- 1 Introduction
- 2 Roles and Responsibilities
- 3 ICT Infrastructure
- 4 Acceptable use of the Internet in school
- 5 Students using mobile devices in school (BYOD)
- 6 Staff using work devices outside school
- 7 Social Media
- 8 Protecting Professional Identity - Personal Use by Staff
- 9 Educating Students about Online Safety
- 10 Educating parents about online safety
- 11 Cyber-bullying
- 12 How the school will respond to issues of misuse
- 13 Training
- 14 Monitoring arrangements
- 15 Ownership and Date of next review
- 16 APPENDIX A: Student Acceptable Use Agreement
- 17 APPENDIX B: Adult Acceptable Use Agreement
- 18 APPENDIX C: ICT Security for staff
- This policy is based on the Department for Education’s (DfE) statutory safeguarding guidance, Keeping Children Safe in Education, and its advice for schools on:
- It reflects existing legislation, including but not limited to the Education Act 1996 (as amended), the Education and Inspections Act 2006 and the Equality Act 2010. In addition, it reflects the Education Act 2011, which has given teachers stronger powers to tackle cyber-bullying by, if necessary, searching for and deleting inappropriate images or files on pupils’ electronic devices where they believe there is a ‘good reason’ to do so.
- This policy complies with our funding agreement and articles of association.
2 Roles and Responsibilities
The following section outlines the roles and responsibilities for eSafety of individuals and groups within the school:
2.1 The Governing Body
- The Governors have overall responsibility for monitoring this policy and holding the Headteacher to account for its implementation.
- The Governors will be briefed by appropriate staff on online safety, and receive updates from the designated safeguarding lead (DSL).
- All Governors will:
- Ensure that they have read and understand this policy.
- Agree and adhere to the terms on acceptable use of the school's ICT systems and the Internet.
2.2 The Headteacher
- The Headteacher is responsible for ensuring that staff understand this policy, and that it is being implemented consistently throughout the school.
2.3 The designated safeguarding lead
- Details of the school’s designated safeguarding lead (DSL) and deputy are set out in our Safeguarding policy.
- The DSL takes lead responsibility for online safety in school, in particular:
- Supporting the Headteacher in ensuring that staff understand this policy and that it is being implemented consistently throughout the school.
- Working with the Headteacher, network manager and other staff, as necessary, to address any online safety issues or incidents.
- Ensuring that any online safety incidents are logged and dealt with appropriately in line with this policy.
- Ensuring that any incidents of cyber-bullying are logged and dealt with appropriately in line with the school behaviour policy.
- Updating and delivering staff training on online safety.
- Liaising with other agencies and/or external services if necessary.
- Providing regular reports on online safety in school to the Headteacher and/or governors.
- This list is not intended to be exhaustive.
2.4 The Network manager is responsible for
- Putting in place appropriate filtering and monitoring systems, which are updated on a regular basis and keep students safe from potentially harmful and inappropriate content and contact online while at school, including terrorist and extremist material.
- Ensuring that the school’s ICT systems are secure and protected against viruses and malware, and that such safety mechanisms are updated regularly.
- Blocking access to potentially dangerous sites and, where possible, preventing the downloading of potentially dangerous files.
- Conducting a full security check and monitoring the school’s ICT systems on an ongoing basis.
- Working alongside pastoral colleagues to ensure that any online safety incidents (including cyber-bullying) are dealt with appropriately.
- This list is not intended to be exhaustive.
2.5 All staff and volunteers
- All staff, including contractors and agency staff, and volunteers are responsible for:
- Maintaining an understanding of this policy.
- Implementing this policy consistently.
- Agreeing and adhering to the terms on acceptable use of the school's ICT systems and the Internet, and ensuring that students follow the School's terms on acceptable use.
- Working with the DSL to ensure that any online safety incidents are logged and dealt with appropriately in line with this policy.
- Ensuring that any incidents of cyber-bullying are dealt with appropriately in line with the school behaviour policy.
- This list is not intended to be exhaustive.
