Online Safety and IT Use Policy

In this document

1.1 Beckfoot Trust recognises that Information and Communications Technology (ICT) in a useful resource to support teaching and learning and is an inevitable feature in the everyday lives of children, young people and adults.

1.2 We also recognises that the use of technology has also become a significant component of many safeguarding issues, including Child Sexual Exploitation, radicalisation, child on child abuse and sexual harassment, and understands that technology can be used as a platform to facilitate harm.

1.3 Beckfoot Trust aims to protect and educate students and adults in their use of technology and has in place mechanisms to identify, intervene in, and escalate any incident where appropriate. It recognises the vulnerability of students with SEND online.

1.4 Beckfoot Trust ensures that each school has appropriate filters and monitoring systems in place to safeguard children from potentially harmful and inappropriate online material and does all it reasonably can to limit students’ exposure to the above risks from the School’s IT system. Students’ access to the internet via their personal mobile devices on school premises is limited and regulated. As part of our safeguarding practice staff accounts are also monitored too.

This policy is based on the Department for Education’s (DfE) statutory safeguarding guidance, Keeping Children Safe in Education. Also, the following DfE advice for schools:

• Meeting digital and technology standards in schools and colleges – Guidance – GOV.UK (www.gov.uk)
• Mobile phones in schools – GOV.UK (www.gov.uk)
• Preventing and tackling bullying Advice for headteachers, staff and governing bodies
• Cyberbullying: Advice for headteachers and school staff
• Relationships and sex education (RSE) and health education
• Harmful online challenges and online hoaxes – GOV.UK (www.gov.uk)
• Sharing nudes and semi-nudes: advice for education settings working with children and young people – GOV.UK (www.gov.uk)
• Prevent duty guidance: England and Wales (2023) – GOV.UK (www.gov.uk)
• Early years foundation stage (EYFS) statutory framework – GOV.UK (www.gov.uk)
• UKCIS_Early_Years_Online_Safety_Guidance_for_Practitioners__1_.pdf (publishing.service.gov.uk)

It reflects existing legislation, including but not limited to the Education Act 1996 (as amended), the Education and Inspections Act 2006 and the Equality Act 2010. In addition, it reflects the Education Act 2011, which has given teachers stronger powers to tackle cyber-bullying by, if necessary, searching for and deleting inappropriate images or files on students’ electronic devices where they believe there is a ‘good reason’ to do so.

The policy also takes into account the National Curriculum: computing programmes of study and the Online Safety Act 2023.

• Trust Child Protection and Safeguarding Policy
• Trust Behaviour Policy
• Trust Disciplinary Policy and Grievance Procedure
• Trust GDPR, Data Protection and FOI Policy
• Trust Privacy Notices
• Trust Complaints Policy
• Trust Code of Conduct

3.1 ICT covers a wide range of resources including web-based and mobile learning. It is also important to recognise the constant and fast paced evolution of ICT within our society. Currently the internet technologies staff, children and young people are using both inside and outside of the classroom include:

• Websites
• E-mail, instant messaging and chat rooms
• Social Media, including Facebook and Twitter
• Mobile phones with text, video and/or web functionality
• Making/receiving phone calls via their mobile phones
• Other mobile devices with web functionality i.e., Smart watches
• Gaming, especially online
• Learning Platforms and Virtual Learning Environments
• Blogs and Wikis
• Podcasting
• Video Broadcasting
• Music Downloading

The increasing prevalence of self-generative artificial intelligence is a growing concern, with pupils potentially having access to tools that generate text and images at home or in school.

These tools not only represent a challenge in terms of accuracy when young people are genuinely looking for information, but also in terms of plagiarism for teachers, and above all, safety. None of the mainstream tools have end-user safety settings and will easily produce inappropriate material despite the age limits that are in place on them.

We recognise that the continued cost-of-living crisis has meant that many children have spent more time online and, as a result, are potentially exposed to all manner of online harms.

3.2 Keeping Children Safe in Education 2024 references four areas of risk online within part two, these being:

Content: being exposed to illegal, inappropriate or harmful content, for example: pornography, fake news, racism, misogyny, self-harm, suicide, anti-Semitism, radicalisation and extremism.

