Online Safety Policy

Date of issue: September 2022

Date of review: September 2023

Ratified by Academy Governing Council on:

Co-op Academy Oakwood is committed to safeguarding every student. We acknowledge that safeguarding is everyone’s responsibility and ensure all of our staff are trained to be vigilant and aware of the signs and indicators of abuse and understand and follow safe working practices.

The viewpoints and voice of students is of paramount importance to our Academy and we will always listen to their wishes, thoughts and feelings, as well as identifying and supporting their needs. We will work alongside students to develop trusting, consistent and professional relationships and show we care by advocating the early help processes where possible. We will identify any difficulties or concerns early in order to act preventatively. We will always provide support and advice for families and parents/carers, whilst acting in the best interests of the student at all times and doing what matters most. Safeguarding also includes ensuring we work in an open and honest way, enabling our students to feel safe by providing a secure learning environment, are equally protected regardless of any barriers they may face and are able to grow and develop in the same way as their peers.

Co-op Academy Oakwood safeguards students by:

• Maintaining a secure site and ensuring that all visitors to the Academy are recorded, monitored and clear about how to raise a safeguarding concern should one arise.
• Ensuring that safer recruitment practices are followed to prevent those who pose a risk to children gaining access to our students.
• Filtering and monitoring all internet traffic into the Academy to ensure that students cannot be exposed to harmful material and communication.
• Ensuring that all staff employed by the Academy have received Disclosure and Barring Service (DBS) clearance which is recorded in the Single Central Record
• Providing regular training and briefings for all staff in child protection and ensuring that all staff and visitors know who our designated safeguarding officers and designated senior lead are.
• Ensuring that admission and attendance procedures are robust to protect students, ensure that they are safe and prevent students from going missing from education.
• Empowering young people to identify risks both within the Academy and in their community; ensuring that they have the skills and confidence to help and protect themselves and others.
• Making sure that all students understand the importance of reporting concerns about themselves and peers and giving them the confidence to discuss sensitive issues.
• Providing pastoral and inclusion support to ensure that all students have access to guidance and advice, and when needed referrals for additional agency support to meet their needs.
• Sharing information when appropriate with other agencies and services to ensure that students, children and their families have support to meet their needs and prevent students from harm or further harm
• Taking immediate action and contacting the appropriate agencies when we believe that a student is in danger or is at risk of harm.

Co-op Academy Oakwood is committed to safeguarding and promoting the wellbeing of all of our pupils. We expect our staff, governors, wider professionals, volunteers and all other stakeholders to share this commitment. All of our policies are underpinned and linked to our safeguarding policy through this commitment.

This policy uses the London Grid for Learning Online Safety Policy for schools 2022 template.

Introduction

Key people / dates

What is this policy?

Online safety is an integral part of safeguarding and requires a whole school, cross-curricular approach and collaboration between key school leads. Accordingly, this policy is written in line with ‘Keeping Children Safe in Education’ 2022 (KCSIE), ‘Teaching Online Safety in Schools’ 2019, statutory RSHE guidance 2019 and other statutory documents. It is cross-curricular (with relevance beyond Relationships, Health and Sex Education, Citizenship and Computing) and designed to sit alongside your school’s statutory Safeguarding Policy. Any issues and concerns with online safety must always follow the school’s safeguarding and child protection procedures.

Who is it for; when is it reviewed?

This policy should be a living document, subject to full annual review but also amended where necessary during the year in response to developments in the school and local area. We recommend you read the guidance at safepolicies.lgfl.net before reissuing your school policies for online safety, safeguarding and AUPs to see what needs changing. Although many aspects will be informed by legislation and regulations, you should involve staff, governors, pupils and parents in writing and reviewing the policy (KCSIE stresses making use of teachers’ day-to-day experience on the ground). This will help ensure all stakeholders understand the rules that are in place and why, and that the policy affects day-to-day practice. Pupils could help to design a version in language their peers understand or help you to audit compliance. Acceptable Use Policies (see appendices) for different stakeholders help with this – ensure these are reviewed alongside this overarching policy. Any changes to this policy should be immediately disseminated to all the above stakeholders.

Who is in charge of online safety?

KCSIE makes clear that “the designated safeguarding lead should take lead responsibility for safeguarding and child protection (including online safety).” The DSL can delegate activities but not the responsibility for this area and whilst subject leads, e.g. for RSHE will plan the curriculum for their area, it is important that this ties into a whole-school approach.

What are the main online safety risks in 2022/2023?

Online-safety risks are traditionally categorised as one of the 4 Cs: Content, Contact, Conduct or Commerce (see section 135 of KCSIE 2022). These areas provide a helpful approach to understand the risks and potential school response, whether technological or educational. They do not stand in isolation,  and it is important to understand the interplay between all three. This is evident in Ofcom’s Media and Attitudes Report 2022 which suggests 36% of children aged 8-17 had seen something ‘worrying or nasty’ online in the past 12 months, with 84% experiencing bullying via text or messaging, on social media, in online games, through phone or video calls, or via other aps and sites.

KCSIE 2022 highlights additional risks e.g. extra-familial harms where children are at risk of abuse or exploitation to multiple harms in situations outside their families, including sexual and criminal exploitation, serious youth violence, upskirting and sticky design.

Analysis from the Centre of Expertise on Child Sexual Abuse also highlights the prevalence of child sexual abuse, with 500,000 children estimated to experience child sexual abuse every year, whilst the Internet Watch Foundation has identified the growing risk of children, especially girls aged 11-13, targeted online by sex predators, with a three-fold increase in abuse imagery of 7–10-year-olds. This highlights transition years as crucial in the fight against sexual exploitation, in primary and secondary. See cse.lgfl.net for resources to support DSLs, RSHE/PSHE leads and parents, including the Undressed campaign.

Following the Ofsted review into peer-on-peer sexual abuse, schools should follow the updated advice on sexual violence and harassment guidance (note this is no longer a standalone document and now incorporated in Part 5 of KCSIE where the term ‘peer-on-peer’ has been replaced with ‘child-on-child’) which has many online implications. Schools will need to review their policies and practice to reference these updates and ensure appropriate processes are in place to allow pupils to report sexual harassment and abuse concerns freely, knowing these will be taken seriously and dealt with swiftly and appropriately – ensure pupils are aware of the new NSPCC helpline and your school’s  internal reporting channels. Ways we can help you stay up to date with the latest news, risks, opportunities, best-practice and trends include the LGfL DigiSafe blog, newsletter and our Twitter/Facebook channels.

Following covid, it is important to remember  more time spent online increases the risk for grooming and exploitation (CSE, CCE and radicalisation) and potentially reduces opportunities to disclose such abuse. The quick survey at safeposters.lgfl.net may help to surface some of these issues. Teachers may also find LGfL’s SafeSkills Online Safety Quiz and diagnostic teaching tool at safeskillsinfo.lgfl.net particularly useful to capture and assess pupil resilience and competence for digital life, as recommended by KCSIE.

How will this policy be communicated?