2.6 Parents/Carers are expected to
- Notify a member of staff or the Headteacher of any concerns or queries regarding this policy.
- Ensure their child has read and understood the terms on acceptable use of the school's ICT systems and Internet.
- Parents can seek further guidance on keeping children safe online from the following organisations and websites:
2.7 Visitors and members of the community
- Visitors and members of the community who use the school’s ICT systems or the Internet will be made aware of this policy, when relevant, and expected to read and follow it.
- If appropriate, they will be expected to agree to the terms on acceptable use.
- Are responsible for using BGS ICT systems in accordance with the Student Acceptable Use Agreement.
- Have a good understanding of research skills and the need to avoid plagiarism and uphold copyright regulations.
- Need to understand the importance of reporting abuse, misuse or access to inappropriate materials and know how to do so.
- Will be expected to know and understand BGS policies on the use of mobile devices. They should also know and understand school policies on the taking / use of images and on cyberbullying.
- Should understand the importance of adopting good eSafety practice when using digital technologies out of school and realise that the eSafety Policy covers their actions out of school, if related to their membership of the school.
3 ICT Infrastructure
The School will be responsible for ensuring that the School network is as safe and secure as is reasonably possible and that policies and procedures approved within this policy are implemented. It will also need to ensure that the relevant people named in the above sections will be effective in carrying out their online safety responsibilities:
- School ICT systems will be managed in ways that ensure that the School meets recommended technical requirements as per best-practice guidelines from our software vendors through ongoing training (e.g. Microsoft).
- There will be regular reviews and audits of the safety and security of School technical systems, conducted by the Network manager and reported to the C&P committee.
- Servers, wireless systems and cabling must be securely located and physical access restricted.
- All users will have clearly defined access rights to School ICT systems and devices.
- All users will be provided with a username and secure password by the network team who will keep an up to date record of users and their usernames. Users are responsible for the security of their username and password and will be required to change their password every full term.
- The administrator passwords for the School ICT system, used by the Network Manager must also be kept in the School's safe.
- Internet access is filtered for all users. Illegal content is filtered by actively employing the Internet Watch Foundation CAIC list. Content lists are regularly updated and Internet use is to be logged and regularly monitored. Requests for filtering changes are to be made via an email to [email protected] so that the request can be logged.
- Internet filtering should ensure that children are safe from terrorist and extremist material when accessing the Internet.
- The School has differentiated user-level filtering for staff, students and guests.
- School technical staff regularly monitor and record the activity of users on the school technical systems and users are made aware of this in the Acceptable Use Policy.
- Users are able to report any actual technical problems or security breaches by contacting the Network Team.
- Appropriate security measures are in place to protect the core network and workstations from accidental or malicious attempts which might threaten the security of the school systems and data. These are updated and tested regularly. The school infrastructure and individual workstations are protected by up to date virus software.
- An agreed policy is in place for the provision of temporary access of “guests” (eg trainee teachers, supply teachers, visitors) onto the school systems using filtered WiFi access.
- Staff are strongly encouraged not to download executable files and install programs on school laptop computers. Any colleague wishing to do so should take advice from a Network Team colleague before attempting to do so.
- Personal data must not be sent over the Internet or taken off the school site unless safely encrypted or otherwise secured (e.g. on a school-issued laptop), in accordance with the Data Protection policy. The School provides a secure VPN tunnel for accessing core network services from home.
4 Acceptable use of the Internet in school
- All students, parents, staff, volunteers and governors are expected to read and follow the acceptable use of the School’s ICT systems and the Internet for adults and students. Visitors will be expected to read and agree to the school’s terms on acceptable use if relevant.
- Use of the school’s Internet must be for educational purposes only, or for the purpose of fulfilling the duties of an individual’s role.
- Any digital communication between staff and other parties (e.g students, parents/carers) must be professional in tone and content. These communications may only take place on official (monitored) School systems. Personal mobile phones, email addresses, text messaging or social media must not be used for these communications.