Contact: being subjected to harmful online interaction with other users; for example: peer to peer pressure, commercial advertising and adults posing as children or young adults with the intention to groom or exploit them for sexual, criminal, financial or other purposes

Conduct: personal online behaviour that increases the likelihood of, or causes, harm; for example, making, sending and receiving explicit images (e.g consensual and non-consensual sharing of nudes and semi-nudes and/or pornography, sharing other explicit images and online bullying

Commerce: risks such as online gambling, inappropriate advertising, phishing and or financial scams

As with all other risks, it is impossible to eliminate these risks completely. It is therefore essential, through strong educational provision that we build our pupils’ resilience to the risks to which they may be exposed, so that they have the confidence and skills to face and deal with these risks. This involves all stakeholders.

The Trust Board has overall responsibility for monitoring this policy and holding the CEO to account for its implementation, including the scrutiny of filtering and monitoring.

Online safety will be audited as part of the external safeguarding review, and these reports will be shared with the Trust Board.

There is a Trustee who has responsibility for Safeguarding and Child Protection. This responsibility includes online safety.

4.2.1 The role of the safeguarding Trustee is to seek assurance on behalf of Trust Board on how safeguarding is managed in the Trust for the safety and wellbeing of the children. The role includes:

• Understanding the requirements of the Governance Handbook and the latest Keeping Children Safe in Education
• Seeking assurance, supporting and challenging the Executive Member for Safeguarding, the Trust Safeguarding Lead and DSLs on the standards of safeguarding in the Trust
• Confirming that consistent and compliant safeguarding practice takes place across the Trust
• Reporting to the board of trustees about the standard of safeguarding in Trust schools
• Ensure that, where necessary, teaching about safeguarding, including online safety, is for vulnerable children, victims of abuse and some pupils with SEND because of the importance of recognising that a ‘one size fits all’ approach may not be appropriate for all children in all situations, and a more personalised or contextualised approach may often be more suitable.

4.2.2 The Executive Member for Safeguarding and the Trust Safeguarding Lead and the safeguarding trustee meet on a regular basis to discuss safeguarding issues and to agree steps to continuously improve safeguarding practices in the trust.

All Board members will:

• Ensure that they have read and understand this policy.
• Agree and adhere to the terms on acceptable use of the Trust IT systems and the internet (Appendix 2).

4.3.1 The leader is responsible for:

• Identifying risks
• Setting expectations of staff
• Ensuring that, where necessary, teaching about safeguarding, including online safety, is adapted for vulnerable children, victims of abuse and some pupils with SEND because of the importance of recognising that a ‘one size fits all’ approach may not be appropriate for all children in all situations, and a more personalised or contextualised approach may often be more suitable.

4.3.2 They are also responsible for making sure that all staff: understand their role and are appropriately trained to follow policies, processes and procedures and act on reports and concerns.

This leader is responsible for:

• Working with the Service Development Manager to review the Guardian Web Filter Policy elements
• Reviewing filtering and monitoring to identify your current provision, any gaps, and the specific needs of our pupils and staff taking into consideration:
  1. the risk profile of pupils, including age range, pupils with special educational needs and disability (SEND), pupils with English as an additional language (EAL)
  2. what the filtering system currently blocks or allows and why
  3. any outside safeguarding influences, such as county lines
  4. any relevant safeguarding reports
  5. the digital resilience of our pupils
  6. teaching requirements, for example, our RHSE and PSHE curriculum
  7. the specific use of our chosen technologies

4.5.1 This leader is responsible for:

• procuring filtering and monitoring systems
• working with the Bradford Learning Network and Smoothwall to ensure our internet connection is aligned with the DFE monitoring and filtering standards
• reviewing the effectiveness of your provision
• ensuring that filtering and monitoring provision is reviewed, including an annual online safety and cyber security review

4.6.1 This leader is responsible for:

• Putting in place an appropriate level of security protection procedures in line with the DFE Filtering and monitoring standards for schools and colleges.
• Ensuring that the Trust IT systems are secure and protected in line with the DFE Cyber security standards for schools and colleges.
• Ensure file storage is in line with the DfE Servers and storage standards for schools and colleges
• Conducting security checks and monitoring Trust IT systems on a regular basis.
• Blocking access to potentially dangerous sites and, where possible, preventing the downloading of potentially dangerous files.
• Maintaining block and allow lists for staff and students, ensuring consistency across all schools.
• Ensure device monitoring systems are working as expected

4.6.2 Working with the Trust Safeguarding Leader to review the Guardian Web Filter Policy elements:

• Who: The individual user or user-group to whom the policy applies
• What: The web content category, or a group of categories, to be actioned by the policy
• Where: A network location (an IP or range of IP’s) that the policy will apply too
• When: A time-slot during which the policy will be active
• Action: How the Smoothwall will action the policy

The Headteacher is responsible for ensuring that staff understand this policy, and that it is being implemented consistently throughout the school.