This policy can only impact upon practice if it is a (regularly updated) living document. It must be accessible to and understood by all stakeholders. It will be communicated in the following ways:

• Posted on the school website
• Part of school induction pack for all new staff (including temporary, supply and non-classroom-based staff and those starting mid-year)
• Integral to safeguarding updates and training for all staff (especially in September refreshers)
• Clearly reflected in the Acceptable Use Policies (AUPs) for staff, volunteers, contractors, governors, pupils and parents/carers (which must be in accessible language appropriate to these groups), which will be issued to whole school community, on entry to the school, annually and whenever changed, plus displayed in school

Contents

Introduction        1

Key people / dates        1

What is this policy?        2

Who is it for; when is it reviewed?        2

Who is in charge of online safety?        2

What are the main online safety risks in 2022/2023?        2

How will this policy be communicated?        3

Contents        4

Overview        6

Aims        6

Further Help and Support        6

Scope        7

Roles and responsibilities        7

Education and curriculum        7

Handling online-safety concerns and incidents        9

Actions where there are concerns about a child        10

Sexting – sharing nudes and semi-nudes        12

Upskirting        13

Bullying        13

Sexual violence and harassment        13

Misuse of school technology (devices, systems, networks or platforms)        13

Social media incidents        14

Data protection and data security        15

Appropriate filtering and monitoring        16

Electronic communications        17

Email        17

School website        18

Cloud platforms        19

Digital images and video        20

Social media        21

[ Insert school name – edit on title not on content page ]’s SM presence        21

Staff, pupils’ and parents’ SM presence        21

Device usage        23

Personal devices including wearable technology and bring your own device (BYOD)        24

Network / internet access on school devices        24

Trips / events away from school        25

Searching and confiscation        25

Appendix 1 – Roles        26

All staff        27

Headteacher/Principal – [ NAME - don’t edit on contents page but in titles themselves ]        28

Designated Safeguarding Lead / Online Safety Lead – [ NAME - don’t edit on contents page but in titles themselves ]        29

Governing Body, led by Online Safety / Safeguarding Link Governor – [ NAME - don’t edit on contents page but in titles themselves ]        31

PSHE / RSHE Lead/s – [ NAME - don’t edit on contents page but in titles themselves ]        32

Computing Lead – [ NAME - don’t edit on contents page but in titles themselves ]        33

Subject / aspect leaders        34

Network Manager/technician – [ NAME - don’t edit on contents page but in titles themselves ]        34

Data Protection Officer (DPO) – [ NAME - don’t edit on contents page but in titles themselves ]        35

Volunteers and contractors (including tutor)        36

Pupils        36

Parents/carers        37

External groups including parent associations – [ GROUP NAME - don’t edit on contents page but in title ]        37

Appendix 2 – Related Policies and Documents        39

Overview

Aims

This policy aims to promote a whole school approach to online safety by:

• Setting out expectations for all Co-op Academy Oakwood community members’ online behaviour, attitudes and activities and use of digital technology (including when devices are offline)
• Helping safeguarding and senior leadership teams to have a better understanding and awareness of filtering and monitoring through effective collaboration and communication with technical colleagues
• Helping all stakeholders to recognise that online/digital behaviour standards (including social media activity) must be upheld beyond the confines of the school gates and school day,  regardless of device or platform, and that the same standards of behaviour apply online and offline.
• Facilitating the safe, responsible, respectful and positive use of technology to support teaching & learning, increase attainment and prepare children and young people for the risks and opportunities of today’s and tomorrow’s digital world, to survive and thrive online
• Helping school staff working with children to understand their roles and responsibilities to work safely and responsibly with technology and the online world:

• for the protection and benefit of the children and young people in their care, and
• for their own protection, minimising misplaced or malicious allegations and to better understand their own standards and practice
• for the benefit of the school, supporting the school ethos, aims and objectives, and protecting the reputation of the school and profession

• Establishing clear structures by which online misdemeanours will be treated, and procedures to follow where there are doubts or concerns (with reference to other school policies such as Behaviour Policy or Anti-Bullying Policy)

Further Help and Support

Internal school channels should always be followed first for reporting and support, as documented in school policy documents, especially in response to incidents, which should be reported in line with your Safeguarding Policy. The DSL will handle referrals to local authority multi-agency safeguarding hubs (MASH) and normally the headteacher will handle referrals to the LA designated officer (LADO). The local authority, academy trust or third-party support organisations you work with may also have advisors to offer general support.

Beyond this, reporting.lgfl.net has a list of curated links to external support and helplines for both pupils and staff, including the Professionals’ Online-Safety Helpline from the UK Safer Internet Centre and the  NSPCC Report Abuse Helpline for sexual harassment or abuse, as well as hotlines for hate crime, terrorism and fraud which might be useful to share with parents, and anonymous support for children and young people.

Scope

This policy applies to all members of the Co-op Academy Oakwood community (including teaching and support staff, supply teachers and tutors engaged under the DfE National Tutoring Programme, governors, volunteers, contractors, students/pupils, parents/carers, visitors and community users) who have access to our digital technology, networks and systems, whether on-site or remotely, and at any time, or who use technology in their school role.

Roles and responsibilities

This school is a community, and all members have a duty to behave respectfully online and offline, to use technology for teaching and learning and to prepare for life after school, and to immediately report any concerns or inappropriate behaviour, to protect staff, pupils, families and the reputation of the school. We learn together, make honest mistakes together and support each other in a world that is online and offline at the same time.

Depending on their role, all members of the school community should read the relevant section in Annex A of this document that describes individual roles and responsibilities. Please note there is one for All Staff which must be read even by those who have a named role in another section. There are also pupil, governor, etc role descriptions in the annex.

Education and curriculum

It is important that schools establish a carefully sequenced curriculum for online safety that builds on what pupils have already learned and identifies subject content that is appropriate for their stage of development.  

As well as teaching about the underpinning knowledge and behaviours that can help pupils navigate the online world safely and confidently regardless of the device, platform or app, Teaching Online Safety in Schools recommends embedding teaching about online safety and harms through a whole school approach and provides an understanding of these risks to help tailor teaching and support to the specific needs of pupils, including vulnerable pupils – dedicated training around this with curriculum mapping for RSHE/PSHE and online safety leads is available at safetraining.lgfl.net

RSHE guidance also recommends schools assess teaching to “identify where pupils need extra support or intervention [through] tests, written assignments or self evaluations, to capture progress.” [ See LGfL’s SafeSkills Online Safety Quiz and diagnostic teaching tool  which is linked to statements from UKCIS Education for a Connected World framework, enabling teachers to monitor progress throughout the year and drill down to school, class and pupil level to identify areas for development at safeskillsinfo.lgfl.net ]

The following subjects have the clearest online safety links (see the relevant role descriptors above for more information):

• Relationships education, relationships and sex education (RSE) and health (also known as RSHE or PSHE)
• Computing
• Citizenship

However, as stated in the role descriptors above, it is the role of all staff to identify opportunities to thread online safety through all school activities, both outside the classroom and within the curriculum, supporting curriculum/stage/subject leads, and making the most of unexpected learning opportunities as they arise (which have a unique value for pupils)

Whenever overseeing the use of technology (devices, the internet, new technology such as augmented reality, etc) in school or setting as homework tasks, all staff should encourage sensible use, monitor what pupils/students are doing and consider potential dangers and the age appropriateness of websites (ask your DSL what appropriate filtering and monitoring policies are in place). “Parents and carers are likely to find it helpful to understand what systems schools use to filter and monitor online use. It will be especially important for parents and carers to be aware of what their children are being asked to do online, including the sites they will asked to access and be clear who from the school or college (if anyone) their child is going to be interacting with online.”(KCSIE 2022)

Equally, all staff should carefully supervise and guide pupils when engaged in learning activities involving online technology (including, extra-curricular, extended school activities if relevant and remote teaching), supporting them with search skills, critical thinking (e.g. disinformation, misinformation and fake news), age appropriate materials and signposting, and legal issues such as copyright and data law. saferesources.lgfl.net has regularly updated theme-based resources, materials and signposting for teachers and parents.

At Co-op Academy Oakwood, we recognise that online safety and broader digital resilience must be thread throughout the curriculum and that is why we are working to adopt the cross-curricular framework ‘Education for a Connected World – 2020 edition’ from UKCIS (the UK Council for Internet Safety).

Annual reviews of curriculum plans / schemes of work (including for SEND pupils) are used as an opportunity to follow this framework more closely in its key areas of Self-image and Identity, Online relationships, Online reputation, Online bullying, Managing online information, Health, Wellbeing and lifestyle, Privacy and security, and Copyright and ownership.

Handling online-safety concerns and incidents 

It is vital that all staff recognise that online-safety is a part of safeguarding (as well as being a curriculum strand of Computing, PSHE/RSHE and Citizenship).

General concerns must be handled in the same way as any other safeguarding concern; safeguarding is often referred to as a jigsaw puzzle, so all stakeholders should err on the side of talking to the online-safety lead / designated safeguarding lead to contribute to the overall picture or highlight what might not yet be a problem.