- Personal information should not be posted on the school website and only official email addresses (e.g. [email protected], [email protected]) should be provided as a point of contact. A means of contacting the School can be found on the 'Contact' page of the School website.
- We will monitor the websites visited by students, staff, volunteers, governors and visitors (where relevant) to ensure they comply with the above.
- More information is set out in the acceptable use agreements in appendices A and B.
5 Students using mobile devices in school (BYOD)
- Mobile technology devices may be School owned or personally owned and might include: smartphone, tablet, laptop or other technology that usually has the capability of utilising the school’s wireless network.
- The device then has access to the wider Internet which may include the school’s websites and other cloud based services such as email and data storage.
- All users should understand that the primary purpose of the use mobile devices in a school context is educational.
- Any use of mobile devices in school by students must be in line with the Student BYOD policy.
- Any breach of the acceptable use agreement by a student may trigger disciplinary action in line with the school behaviour policy, which may result in the confiscation of their device.
- Users must immediately report, to a member of staff, the receipt of any communication that makes them feel uncomfortable, is offensive, discriminatory, threatening or bullying in nature and must not respond to any such communication.
6 Staff using work devices outside school
- Staff members using a work device outside school must not install any unauthorised software on the device and must not use the device in any way which would violate the school’s terms of acceptable use, shown in appendix B
- Staff must ensure that their work device is secure and password-protected, and that they do not share their password with others. They must take all reasonable steps to ensure the security of their work device when using it outside school.
- Any portable storage device containing data relating to the school must be encrypted
- Not sharing the device among family or friends
- Work devices must be used solely for work activities
- If staff have any concerns over the security of their device, they must seek advice from the Network manager
7 Social Media
- The School does not currently maintain an official presence on any form of social media.
8 Protecting Professional Identity - Personal Use by Staff
- Personal communications are those made via a personal social media accounts. In all cases, where a personal account is used which associates itself with the School or impacts on the School, it must be made clear that the member of staff is not communicating on behalf of the School with an appropriate disclaimer. Such personal communications are within the scope of this policy.
- Personal communications which do not refer to or impact upon the school are outside the scope of this policy.
- Where excessive personal use of social media in school is suspected, and considered to be interfering with relevant duties, disciplinary action may be taken.
- When on-site, the School permits colleagues reasonable and appropriate access to private social media sites, outside of directed time.
- School staff should ensure that:
- No reference should be made in social media to students, parents/carers or School staff.
- They do not engage in online discussion on personal matters relating to members of the school community.
- Personal opinions are not attributed to the school.
- It is strongly recommended that security settings on personal social media profiles are regularly checked to minimise risk of loss of personal information.
9 Educating Students about Online Safety
- Students will be taught about online safety as part of the curriculum.
- In Key Stage 3, students will be taught to:
- Understand a range of ways to use technology safely, respectfully, responsibly and securely, including protecting their online identity and privacy.
- Recognise inappropriate content, contact and conduct, and know how to report concerns.
- Students in Key Stage 4 and 5 will be taught:
- To understand how changes in technology affect safety, including new ways to protect their online privacy and identity.
- How to report a range of concerns.
- The safe use of social media and the Internet will also be covered in other subjects where relevant.
- The school will use assemblies to raise students’ awareness of the dangers that can be encountered online and may also invite speakers to talk to students about this.
10 Educating parents about online safety
- The school will raise parents’ awareness of Internet Safety in letters or other communications home, and in information via our website. This policy will also be shared with parents.
- Online safety will also be covered during an annual parents' information evening.
- If parents have any queries or concerns in relation to online safety, these should be raised in the first instance with the DSL.
- Concerns or queries about this policy can be raised with any member of staff or the Headteacher.
- Cyber-bullying takes place online, such as through social networking sites, messaging apps or gaming sites. Like other forms of bullying, it is the repetitive, intentional harming of one person or group by another person or group, where the relationship involves an imbalance of power. See also the school behaviour policy.
11.2 Preventing and addressing cyber-bullying
- To help prevent cyber-bullying, we will ensure that students understand what it is and what to do if they become aware of it happening to them or others. We will ensure that students know how they can report any incidents and are encouraged to do so, including where they are a witness rather than the victim.