The school has undertaken the advised 360 evaluation of online safety (360 safe website) and has an action plan where any gaps have been identified.

4.8.1 Details of the school Designated Safeguarding Lead (DSL) and Deputies are set out in the school protocol.

4.8.2 Day to day management of filtering and monitoring systems requires the specialist knowledge of both safeguarding and IT staff to be effective. The DSL should work closely together with IT service providers to meet the needs of the setting and may need to ask filtering or monitoring providers for system specific training and support.

4.8.3 The DfE Filtering and monitoring standards for schools and colleges expect that the DSL should take lead responsibility for safeguarding and online safety, which could include overseeing and acting on:

• filtering and monitoring reports
• safeguarding concerns
• checks to filtering and monitoring systems

4.8.4 The DSL takes lead responsibility for online safety in school, in particular:

• Supporting the Headteacher in ensuring that staff understand this policy and that it is being implemented consistently throughout the school
• Working with the Headteacher, IT Manager and other staff, as necessary, to address any online safety issues or incidents
• Managing all online safety issues and incidents in line with the school child protection policy
• Ensuring that any online safety incidents are logged and dealt with appropriately in line with this policy
• Ensuring that any incidents of cyber-bullying are logged and dealt with appropriately in line with the school behaviour policy
• Updating and delivering staff training on online safety
• Liaising with other agencies and/or external services if necessary
• Providing regular reports on online safety in school to the headteacher and/or Trust Board

This list is not intended to be exhaustive.

4.9.1 All staff need to be aware of reporting mechanisms for safeguarding and technical concerns. They should report if:

• they witness or suspect unsuitable material has been accessed
• they can access unsuitable material
• they are teaching topics which could create unusual activities on the filtering logs
• there is failure in the software or abuse of the system
• there are perceived unreasonable restrictions that affect teaching and learning or administrative tasks
• They notice abbreviations or misspellings that allow access to restricted material

4.9.2 All staff, including contractors and agency staff, and volunteers are responsible for:

• Maintaining an understanding of this policy.
• Implementing this policy consistently.
• Agreeing and adhering to the terms on acceptable use of the Trust’s IT systems and the internet (Appendix 2) and ensuring that students follow the Trust terms on acceptable use (Appendix 1).
• Working with the DSL to ensure that any online safety incidents are logged and dealt with appropriately in line with this policy.
• Ensuring that any incidents of cyber-bullying are dealt with appropriately in line with the school behaviour policy.
• Responding appropriately to all reports and concerns about sexual violence and/or harassment, both online and offline and maintaining an attitude of ‘it could happen here’
• Understand the unique risks associated with online safety and be confident that they have the relevant knowledge and up to date capability required to keep children safe whilst they are online at school.
• Can recognise the additional risks that children with SEN and disabilities (SEND) face online, for example, from online bullying, grooming and radicalisation and are confident they can support SEND children to stay safe online.

This list is not intended to be exhaustive.

4.10.1 Beckfoot Trust would ask all of our parents and carers to support the aims of this policy by:

• Ensuring their child (where age appropriate) has read, understood and agreed to the terms on acceptable use of IT and internet
• Helping and supporting the school in promoting online safety with their children
• Discussing online safety concerns with their children, showing an interest in how they are using technology, and encouraging them to behave safely and responsibly when using technology
• Consulting with their Beckfoot Trust School if they have any concerns about their child’s use of technology
• Supporting Beckfoot Trust’s approach to online safety and not deliberately post comments or upload any images, sounds or text that could upset or offend any member of the school community or bring the school into disrepute

Parents/Carers can seek further guidance on keeping children safe online from the following organisations and websites:

• What are the issues? – UK Safer Internet Centre
• Hot topics – find out more information about the topics affecting young people | Childnet
• Parents and Carers resource sheet | Childnet
• Safer Internet Day 2023 Film for Parents and Carers
• Online Safety Basics – National Cybersecurity Alliance (staysafeonline.org)
• TALK Checklist by Internet Watch Foundation | Home (iwf.org.uk)

Visitors and members of the community agree to the terms and conditions of the acceptable use policy (see appendix 2) when signing in at reception. Safeguarding information sheets are distributed on arrival to make visitors aware of the Trust’s IT systems. Internet access tp guest WIFI is time limited and accessible through a code distributed on arrival.