Support staff will often have a unique insight and opportunity to find out about issues first in the playground, corridors, toilets and other communal areas outside the classroom (particularly relating to bullying and sexual harassment and violence).

School procedures for dealing with online-safety will be mostly detailed in the following policies (primarily in the first key document):

• Safeguarding and Child Protection Policy
• Anti-Bullying Policy
• Behaviour Policy
• Acceptable Use Policies
• Data Protection Policy, agreements and other documentation (e.g. privacy statement and consent forms for data sharing, image use etc)

This school commits to take all reasonable precautions to ensure online safety, but recognises that incidents will occur both inside school and outside school (and that those from outside school will continue to impact pupils when they come into school or during extended periods away from school). All members of the school are encouraged to report issues swiftly to allow us to deal with them quickly and sensitively through the school’s escalation processes.

Any suspected online risk or infringement should be reported to the online safety lead / designated safeguarding lead on the same day – where clearly urgent, it will be made by the end of the lesson.

Any concern/allegation about staff misuse is always referred directly to the Headteacher, unless the concern is about the Headteacher in which case the complaint is referred to the Chair of Governors and the LADO (Local Authority’s Designated Officer). Staff may also use the NSPCC Whistleblowing Helpline (you may want to display a poster with details of this / other helplines in the staff room – see posters.lgfl.net and reporting.lgfl.net).

The school will actively seek support from other agencies as needed (i.e. the local authority, LGfL, UK Safer Internet Centre’s Professionals’ Online Safety Helpline (POSH), NCA CEOP, Prevent Officer, Police, IWF and Harmful Sexual Behaviour Support Service). The new  DfE guidance Behaviour in Schools, advice for headteachers and school staff July 2022 provides advice and related legal duties including support for pupils and powers of staff when responding to incidents – see pages 32-34 for guidance on child on child sexual violence and harassment, behaviour incidents online and mobile phones.

We will inform parents/carers of online-safety incidents involving their children, and the Police where staff or pupils engage in or are subject to behaviour which we consider is particularly disturbing or breaks the law (particular procedures are in place for sexting and upskirting; see section below).

The school should evaluate whether reporting procedures are adequate for any future closures/lockdowns/isolation etc and make alternative provisions in advance where these might be needed.

Actions where there are concerns about a child

The following flow chart is taken from page 22 of Keeping Children Safe in Education 2022 as the key education safeguarding document. As outlined previously, online safety concerns are no different to any other safeguarding concern.

Sexting – sharing nudes and semi-nudes

All schools (regardless of phase) should refer to the updated UK Council for Internet Safety (UKCIS) guidance on sexting - now referred to as Sharing nudes and semi-nudes: advice for education settings to avoid unnecessary criminalisation of children. NB - where one of the parties is over 18, this is no longer sexting but child sexual abuse.

There is a one-page overview called Sharing nudes and semi-nudes: how to respond to an incident for all staff (not just classroom-based staff) to read, in recognition of the fact that it is mostly someone other than the designated safeguarding lead (DSL) or online safety lead to first become aware of an incident, and it is vital that the correct steps are taken. Staff other than the DSL must not attempt to view, share or delete the image or ask anyone else to do so, but to go straight to the DSL.

The school DSL will in turn use the full guidance document, Sharing nudes and semi-nudes – advice for educational settings to decide next steps and whether other agencies need to be involved.

*Consider the 5 points for immediate referral at initial review:

1. The incident involves an adult

2. There is reason to believe that a child or young person has been coerced, blackmailed or groomed, or there are concerns about their capacity to consent (for example, owing to special educational needs)

3. What you know about the images or videos suggests the content depicts sexual acts which are unusual for the young person’s developmental stage, or are violent

4. The images involves sexual acts and any pupil in the images or videos is under 13

5. You have reason to believe a child or young person is at immediate risk of harm owing to the sharing of nudes and semi-nudes, for example, they are presenting as suicidal or self-harming

It is important that everyone understands that whilst sexting is illegal, pupils/students can come and talk to members of staff if they have made a mistake or had a problem in this area.

The documents referenced above and materials to support teaching about sexting can be found at sexting.lgfl.net 

Upskirting

It is important that everyone understands that upskirting (taking a photo of someone under their clothing, not necessarily a skirt) is now a criminal offence and constitutes a form of sexual harassment as highlighted in Keeping Children Safe in Education. As with other forms of child on child abuse pupils/students can come and talk to members of staff if they have made a mistake or had a problem in this area.

Bullying

Online bullying, including incidents that take place outside school or from home should be treated like any other form of bullying and the school bullying policy should be followed for online bullying, which may also be referred to as cyberbullying, including issues arising from banter.

Co-op Academy Oakwood has an anti-bullying policy which can be found on the academy’s website.

Materials to support teaching about bullying and useful Department for Education guidance and case studies are at bullying.lgfl.net

Sexual violence and harassment

DfE guidance on sexual violence and harassment has now been incorporated into Keeping Children Safe in Education and is no longer a document in its own right. All staff are aware of this updated guidance: Part 5 covers the immediate response to a report, providing reassurance and confidentiality which is highly relevant for all staff; the case studies section provides a helpful overview of some of the issues which may arise.

Any incident of sexual harassment or violence (online or offline) should be reported to the DSL who will follow the full guidance. Staff should work to foster a zero-tolerance culture and maintain an attitude of ‘it could happen here’. The guidance stresses that schools must take all forms of sexual violence and harassment seriously, explaining how it exists on a continuum and that behaviours incorrectly viewed as ‘low level’ are treated seriously and not allowed to perpetuate. The document makes specific reference to behaviours such as bra-strap flicking and the careless use of language.

Misuse of school technology (devices, systems, networks or platforms)

Clear and well communicated rules and procedures are essential to govern pupil and adult use of school networks, connections, internet connectivity and devices, cloud platforms and social media (both when on school site and outside of school).

These are defined in the relevant Acceptable Use Policy as well as in this document, for example in the sections relating to the professional and personal use of school platforms/networks/clouds, devices and other technology, as well as to BYOD (bring your own device) policy.

Where pupils contravene these rules, the school behaviour policy will be applied; where staff contravene these rules, action will be taken as outlined in the staff code of conduct and staff handbook.

It will be necessary to reinforce these as usual at the beginning of any school year but also to remind pupils that the same applies for any home learning that may take place in future periods of absence/ closure/quarantine etc.

Further to these steps, the school reserves the right to withdraw – temporarily or permanently – any or all access to such technology, or the right to bring devices onto school property.

Social media incidents

See the social media section later in this document for rules and expectations of behaviour for children and adults in the Co-op Academy Oakwood community. These are also governed by school Acceptable Use Policies.

Breaches will be dealt with in line with the school behaviour policy (for pupils) or colleague code of conduct and staff handbook (for staff).

Further to this, where an incident relates to an inappropriate, upsetting, violent or abusive social media post by a member of the school community, Co-op Academy Oakwood the school will request that the post be deleted and will expect this to be actioned promptly.

Where an offending post has been made by a third party, the school may report it to the platform it is hosted on, and may contact the Professionals’ Online Safety Helpline, POSH, (run by the UK Safer Internet Centre) for support or help to accelerate this process.

Data protection and data security

GDPR information on the relationship between the school and LGfL can be found at gdpr.lgfl.net; there are useful links and documents to support schools with data protection in the ‘Resources for Schools’ section of that page.

There are references to the relationship between data protection and safeguarding in key Department for Education documents ‘Keeping Children Safe in Education’ and ‘Data protection: a toolkit for schools’ (August 2018), which the DPO and DSL will seek to apply. This quote from the latter document is useful for all staff – note the red and purple highlights:

“GDPR does not prevent, or limit, the sharing of information for the purposes of keeping children safe. Lawful and secure information sharing between schools, Children’s Social Care, and other local agencies, is essential for keeping children safe and ensuring they get the support they need. The Data Protection Act 2018 introduced ‘safeguarding’ as a reason to be able to process sensitive, personal information, even without consent (DPA, Part 2,18; Schedule 8, 4) When Designated Safeguarding Leads in schools are considering whether, or not, to share safeguarding information (especially with other agencies) it is considered best practice for them to record who they are sharing that information with and for what reason. If they have taken a decision not to seek consent from the data subject and/or parent/carer that should also be recorded within the safeguarding file. All relevant information can be shared without consent if to gain consent would place a child at risk. Fears about sharing information must not be allowed to stand in the way of promoting the welfare and protecting the safety of children.”