- The school will actively discuss cyber-bullying with students, explaining the reasons why it occurs, the forms it may take and what the consequences can be. Class teachers will discuss cyber-bullying with their classes, and the issue will be addressed in assemblies.
- Teaching staff are also encouraged to find opportunities to use aspects of the curriculum to cover cyber-bullying. This includes personal, social, health and economic (PSHE) education, and other subjects where appropriate.
- All staff receive training on cyber-bullying, its impact and ways to support students, as part of ongoing safeguarding training.
- The school also runs an annual eSafety information evening so that parents are aware of the signs of cyber-bullying, how to report it and how they can support children who may be affected.
- In relation to a specific incident of cyber-bullying, the school will follow the processes set out in the school behaviour policy. Where illegal, inappropriate or harmful material has been spread among students, the school will use all reasonable endeavours to ensure the incident is contained.
- The DSL will consider whether the incident should be reported to the Police if it involves illegal material, and will work with external services if it is deemed necessary to do so.
11.3 Examining electronic devices
- School staff have the specific power under the Education and Inspections Act 2006 (which has been increased by the Education Act 2011) to search for and, if necessary, delete inappropriate images or files on students' electronic devices, including mobile phones, iPads and other tablet devices, where they believe there is a ‘good reason’ to do so.
- When deciding whether there is a good reason to examine or erase data or files on an electronic device, staff must reasonably suspect that the data or file in question has been, or could be, used to:
- Cause harm, and/or
- Disrupt teaching, and/or
- Break any of the school rules
- If inappropriate material is found on the device, it is up to the staff member in conjunction with the DSL or other member of the senior leadership team to decide whether they should:
- Delete that material, or
- Retain it as evidence (of a criminal offence or a breach of school discipline), and/or
- Report it to the police.
- Any searching of students will be carried out in line with the DfE’s latest guidance on screening, searching and confiscation.
- Any complaints about searching for or deleting inappropriate images or files on students' electronic devices will be dealt with through the school Complaints Policy.
12 How the school will respond to issues of misuse
- Where a student misuses the school’s ICT systems or Internet, we will follow the procedures set out in the behaviour policy. The action taken will depend on the individual circumstances, nature and seriousness of the specific incident, and will be proportionate.
- Where a staff member misuses the school’s ICT systems or the Internet, or misuses a personal device where the action constitutes misconduct, the matter will be dealt with in accordance with the staff disciplinary procedures. The action taken will depend on the individual circumstances, nature and seriousness of the specific incident.
- The school will consider whether incidents which involve illegal activity or content, or otherwise serious incidents, should be reported to the police.
12.1 Dealing with potentially criminal issues
- In the event of suspicion, all steps in this procedure should be followed:
- Have more than one senior member of staff involved in this process. This is vital to protect individuals if accusations are subsequently reported.
- Conduct the investigation using a designated computer that will not be used by young people and if necessary can be taken off site by the police should the need arise. Use the same computer for the duration of the procedure.
- It is important to ensure that the relevant staff should have appropriate internet access to conduct the procedure, but also that the sites and content visited are closely monitored and recorded (to provide further protection).
- Record the URL of any site containing the alleged misuse and describe the nature of the content causing concern. It may also be necessary to record and store screenshots of the content on the machine being used for investigation. These may be printed, signed and attached to the report (except in the case of images of child sexual abuse – see below).
- Once this has been completed and fully investigated the group will need to judge whether this concern has substance or not. If it does, then appropriate action will be required and could include the following:
- Internal response or discipline procedures.
- Police involvement and/or action.
- If content being reviewed includes images of child abuse then the monitoring should be halted and referred to the Police immediately. Other instances to report to the police would include:
- incidents of grooming behaviour.
- the sending of obscene materials to a child.
- adult material which potentially breaches the Obscene Publications Act.
- criminally racist material.
- promotion of terrorism or extremism.
- other criminal conduct, activity or materials.
