core infrastructure: network connectivity, server hosting for some applications, identity provider integration, certain enterprise tools. What it generally doesn’t cover: device-level support, classroom technology troubleshooting, third-party application support, after-hours response to incidents, anything outside the standard catalogue.
This is where Melbourne schools commonly bring in external IT support — to fill the operational gap below the strategic infrastructure layer that TSS provides. A school with TSS plus a Melbourne MSP for end-user support is typically better off than one trying to fully internalise everything.
What good Melbourne school IT looks like in 2026
The minimum baseline for a 200-1000 student school:
- A documented device management strategy: 1:1 laptop, BYOD, hybrid? Each model has different cost and support implications
- Microsoft 365 (or Google Workspace) for staff and students with security hardening: MFA on staff accounts always, Conditional Access blocking risky sign-ins, age-appropriate restrictions on student accounts
- Endpoint detection and response on staff devices, plus appropriate device management on student devices (Intune, Apple School Manager, Mosyle)
- Content filtering at the network level, with logging that supports parent and student incident response
- Identity lifecycle automation: when a student or staff member arrives, their account is created and provisioned automatically; when they leave, access is revoked and data retention is honoured
- Backup of every staff-managed system: the ERP/SIS, OneDrive folders, SharePoint sites, the school’s website, anything bespoke
- An incident response plan that includes parent communication, Department notification (where applicable), and a “lockdown” capability for the network if needed
- A multi-year ICT capital plan that smooths device refresh across 2-3 financial years
The cyber security angle for schools specifically
Schools have been targeted by ransomware in increasing numbers across Australia. The pattern: a phishing email lands in a staff inbox, credentials are compromised, the attacker pivots through the school’s identity provider, and the SIS/ERP is encrypted. Recovery is slow because schools rarely have tested incident response plans.
The five controls from cyber security services apply to schools the same as anywhere: MFA, application control, EDR with managed response, backup that survives ransomware, and M365 hardening. The tuning is different — content filtering and student-account controls add layers, and the M365 configuration for student accounts has its own nuances.
Phone systems for schools
Schools with old PBX hardware are usually overdue for a Microsoft Teams Phone or comparable cloud phone migration. Reception lines, classroom phones, and intercom integration are all manageable. Annual phone costs typically drop 30-50% on the migration. Our school phone systems page covers the migration approach.
What about ICT funding cycles?
The schools that handle ICT funding well plan three years ahead. Year 1: refresh teacher laptops. Year 2: refresh student devices. Year 3: refresh network infrastructure (switches, access points, firewall). Year 4: cycle repeats.
This avoids the “we need to buy everything at once” problem and makes it easier to argue for funding because each year’s ask is moderate and predictable. It also lets you align with vendor lifecycle pricing — buying in volume during a single year often costs more than smaller annual buys with maintained relationships.
Should you have internal IT or use an MSP?
Most Melbourne schools we work with run a hybrid: a part-time or full-time internal IT person who handles classroom-immediate issues, plus an MSP that handles strategic infrastructure, security, and after-hours/weekend response. The maths typically works out: an internal full-time hire costs $90k-$130k all-up, an MSP for strategic and security work costs $30k-$80k per year for a school of moderate size.
The exception is large schools (1000+ students) which can usually justify a small internal team. Even those benefit from a managed security service rather than building a SOC internally.
Our IT support for schools service is shaped by the work we’ve done with Victorian schools — TSS coordination, identity automation, curriculum-aware device management, classroom technology support. The managed IT services Melbourne service is the broader business-side equivalent.
What to do next
If you’re going into a budget round in the next quarter, get a written ICT capital plan covering the next 36 months before the conversation. Funders find it easier to approve specific multi-year plans than ad-hoc annual asks. We can help build that plan in a one-day on-site assessment.
Talk to us before the next funding round — we’ll send a sample three-year ICT capital plan and a checklist of what good Melbourne school IT looks like, no commitment to engage further.