All pupils, staff, governors, volunteers, contractors and parents are bound by the school’s data protection policy and agreements, which can be found here.

Rigorous controls on the LGfL network, USO sign-on for technical services, firewalls and filtering all support data protection. Data security products are also used to protect the integrity of data, which in turn supports data protection.

The headteacher/principal, data protection officer and governors work together to ensure a GDPR-compliant framework for storing data, but which ensures that child protection is always put first and data-protection processes support careful and legal sharing of information.

Staff are reminded that all safeguarding data is highly sensitive and should be treated with the strictest confidentiality at all times, and only shared via approved channels to colleagues or agencies with appropriate permissions. The use of Vitro to encrypt all non-internal emails is compulsory for sharing pupil data. If this is not possible, the DPO and DSL should be informed in advance.

Appropriate filtering and monitoring

Keeping Children Safe in Education obliges schools to “ensure appropriate filters and appropriate monitoring systems are in place [and] not be able to access harmful or inappropriate material [but at the same time] be careful that “over blocking” does not lead to unreasonable restrictions as to what children can be taught with regards to online teaching and safeguarding.”

At this school, the internet connection is provided by LGfL. This means we have a dedicated and secure, schoolsafe connection that is protected with firewalls and multiple layers of security, including a web filtering system called WebScreen 3, which is made specifically to protect children in schools. You can read more about why this system is appropriate on the UK Safer Internet Centre’s appropriate filtering submission pages here.

There are three types of appropriate monitoring identified by the Safer Internet Centre. These are:

1. Physical monitoring (adult supervision in the classroom, at all times)
2. Internet and web access
3. Active/Pro-active technology monitoring services

At Co-op Academy Oakwood, we have decided that all three options are appropriate because it allows for many layers of protection for our pupils.

At home, school devices are monitored through the use of smoothwall.

When pupils log into any school system on a personal device, activity may also be monitored here. Through the use of G Suite a filtering extension can be used, this will apply when logging into a home Chromebook but also when logging into a Chrome profile on a Windows laptop.

Electronic communications

Please read this section alongside references to pupil-staff communications in the overall school Safeguarding Policy, and in conjunction with the Data Protection Policy. This section only covers electronic communications, but the same principles of transparency, appropriate conduct and audit trail apply. [

Email

• Pupils at this school use gmail for all school emails. This function can be restricted by technical staff.
• Staff at this school use the gmail system for all school emails

Both these systems are linked to the USO authentication system and are fully auditable, trackable and managed. This is for the mutual protection and privacy of all staff, pupils and parents, as well as to support data protection.

General principles for email use are as follows:

• Email and the chat functionality of Google Classroom are the only means of electronic communication to be used between staff and pupils / staff and parents (in both directions). Use of a different platform must be approved in advance by the data-protection officer / headteacher in advance. Any unauthorised attempt to use a different system may be a safeguarding concern or disciplinary matter and should be notified to the DSL (if by a child) or to the Headteacher (if by a staff member).
• Email may only be sent using the email systems above. There should be no circumstances where a private email is used; if this happens by mistake, the DSL/Headteacher/DPO (the particular circumstances of the incident will determine whose remit this is) should be informed immediately.
• Staff or pupil personal data should never be sent/shared/stored on email.

• If data needs to be shared with external agencies, Vitro should be used to encrypt the email.
• Internally, staff should use the school network, including when working from home when remote access is available via the G Suite

• Pupils are restricted to emailing within the school and cannot email external accounts
• Appropriate behaviour is expected at all times, and the system should not be used to send inappropriate materials or language which is or could be construed as bullying, aggressive, rude, insulting, illegal or otherwise inappropriate, or which (for staff) might bring the school into disrepute or compromise the professionalism of staff
• Pupils and staff are NOT allowed to use the email system for personal use and should be aware that all use is monitored, their emails may be read and the same rules of appropriate behaviour apply at all times. Emails using inappropriate language, images, malware or to adult sites may be blocked and not arrive at their intended destination.

See also the social media section of this policy.

School website

The school website is a key public-facing information portal for the school community (both existing and prospective stakeholders) with a key reputational value.

The DfE has determined information which must be available on a school website. LGfL has compiled RAG (red-amber-green) audits at safepolicies.lgfl.net to help schools to ensure that are requirements are met (see appendices). Note that an RSHE policy is now included.

Where other staff submit information for the website, they are asked to remember:

• Schools have the same duty as any person or organisation to respect and uphold copyright law – schools have been fined thousands of pounds for copyright breaches. Sources must always be credited and material only used with permission.

There are many open-access libraries of high-quality public-domain images that can be used (e.g. pixabay.com for marketing materials – beware some adult content on this site). Pupils and staff at LGfL schools also have access to licences for music, sound effects, art collection images and other at curriculum.lgfl.net

• Where pupil work, images or videos are published on the website, their identities are protected and full names are not published (remember also not to save images with a filename that includes a pupil’s full name).

Cloud platforms

It is important to consider data protection before adopting a cloud platform or service – see our DP policy here. At Co-op Academy Oakwood we use Google for Education’s G Suite, myDrive for file storage.

For online safety, basic rules of good password hygiene (“Treat your password like your toothbrush –never share it with anyone!”), expert administration and training can help to keep staff and pupils safe, and to avoid incidents. The data protection officer and network manager alongside colleagues form the Trust analyse and document systems and procedures before they are implemented, and regularly review them.

The following principles apply:

• Privacy statements inform parents and children (13+) when and what sort of data is stored in the cloud
• The DPO approves new cloud systems, what may or may not be stored in them and by whom. This is noted in a DPIA (data-protection impact statement) and parental permission is sought
• Regular training ensures all staff understand sharing functionality and this is audited to ensure that pupil data is not shared by mistake. Open access or widely shared folders are clearly marked as such
• Pupils and staff are only given access and/or sharing rights when they can demonstrate an understanding of what data may be stored and how it can be seen
• Two-factor authentication is used for access to staff or pupil data
• Pupil images/videos are only made public with parental permission
• Only school-approved platforms are used by students or staff to store pupil work
• All stakeholders understand the difference between consumer and education products (e.g. a private Gmail account or Google Drive and those belonging to a managed educational domain)

Digital images and video

When a pupil/student joins the school, parents/carers are asked if they give consent for their child’s image to be captured in photographs or videos, for what purpose (beyond internal assessment, which does not require express consent) and for how long. Parents answer as follows:

• For displays around the school
• For the newsletter
• For use in paper-based school marketing
• For online prospectus or websites
• For display or publication
• For social media

Whenever a photo or video is taken/made, the member of staff taking it will check the latest database before using it for any purpose.

Any pupils shown in public facing materials are never identified with more than first name (and photo file names/tags do not include full names to avoid accidentally sharing them).

All staff are governed by their contract of employment and the school’s Acceptable Use Policy, which covers the use of mobile phones/personal equipment for taking pictures of pupils, and where these are stored. At Co-op Academy Oakwood, members of staff may occasionally (with express permission from the Headteacher) use personal phones to capture photos or videos of pupils, but these will be appropriate, linked to school activities, taken without secrecy and not in a one-to-one situation, and always moved to school storage as soon as possible, after which they are deleted from personal devices or cloud services (NB – many phones automatically back up photos).

Photos are stored on the school network in line with the retention schedule of the school Data Protection Policy.

Staff about the importance of not sharing without permission, due to reasons of child protection (e.g. looked-after children often have restrictions for their own protection), data protection, religious or cultural reasons, or simply for reasons of personal privacy. Parents are reminded of this annually and during performances and assemblies where they may wish to take pictures. Further detail on this subject and a sample letter to parents for taking photos or videos at school events can be found at parentfilming.lgfl.net 

We encourage young people to think about their online reputation and digital footprint, so we should be good adult role models by not oversharing (or providing embarrassment in later life – and it is not for us to judge what is embarrassing or not).