- Isolate the computer in question as best you can. Any change to its state may hinder a later police investigation.
- It is important that all of the above steps are taken as they will provide an evidence trail for the School and possibly the police and demonstrate that visits to these sites were carried out for safeguarding purposes.
- The completed report should be retained by the School for evidence and reference purposes.
- All new staff members will receive training, as part of their induction, on safe internet use and online safeguarding issues including cyber-bullying and the risks of online radicalisation.
- All staff members will receive refresher training at least once each academic year as part of safeguarding training, as well as relevant updates as required (for example through emails and staff meetings).
- The DSL and deputies will undertake child protection and safeguarding training, which will include online safety, at least every 2 years. They will also update their knowledge and skills on the subject of online safety at regular intervals, and at least annually.
- Governors will receive training on safe internet use and online safeguarding issues as part of their safeguarding training.
- Volunteers will receive appropriate training and updates, if applicable.
- More information about safeguarding training is set out in our Safeguarding policy.
14 Monitoring arrangements
- The DSL logs behaviour and safeguarding issues related to online safety.
15 Ownership and Date of next review
- Policy owned by: Pastoral and Community committee.
- Last reviewed and approved on: 3 February 2021.
- Next review due: February 2023
16 APPENDIX A: Student Acceptable Use Agreement
- When I use the school’s ICT systems (like computers, laptops or accessing school WiFi on my own device) and get onto the Internet in school I will:
- Always use the school’s ICT systems and the internet responsibly and for educational purposes only
- Only use them when a teacher is present, or with a teacher’s permission
- Keep my username and passwords safe and not share these with others
- Keep my private information safe at all times and not give my name, address or telephone number to anyone without the permission of my teacher or parent/carer
- Tell a teacher (or sensible adult) immediately if I find any material which might upset, distress or harm me or others
- Always log off or shut down a computer when I’m finished working on it
- I will not
- Access any inappropriate websites including: social networking sites, chat rooms and gaming sites unless my teacher has expressly allowed this as part of a learning activity
- Open any attachments in emails, or follow any links in emails, without first checking with a teacher
- Use any inappropriate language when communicating online, including in emails
- Log in to the school’s network using someone else’s details
- Arrange to meet anyone offline without first consulting my parent/carer, or without adult supervision
- If I bring a personal mobile phone or other personal electronic device into school:
- I will not use it during lessons, tutor group time, clubs or other activities organised by the school, without a teacher’s permission
- I will use it responsibly, and will not access any inappropriate websites or other inappropriate material or use inappropriate language when communicating online
- I understand that I am strongly discouraged from arranging to meet anyone offline without first consulting my parent/carer, or without adult supervision.
- I agree that the school will monitor the websites I visit and understand that there will be consequences if I don’t follow these rules
17 APPENDIX B: Adult Acceptable Use Agreement
- When using the school’s ICT systems and accessing the internet in school, or outside school on a work device, I will not:
- Access, or attempt to access inappropriate material, including but not limited to material of a violent, criminal or pornographic nature (or create, share, link to or send such material)
- Use them in any way which could harm the school’s reputation
- Access social networking sites or chat rooms
- Use any improper language when communicating online, including in emails or other messaging services
- Install any unauthorised software or connect unauthorised hardware or devices to the school’s network
- Share my password with others or log in to the school’s network using someone else’s details
- Share confidential information about the school, its pupils or staff, or other members of the community
- Access, modify or share data I’m not authorised to access, modify or share
- Promote private businesses, unless that business is directly related to the school
- I will only use the school’s ICT systems and access the internet in school, or outside school on a work device, for educational purposes or for the purpose of fulfilling the duties of my role.
- I agree that the school will monitor the websites I visit.
- I will take all reasonable steps to ensure that work devices are secure and password-protected when using them outside school, and keep all data securely stored in accordance with this policy and the school’s data protection policy.
- I will let the designated safeguarding lead (DSL) and Network manager know if a student informs me they have found any material which might upset, distress or harm them or others, and will also do so if I encounter any such material.