Pupils are taught about how images can be manipulated in their online safety education programme and also taught to consider how to publish for a wide range of audiences which might include governors, parents or younger children

Pupils are advised to be very careful about placing any personal photos on social media. They are taught to understand the need to maintain privacy settings so as not to make public, personal information.

Pupils are taught that they should not post images or videos of others without their permission. We teach them about the risks associated with providing information with images (including the name of the file), that reveals the identity of others and their location. We teach them about the need to keep their data secure and what to do if they / or a friend are subject to bullying or abuse.

Social media

Co-op Academy Oakwood’s SM presence

Co-op Academy Oakwood works on the principle that if we don’t manage our social media reputation, someone else will.

Online Reputation Management (ORM) is about understanding and managing our digital footprint (everything that can be seen or read about the school online). Few parents will apply for a school place without first ‘googling’ the school, and the Ofsted pre-inspection check includes monitoring what is being said online (Mumsnet is a favourite).

Negative coverage almost always causes some level of disruption. Up to half of all cases dealt with by the Professionals Online Safety Helpline (POSH: helpline@saferinternet.org.uk) involve schools’ (and staff members’) online reputation.

Accordingly, we manage and monitor our social media footprint carefully to know what is being said about the school and to respond to criticism and praise in a fair, responsible manner.

The Central Team alongside Rimah Aasim and Gemma Tinker are responsible for managing our Twitter and other social media accounts and checking our Wikipedia and Google reviews. S/he follows the guidance in the LGfL / Safer Internet Centre online-reputation management document here.

Staff, pupils’ and parents’ SM presence

Social media is a fact of modern life, and as a school, we accept that many parents, staff and pupils will use it. However, as stated in the acceptable use policies which all members of the school community sign, we expect everybody to behave in a positive manner, engaging respectfully with the school and each other on social media, in the same way as they would face to face.

This positive behaviour can be summarised as not making any posts which are or could be construed as bullying, aggressive, rude, insulting, illegal or otherwise inappropriate, or which might bring the school or (particularly for staff) teaching profession into disrepute. This applies both to public pages and to private posts, e.g. parent chats, pages or groups.

If parents have a concern about the school, we would urge them to contact us directly and in private to resolve the matter. If an issue cannot be resolved in this way, the school complaints procedure should be followed. Sharing complaints on social media is unlikely to help resolve the matter, but can cause upset to staff, pupils and parents, also undermining staff morale and the reputation of the school (which is important for the pupils we serve).

Many social media platforms have a minimum age of 13 (note that WhatsApp is 16+), but the school regularly deals with issues arising on social media with pupils/students under the age of 13. We ask parents to respect age ratings on social media platforms wherever possible and not encourage or condone underage use. It is worth noting that Online Harms regulation is likely to require more stringent age verification measures over the coming years.

However, the school has to strike a difficult balance of not encouraging underage use at the same time as needing to acknowledge reality in order to best help our pupils/students to avoid or cope with issues if they arise. Online safety lessons will look at social media and other online behaviour, how to be a good friend online and how to report bullying, misuse, intimidation or abuse. However, children will often learn most from the models of behaviour they see and experience, which will often be from adults.

Parents can best support this by talking to their children about the apps, sites and games they use (you don’t need to know them – ask your child to explain it to you), with whom, for how long, and when (late at night / in bedrooms is not helpful for a good night’s sleep and productive teaching and learning at school the next day). You may wish to refer to the new Digital Family Agreement to help establish shared expectations and the Top Tips for Parents poster along with relevant items and support available from parentsafe.lgfl.net and introduce the Children’s Commission Digital 5 A Day.

The school has an official Twitter (managed by the Central Team, Rimah Aasim and Gemma Tinker) and will respond to general enquiries about the school, but asks parents/carers not to use these channels to communicate about their children.

Email is the official electronic communication channel between parents and the school, and between staff and pupils.

Pupils/students are not allowed* to be ‘friends’ with or make a friend request** to any staff, governors, volunteers and contractors or otherwise communicate via social media.

Pupils/students are discouraged from ‘following’ staff, governor, volunteer or contractor public accounts (e.g. following a staff member with a public Instagram account). However, we accept that this can be hard to control (but this highlights the need for staff to remain professional in their private lives). In the reverse situation, however, staff must not follow such public student accounts.

* Exceptions may be made, e.g. for pre-existing family links, but these must be approved by the Headteacher/Principal, and should be declared upon entry of the pupil or staff member to the school).

** Any attempt to do so may be a safeguarding concern or disciplinary matter and should be notified to the DSL (if by a child) or to the Headteacher (if by a staff member).

Staff are reminded that they are obliged not to bring the school or profession into disrepute and the easiest way to avoid this is to have the strictest privacy settings and avoid inappropriate sharing and oversharing online. They should never discuss the school or its stakeholders on social media and be careful that their personal opinions might not be attributed to the school, trust or local authority, bringing the school into disrepute.

The serious consequences of inappropriate behaviour on social media are underlined by the fact that during the last 6 years, there have been 333 Prohibition Orders issued by the Teacher Regulation Agency  to teaching staff that involved misuse of social media/technology.

All members of the school community are reminded that particularly in the context of social media, it is important to comply with the school policy on Digital Images and Video (see page ) and permission is sought before uploading photographs, videos or any other information about other people.

The statements of the Acceptable Use Policies (AUPs) which all members of the school community have signed are also relevant to social media activity, as is the school’s Data Protection Policy.

Device usage

Remind those with access to school devices about rules on the misuse of school technology – devices used at home should be used just like if they were in full view of a teacher or colleague. Please read the following in conjunction with acceptable use policies and the following sections of this document which all impact upon device usage: copyright, data protection, social media, misuse of technology, and digital images and video.

Personal devices including wearable technology and bring your own device (BYOD)

• Pupils/students in Year 5 and Year 6 are allowed to bring mobile phones in for use on the way to and from school. They must be handed to the class teacher upon arrival at the school and must be switched off. Important messages and phone calls to or from parents can be made at the school office, which will also pass on messages from parents to pupils in emergencies.
• All staff who work directly with children should leave their mobile phones on silent and only use them in private staff areas during school hours. See also the Digital images and video section on page and Data protection and data security section on page . Child/staff data should never be downloaded onto a private phone. If a staff member is expecting an important personal call when teaching or otherwise on duty, they need to speak with the headteacher about this.
• Volunteers, contractors, governors should leave their phones in their pockets and turned off. Under no circumstances should they be used in the presence of children or to take photographs or videos. If this is required (e.g. for contractors to take photos of equipment or buildings), permission of the headteacher should be sought (the headteacher may choose to delegate this) and this should be done in the presence of a member staff.
• Parents are asked to leave their phones in their pockets and turned off when they are on site. They should ask permission before taking any photos, e.g. of displays in corridors or classrooms, and avoid capturing other children. When at school events, please refer to the Digital images and video section of this document. Parents are asked not to call pupils on their mobile phones during the school day; urgent messages can be passed via the school office.

Network / internet access on school devices

• Pupils/students are not allowed networked file access via personal devices.
• Home devices are issued to some students. These are restricted to the apps/software installed by the school and may be used for learning and all usage may be tracked.
• All staff who work directly with children should leave their mobile phones on silent and only use them in private staff areas during school hours. See also the Digital images and video section on page  and Data protection and data security section on page . Child/staff data should never be downloaded onto a private phone.
• Volunteers, contractors, governors can access the guest wireless network but have no access to networked files/drives, subject to the acceptable use policy. All internet traffic is monitored.
• Parents have no access to the school network or wireless internet on personal devices.

Trips / events away from school

For school trips/events away from school, teachers will be issued a school duty phone and this number used for any authorised or emergency communications with pupils/students and parents. Any deviation from this policy (e.g. by mistake or because the school phone will not work) will be notified immediately to the headteacher. Teachers using their personal phone in an emergency will ensure that the number is hidden to avoid a parent or student accessing a teacher’s private phone number.

Searching and confiscation

In line with the DfE guidance ‘Searching, screening and confiscation: advice for schools’, the Headteacher/Principal and staff authorised by them have a statutory power to search pupils/property on school premises. This includes the content of mobile phones and other devices, for example as a result of a reasonable suspicion that a device contains illegal or undesirable material, including but not exclusive to sexual images, pornography, violence or bullying.

Full details of the school’s search procedures are available in the school Behaviour Policy.

Appendix 1 – Roles

Please read the relevant roles & responsibilities section from the following pages.

School staff – note that you may need to read two sections – if your role is reflected here, you should still read the “All Staff” section.

Roles:

• All Staff
• Headteacher/Principal
• Designated Safeguarding Lead / Online Safety Lead
• Governing Body, led by Online Safety / Safeguarding Link Governor
• PSHE / RSHE Lead/s
• Computing Lead
• Subject / aspect leaders
• Network Manager/technician
• Data Protection Officer (DPO)
• Volunteers and contractors (including tutor)
• Pupils
• Parents/carers
• External groups including parent associations

All staff

Key responsibilities:

• Read and follow this policy in conjunction with the school’s main safeguarding policy and the relevant parts of Keeping Children Safe in Education
• Understand that online safety is a core part of safeguarding and part of everyone’s job – never think that someone else will pick it up. Safeguarding is often referred to as a jigsaw puzzle – you may have the missing piece, so do not keep anything to yourself. Record online-safety incidents in the same way as any safeguarding incident; report in accordance with school procedures
• Know who the Designated Safeguarding Lead (DSL) and Online Safety Lead (OSL) are (Hayley Duffy, Karen Jones, Jane Dodds, Rimah Aasim and Claire Spivey OSL) and notify them not just of concerns but also of trends and general issues you may identify. Also speak to them if policy does not reflect practice and follow escalation procedures if concerns are not promptly acted upon
• Sign and follow the staff acceptable use policy and code of conduct/handbook
• Identify opportunities to thread online safety through all school activities as part of a whole school approach in line with the RSHE curriculum, both outside the classroom and within the curriculum, supporting curriculum/stage/subject leads, and making the most of unexpected learning opportunities as they arise (which have a unique value for pupils)
• Whenever overseeing the use of technology in school or for homework or remote teaching, encourage and talk about appropriate behaviour and how to get help and consider potential risks and the age-appropriateness of websites (find out what appropriate filtering and monitoring systems are in place and how they keep children safe).
• Follow best-practice pedagogy for online-safety education, avoiding scaring, victim-blaming language and other unhelpful prevention methods.
• When supporting pupils remotely, be mindful of additional safeguarding considerations – refer to the remotesafe.lgfl.net infographic which applies to all online learning.
• Carefully supervise and guide pupils when engaged in learning activities involving online technology, supporting them with search skills, critical thinking, age-appropriate materials and signposting, and legal issues such as copyright and GDPR.
• Be aware of security best-practice at all times, including password hygiene and phishing strategies.
• Prepare and check all online sources and classroom resources before using for accuracy and appropriateness.
• Encourage pupils/students to follow their acceptable use policy at home as well as at school, remind them about it and enforce school sanctions.
• Take a zero-tolerance approach to all forms of child-on-child abuse, not dismissing it as banter - this includes bullying, sexual violence and harassment.
• Be aware that you are often most likely to see or overhear online-safety issues (particularly relating to bullying and sexual harassment and violence) in the playground, corridors, toilets and other communal areas outside the classroom – let the DSL/OSL know
• Receive regular updates from the DSL/OSL and have a healthy curiosity for online safeguarding issues
• Model safe, responsible and professional behaviours in your own use of technology. This includes outside school hours and site, and on social media, in all aspects upholding the reputation of the school and of the professional reputation of all staff. More guidance on this point can be found in this Online Reputation guidance for schools.

Headteacher/Principal – Rimah Aasim  

Key responsibilities:

• Foster a culture of safeguarding where online safety is fully integrated into whole-school safeguarding
• Oversee and support the activities of the designated safeguarding lead team and ensure they work technical colleagues to complete an online safety audit in line with KCSIE (including technology in use in the school)
• Undertake training in offline and online safeguarding, in accordance with statutory guidance and Local Safeguarding Children Partnership support and guidance
• Ensure ALL staff undergo safeguarding training (including online safety) at induction and with regular updates and that they agree and adhere to policies and procedures
• Ensure ALL governors and trustees undergo safeguarding and child protection training and updates (including online safety) to provide strategic challenge and oversight into policy and practice and that governors are regularly updated on the nature and effectiveness of the school’s arrangements
• Ensure the school implements and makes effective use of appropriate ICT systems and services including school-safe filtering and monitoring, protected email systems and that all technology including remote systems are implemented according to child-safety first principles
• Liaise with technical colleagues on a regular basis to have an understanding and awareness of filtering and monitoring provisions and manage them effectively – in particular understand what is blocked or allowed for whom, when, and how. Note that KCSIE 2022 strengthens the wording for this.
• Liaise with the designated safeguarding lead on all online-safety issues which might arise and receive regular updates on school issues and broader policy and practice information
• Support safeguarding leads and technical staff as they review protections for pupils in the home and remote-learning procedures, rules and safeguards
• Assign responsibility to a nominated member of staff to carry out online searches with consistent guidelines as part of due diligence for the recruitment shortlist process (this new addition has come into KCSIE 2022 for the first time)
• Take overall responsibility for data management and information security ensuring the school’s provision follows best practice in information handling; work with the DPO, DSL and governors to ensure a GDPR-compliant framework for storing data, but helping to ensure that child protection is always put first and data-protection processes support careful and legal sharing of information
• Understand and make all staff aware of procedures to be followed in the event of a serious online safeguarding incident
• Ensure suitable risk assessments are undertaken so the curriculum meets needs of pupils, including risk of children being radicalised
• Ensure the school website meets statutory requirements

Designated Safeguarding Lead / Online Safety Lead – Hayley Duffy and Claire Spivey  

Key responsibilities (remember the DSL can delegate certain online safety duties, e.g. to the online-safety coordinator, but not the overall responsibility; this assertion and all quotes below are from Keeping Children Safe in Education):

• “The designated safeguarding lead should take lead responsibility for safeguarding and child protection [including online safety] … this lead responsibility should not be delegated”
• Work with the HT and technical staff to review protections for pupils in the home and remote-learning procedures, rules and safeguards
• Where the online-safety coordinator is not the named DSL or deputy DSL, ensure there is regular review and open communication between these roles and that the DSL’s clear overarching responsibility for online safety is not compromised
• Ensure “An effective whole school approach to online safety [that] empowers a school or college to protect and educate the whole school or college community in their use of technology and establishes mechanisms to identify, intervene in and escalate any incident where appropriate.”
• Ensure ALL staff undergo safeguarding and child protection training (including online safety) at induction and that this is regularly updated 