- I will always use the school’s ICT systems and internet responsibly, and ensure that students in my care do so too.
18 APPENDIX C: ICT Security for staff
- This appendix sets out the required security protocols that all staff using electronic equipment to access School ICT services are expected to follow at all times. The School's electronic systems facilitate detailed access to potentially sensitive student (and staff) data, which we have a responsibility to protect appropriately.
- No member of staff shall alter settings on School-owned devices to circumvent any of the measures outlined in the policy.
- Violations of this policy will be handled in line with the School’s disciplinary policy.
18.1 Password Security
- Staff passwords are to consist of a minimum of eight characters, and must contain at least one capital letter and a number.
- Passwords for staff are to be changed three times a year, where practicable.
18.2 Mobile Devices
- Teaching staff are to be supplied with a mobile device and charger at the commencement of employment. All ICT equipment will be signed for in the IT support office, against serial numbers, at the point of issue.
- When a colleague leaves the employment of the School, the equipment is to be returned to the network office, and signed back in. Release of the final month's salary will be contingent on return of the signed-for equipment in acceptable condition; the School reserves the right to make deductions from salary in respect of missing, incomplete or damaged equipment.
- All School mobile devices will be configured to lock automatically after 30 minutes, before requiring a password to restore access after this time.
- Before leaving a laptop in a room, machines are to be password-locked. Shortcut key: Windows key + L
- The School reserves the right to reduce the lock period where colleagues fail to adhere to this policy.
- Where available, additional mobile devices, such as an iPad, are an optional piece of equipment, and are issued on a guarantee basis. In the event of loss or damage due to staff negligence, the School reserves the right to charge the responsible individual the cost of the insurance excess (currently £200).
- By accepting a School-issue mobile device users agree to adhere to the following security conditions:
- A passcode lock will be enabled with a maximum auto-lock time delay of 5 minutes.
- In the case of an iPad, the “Find my iPad” feature must be enabled, and be signed-in with the School’s Apple ID, to allow recovery or locking in the event of loss.
18.3 School Data
- With the exception of MS Exchange and Teams services for mobile devices (e.g. School email, calendar), staff may not transfer school data onto personally owned computer equipment, or share school data with third parties. Where personally owned equipment is used for BYOD access, security measures (e.g. PIN code) must be used.
- Colleagues are strongly discouraged from storing personal data on school-owned devices.
- Portable storage devices should not be used for transporting sensitive data, due to the risk of loss or theft.
- Each user account has an associated H: drive which can only be accessed by the owner(s) of the account and network administrators.
- The open drive (G:) is visible to both staff and student users. Only staff members may modify items on this drive.
- Files and folders on the iMedia (I:), Staff (U:) and Admin Staff (W:) drives are accessible only to those staff members whose roles require it.
- New colleagues have a 500Mb Mailbox limit for storing email.
- In line with the Data Protection Act 2018, colleagues should avoid retaining emails for excessively long periods and should avoid the use of email for expressing personal opinions regarding students or colleagues. Further information can be found in the School's Data Protection Policy.
- Guidance for colleagues on managing email inboxes can be found on the relevant page of the Staff Handbook.
18.4 Staff BYOD
- For those who choose to connect privately-owned devices to the School's ICT infrastructure, the owner is responsible for ensuring that the device is password-protected when not in use.
- The School takes no responsibility for the security, safety, theft, insurance and ownership of any device used within the School premises that is not the property of the School. We will investigate the theft not the loss. If a device is stolen or damaged while on School premises, it is to be reported to reception immediately, in order that the incident can be logged.
- All internet access via the School WiFi network is logged.
- The School does not approve any apps or updates that may be downloaded onto any device whilst using the School’s wireless network and such activity is undertaken at the owner’s risk, with the School having no liability for any consequent loss of data or damage to the individual’s device.
- Privately-owned devices should not be used in a manner that would portray the School in an unfavourable light while connected to the School's WiFi.
- Any costs/fees incurred while using devices are not chargeable against the School and are the sole responsibility of the owner.
- Charging devices of any kind may not be used in School.