• Liaise with the Headteacher and Chair of Governors to ensure that ALL governors and trustees undergo safeguarding and child protection training (including online safety) at induction to enable them to provide strategic challenge and oversight into policy and practice and that this is regularly updated 
• Take day-to-day responsibility for online safety issues and be aware of the potential for serious child protection concerns
• Be mindful of using appropriate language and terminology around children when managing concerns, including avoiding victim-blaming language
• Remind staff of safeguarding considerations as part of a review of remote learning procedures and technology, including that the same principles of online safety and behaviour apply
• Work closely with SLT, staff and technical colleagues to complete an online safety audit (including technology in use in the school)
• Work with the headteacher, DPO and governors to ensure a GDPR-compliant framework for storing data, but helping to ensure that child protection is always put first and data-protection processes support careful and legal sharing of information
• Stay up to date with the latest trends in online safeguarding and “undertake Prevent awareness training.” – see safetraining.lgfl.net and prevent.lgfl.net
• Review and update this policy, other online safety documents (e.g. Acceptable Use Policies) and the strategy on which they are based (in harmony with policies for behaviour, safeguarding, Prevent and others) and submit for review to the governors/trustees.
• Receive regular updates in online safety issues and legislation, be aware of local and school trends – see safeblog.lgfl.net for examples or sign up to the LGfL safeguarding newsletter
• Ensure that online safety education is embedded across the curriculum in line with the statutory RSHE guidance (e.g. by use of the updated UKCIS framework ‘Education for a Connected World – 2020 edition’) and beyond, in wider school life
• Promote an awareness of and commitment to online safety throughout the school community, with a strong focus on parents, but also including hard-to-reach parents – dedicated resources at parentsafe.lgfl.net
• Communicate regularly with SLT and the designated safeguarding and online safety governor/committee to discuss current issues (anonymised), review incident logs and filtering/change control logs and discuss how filtering and monitoring work and have been functioning/helping.
• Ensure all staff are aware of the procedures that need to be followed in the event of an online safety incident, and that these are logged in the same way as any other safeguarding incident.
• Ensure adequate provision for staff to flag issues when not in school and for pupils to disclose issues when off site, especially when in isolation/quarantine/lockdown, e.g. a safe, simple, online form on the school home page about ‘something that worrying me’ that gets mailed securely to the DSL inbox
• Oversee and discuss ‘appropriate filtering and monitoring’ with governors (is it physical or technical?) and ensure staff are also aware (Ofsted inspectors have asked classroom teachers about this). Liaise with technical teams and ensure they are implementing not taking the strategic decisions on what is allowed and blocked and why. Also, as per KCSIE “be careful that ‘over blocking’ does not lead to unreasonable restrictions”.
• Ensure KCSIE ‘Part 5: Sexual Violence & Sexual Harassment’ is understood and followed throughout the school and that staff adopt a zero-tolerance, whole school approach to all forms of child-on-child abuse, and don’t dismiss it as banter (including bullying).
• Facilitate training and advice for all staff, including supply teachers:

• all staff must read KCSIE Part 1 and all those working with children also Annex B – translations are available in 13 community languages at kcsietranslate.lgfl.net
• Annex A is now a condensed version of Part one and can be provided (instead of Part one) to those staff who do not directly work with children, if the governing body or proprietor think it will provide a better basis for those staff to promote the welfare and safeguard children.
• cascade knowledge of risks and opportunities throughout the organisation
• cpd.lgfl.net has helpful CPD materials including PowerPoints, videos and more

• Pay particular attention to online tutors, both those engaged by the school as part of the DfE scheme who can be asked to sign the contractor AUP.

Governing Body, led by Online Safety / Safeguarding Link Governor – Helen Whitworth  

Key responsibilities (quotes are taken from Keeping Children Safe in Education)

• Approve this policy and strategy and subsequently review its effectiveness, e.g. by asking the questions in the helpful document from the UK Council for Child Internet Safety (UKCIS) Online safety in schools and colleges: Questions from the Governing Board 
• Undergo (and signpost all other governors and Trustees to attend) safeguarding and child protection training (including online safety) at induction to provide strategic challenge and into policy and practice, ensuring this is regularly updated – LGfL’s Safeguarding Training for school governors is free to all governors at safetraining.lgfl.net 
• Ensure that all staff also receive appropriate safeguarding and child protection (including online) training at induction and that this is updated
• “Ensure appropriate filters and appropriate monitoring systems are in place [but…] be careful that ‘overblocking’ does not lead to unreasonable restrictions as to what children can be taught with regard to online teaching and safeguarding”.
• Ask about how the school has reviewed protections for pupils in the home (including when with online tutors) and remote-learning procedures, rules and safeguards [ see remotesafe.lgfl.net for guidance ]
• “Ensure an appropriate senior member of staff, from the school or college leadership team, is appointed to the role of DSL [with] lead responsibility for safeguarding and child protection (including online safety) [with] the appropriate status and authority [and] time, funding, training, resources and support…”
• Support the school in encouraging parents and the wider community to become engaged in online safety activities
• Have regular strategic reviews with the online-safety coordinator / DSL and incorporate online safety into standing discussions of safeguarding at governor meetings
• Where the online-safety coordinator is not the named DSL or deputy DSL, ensure that there is regular review and open communication between these roles and that the DSL’s clear overarching responsibility for online safety is not compromised
• Work with the DPO, DSL and headteacher to ensure a GDPR-compliant framework for storing data, but helping to ensure that child protection is always put first and data-protection processes support careful and legal sharing of information
• Check all school staff have read Part 1 of KCSIE; SLT and all working directly with children have read Annex B
• “Ensure that all staff undergo safeguarding and child protection training (including online safety) at induction. The training should be regularly updated […] in line with advice from the local three safeguarding partners […] integrated, aligned and considered as part of the overarching safeguarding approach.” There is further support for this at cpd.lgfl.net 
• “Ensure that children are taught about safeguarding, including online safety […] as part of providing a broad and balanced curriculum […] Consider a whole school or college approach to online safety [with] a clear policy on the use of mobile technology.”

PSHE / RSHE Lead/s – [ Chelsea Moore ]

Key responsibilities:

• As listed in the ‘all staff’ section, plus:
• Embed consent, mental wellbeing, healthy relationships and staying safe online into the PSHE / Relationships education, relationships and sex education (RSE) and health education curriculum. “This will include being taught what positive, healthy and respectful online relationships look like, the effects of their online actions on others and knowing how to recognise and display respectful behaviour online. Throughout these subjects, teachers will address online safety and appropriate behaviour in an age appropriate way that is relevant to their pupils’ lives.”
• Focus on the underpinning knowledge and behaviours outlined in Teaching Online Safety in Schools in an age appropriate way to help pupils to navigate the online world safely and confidently regardless of their device, platform or app.
• Assess teaching to “identify where pupils need extra support or intervention [through] tests, written assignments or self evaluations, to capture progress”  – [ see LGfL’s  SafeSkills Online Safety Quiz and diagnostic teaching tool at safeskillsinfo.lgfl.net ]
• This complements the computing curriculum, which covers the principles of online safety at all key stages, with progression in the content to reflect the different and escalating risks that pupils face. This includes how to use technology safely, responsibly, respectfully and securely, and where to go for help and support when they have concerns about content or contact on the internet or other online technologies.
• Work closely with the DSL/OSL and all other staff to ensure an understanding of the issues, approaches and messaging within PSHE / RSHE.
• Note that an RSHE policy should be included on the school website.
• Work closely with the Computing subject leader to avoid overlap but ensure a complementary whole-school approach, and with all other lead staff to embed the same whole-school approach

Computing Lead – Claire Spivey

Key responsibilities:

• As listed in the ‘all staff’ section, plus:
• Oversee the delivery of the online safety element of the Computing curriculum in accordance with the national curriculum
• Work closely with the RSHE lead to avoid overlap but ensure a complementary whole-school approach
• Work closely with the DSL/OSL and all other staff to ensure an understanding of the issues, approaches and messaging within Computing
• Collaborate with technical staff and others responsible for ICT use in school to ensure a common and consistent approach, in line with acceptable-use agreements

Subject / aspect leaders

Key responsibilities:

• As listed in the ‘all staff’ section, plus:
• Look for opportunities to embed online safety in your subject or aspect, especially as part of the new RSHE curriculum, and model positive attitudes and approaches to staff and pupils alike
• Consider how the UKCIS framework Education for a Connected World and Teaching Online Safety in Schools can be applied in your context
• Work closely with the DSL/OSL and all other staff to ensure an understanding of the issues, approaches and messaging within Computing
• Ensure subject specific action plans also have an online-safety element

Network Manager/technician – Trust ICT team

Key responsibilities:

• As listed in the ‘all staff’ section, plus:
• Collaborate regularly with the DSL and leadership team to help them make key strategic decisions around the safeguarding elements of technology. Note that KCSIE changes expect a great understanding of technology and its role in safeguarding, so help DSLs and SLT to understand systems, settings and implications.
• Support DSLs and SLT to carry out an annual online safety audit as now recommended in KCSIE. [ LGfL has a free template you can use at https://onlinesafetyaudit.lgfl.net ] This should also include a review of technology, including filtering and monitoring systems (what is allowed, blocked and why and how ‘over blocking’ is avoided as per KCSIE), [ we recommend you signpost them to LGfL’s Safeguarding Shorts: Filtering for DSLs and SLT twilight at safetraining.lgfl.net which provides a quick overview to help build their understanding ] protections for pupils in the home [e.g. LGfL HomeProtect filtering for the home – https://homeprotect.lgfl.net ] and remote-learning. [ see remotesafe.lgfl.net for guidance ]
• Keep up to date with the school’s online safety policy and technical information in order to effectively carry out their online safety role and to inform and update others as relevant
• Work closely with the designated safeguarding lead / online safety lead / data protection officer / LGfL nominated contact / RSHE lead to ensure that school systems and networks reflect school policy and there are no conflicts between educational messages and practice.
• Ensure the above stakeholders understand the consequences of existing services and of any changes to these systems (especially in terms of access to personal and sensitive records / data and to systems such as YouTube mode, web filtering settings, sharing permissions for files on cloud platforms etc
• Maintain up-to-date documentation of the school’s online security and technical procedures
• To report online-safety related issues that come to their attention in line with school policy
• Manage the school’s systems, networks and devices, according to a strict password policy, with systems in place for detection of misuse and malicious attack, with adequate protection, encryption and backup for data, including disaster recovery plans, and auditable access controls.
• Monitor the use of school technology, online platforms and social media presence  and that any misuse/attempted misuse is identified and reported in line with school policy
• Work with the Headteacher to ensure the school website meets statutory DfE requirements

Data Protection Officer (DPO) –

Key responsibilities:

• NB – this document is not for general data-protection guidance; GDPR information on the relationship between the school and LGfL can be found at gdpr.lgfl.net; there is an LGfL document on the general role and responsibilities of a DPO in the ‘Resources for Schools’ section of that page
• Be aware that of references to the relationship between data protection and safeguarding in key Department for Education documents ‘Keeping Children Safe in Education’ and ‘Data protection: a toolkit for schools’ (August 2018), especially this quote from the latter document:
• “GDPR does not prevent, or limit, the sharing of information for the purposes of keeping children safe. Lawful and secure information sharing between schools, Children’s Social Care, and other local agencies, is essential for keeping children safe and ensuring they get the support they need. The Data Protection Act 2018 introduced ‘safeguarding’ as a reason to be able to process sensitive, personal information, even without consent (DPA, Part 2,18; Schedule 8, 4) When Designated Safeguarding Leads in schools are considering whether, or not, to share safeguarding information (especially with other agencies) it is considered best practice for them to record who they are sharing that information with and for what reason. If they have taken a decision not to seek consent from the data subject and/or parent/carer that should also be recorded within the safeguarding file. All relevant information can be shared without consent if to gain consent would place a child at risk. Fears about sharing information must not be allowed to stand in the way of promoting the welfare and protecting the safety of children.”

The same document states that the retention schedule for safeguarding records may be required to be set as ‘Very long term need (until pupil is aged 25 or older)’. However, some local authorities require record retention until 25 for all pupil records. An example of an LA safeguarding record retention policy can be read at safepolicies.lgfl.net, but you should check the rules in your area.

• Work with the DSL, headteacher and governors to ensure frameworks are in place for the protection of data and of safeguarding information sharing as outlined above. You may be interested in the discounts for LGfL schools for three market-leading GDPR compliance solutions at gdpr.lgfl.net
• Ensure that all access to safeguarding data is limited as appropriate, and also monitored and audited

Volunteers and contractors (including tutors)

Key responsibilities:

• Read, understand, sign and adhere to an acceptable use policy (AUP)
• Report any concerns, no matter how small, to the designated safety lead / online safety coordinator as named in the AUP
• Maintain an awareness of current online safety issues and guidance
• Model safe, responsible and professional behaviours in their own use of technology at school and as part of remote teaching or any online communications
• Note that as per AUP agreement a contractor will never attempt to arrange any meeting, including tutoring session, without the full prior knowledge and approval of the school, and will never do so directly with a pupil. The same applies to any private/direct communication with a pupil.

Pupils

Key responsibilities:

• Read, understand, sign and adhere to the student/pupil acceptable use policy and review this annually
• Treat home learning during any isolation/quarantine or bubble/school lockdown in the same way as regular learning in school and behave as if a teacher or parent were watching the screen
• Avoid any private communication or use of personal logins/systems to communicate with or arrange meetings with school staff or tutors
• Understand the importance of reporting abuse, misuse or access to inappropriate materials, including any concerns about a member of school staff or supply teacher or online tutor
• Know what action to take if they or someone they know feels worried or vulnerable when using online technology, at school, home or anywhere else.
• To understand the importance of adopting safe and responsible behaviours and good online safety practice when using digital technologies outside of school and realise that the school’s acceptable use policies cover actions out of school, including on social media
• Remember the rules on the misuse of school technology – devices and logins used at home should be used just like if they were in full view of a teacher.
• Understand the benefits/opportunities and risks/dangers of the online world and know who to talk to at school or outside school if there are problems

Parents/carers

Key responsibilities:

• Read, sign and promote the school’s parental acceptable use policy (AUP) and read the pupil AUP and encourage their children to follow it
• Talk to the school if they have any concerns about their children’s and others’ use of technology
• Promote positive online safety and model safe, responsible, respectful and positive behaviours in their own use of technology, including on social media: not sharing other’s images or details without permission and refraining from posting negative, threatening or violent comments about others, including the school staff, volunteers, governors, contractors, pupils or other parents/carers.
• Encourage children to engage fully in home-learning, whether for homework or during any school closures or isolation and flag any concerns
• Support the child during any home learning to avoid video calls in a bedroom if possible and if not, to ensure the child is fully dressed and not in bed, with the camera pointing away from beds/bedding/personal information etc. and the background blurred or changed where possible.
• If organising private online tuition, remain in the room if possible, ensure the child knows tutors should not arrange new sessions directly with the child or attempt to communicate privately. Further advice available in the Online Tutors – Guidance for Parents and Carers poster at  parentsafe.lgfl.net, which is a dedicated parent portal offering updated advice and resources to help parents keep children safe online

External groups

Key responsibilities:

• Any external individual/organisation will sign an acceptable use policy prior to using technology or the internet within school
• Support the school in promoting online safety and data protection
• Model safe, responsible, respectful and positive behaviours in their own use of technology, including on social media: not sharing other’s images or details without permission and refraining from posting negative, threatening or violent comments about others, including the school staff, volunteers, governors, contractors, pupils or other parents/carers

Appendix 2 – Related Policies and Documents

Where marked with * the latest version or a template you may use is available at safepolicies.lgfl.net

1. Safeguarding and Child Protection Policy
2. Behaviour Policy / Anti-Bullying Policy
3. Staff Code of Conduct / Handbook
4. *Acceptable Use Policies (AUPs) for:

• *Pupils [KS1 / KS]
• *Staff, Volunteers Governors & Contractors
• *Parents

5. *Letter to parents about filming/photographing/streaming school events
6. *Prevent Risk Assessment Template
7. *Online-Safety Questions from the Governing Board (UKCIS)
8. *Education for a Connected World cross-curricular digital resilience framework (UKCIS)
9. *Safer working practice for those working with children & young people in education (Safer Recruitment Consortium)
10. *Working together to safeguard children (DfE)
11. *Searching, screening and confiscation advice (DfE)
12. *Sharing nudes and semi-nudes guidance from UKCIS:

• *How to respond to an incident - overview for all staff
• *Full guidance for school DSLs
• *Online Safety Audit for Trainee (ITT) & Newly Qualified Teachers (NQT)

13. *Prevent Duty Guidance for Schools (DfE and Home Office documents)
14.  Data protection policy
15. *Cyber security advice, procedures etc
16. *Preventing and tackling bullying (DfE)
17. Cyber bullying: advice for headteachers and school staff (DfE) – find this at bullying.lgfl.net
18. *RAG (red-amber-green) audits for statutory requirements of school websites
19. *Ofsted Review of sexual abuse in schools and colleges