There are four stages of prevention and action when managing online safeguarding:

• Education – School’s preventative curriculums help pupils understand how to stay safe online and why certain content is unacceptable
• Prevention – All staff are vigilant and don’t rely on technical monitoring
• Reaction – All staff should address unacceptable and unsafe behaviour and the DSL should investigate any online safeguarding incidents
• Reporting and monitoring – Leaders should review reports …so that strategies are put in place to ensure safe use of technology in our schools

The DfE Filtering and monitoring standards for schools and colleges states clearly that technical monitoring systems do not stop unsafe activities on a device or online. Staff should:

• provide effective supervision
• take steps to maintain awareness of how devices are being used by pupils
• report any safeguarding concerns to the DSL

Students will be taught about online safety as part of the curriculum.

In Key Stage 1, students will be taught to:

• Use technology safely and respectfully, keeping personal information private
• Identify where to go for help and support when they have concerns about content or contact on the internet or other online technologies

In Key Stage 2, students will be taught to:

• Use technology safely, respectfully, and responsibly
• Recognise acceptable and unacceptable behaviour
• Identify a range of ways to report concerns about content and contact

In Key Stage 3, students will be taught to:

• Understand a range of ways to use technology safely, respectfully, responsibly, and securely, including protecting their online identity and privacy
• Recognise inappropriate content, contact, and conduct, and know how to report concerns

In Key Stage 4, students will be taught:

• To understand how changes in technology affect safety, including new ways to protect their online privacy and identity
• How to report a range of concerns

Individual school curriculums should address online safety through the four categories of risk; content, contact, conduct and commerce (See Section 3).

The safe use of social media and the internet will also be covered in other subjects where relevant.

The school will use assemblies to raise students’ awareness of the dangers that can be encountered online and may also invite speakers to talk to students about this.

Where necessary, teaching about safeguarding, including online safety, will be adapted for vulnerable children, victims of abuse and some pupils with SEND.

Schools will raise parents’ awareness of internet safety in various ways e.g. parents’ evenings, letters, news items etc. through the school website or parental communication systems.

If parents/carers have any queries or concerns in relation to online safety, these should be raised in the first instance with the Headteacher and/or the DSL.

Concerns or queries about this policy can be raised with any member of staff or the Headteacher.

Schools may need to seek further advice if they are concerned parents/carers are not addressing online safety.

A hoax is a deliberate lie designed to seem truthful, and online challenges generally involve users recording themselves taking a challenge, and then distributing the video through social media channels, inspiring or daring others to repeat the challenge.

We are aware there are many children and young adults who struggle to identify harmful online challenges and online hoaxes.

DSLs together with the IT service will undertake a case-by-case assessment, establishing the scale and nature of the possible risk to our children and young people, including considering if the risk is national, local, or school related.

Where the assessment finds an online challenge to be putting pupils at risk of harm, e.g. it encourages children to participate in age-inappropriate activities that could increase safeguarding risks or become a child protection concern, they will ensure that the challenge is directly addressed to the relevant pupils, e.g. those within a particular age range that is directly affected or even to individual children at risk where appropriate.

We will provide appropriate guidance and which audiences this needs to go to following each assessment.

Definition:

Cyber-bullying takes place online, such as through social networking sites, messaging apps or gaming sites. Like other forms of bullying, it is the repetitive, intentional harming of one person or group by another person or group, where the relationship involves an imbalance of power. (See also the school Behaviour Policy.)

To help prevent cyber-bullying, we will ensure that students understand what it is and what to do if they become aware of it happening to them or others. We will ensure that Students know how they can report any incidents and are encouraged to do so, including where they are a witness rather than the victim.

The school will actively discuss cyber-bullying with students, explaining the reasons why it occurs, the forms it may take and what the consequences can be. Class teachers and Tutors will discuss cyber-bullying with their tutor/registration groups, and the issue will be addressed in assemblies.

Teaching staff are also encouraged to find opportunities to use aspects of the curriculum to cover cyber-bullying. This includes personal, social, health and economic (PSHE) education, and other subjects where appropriate.

All staff, board members and volunteers (where appropriate) receive training on cyber-bullying, its impact, and ways to support students, as part of safeguarding training (see section 17 for more detail).

The school also sends information/leaflets on cyber-bullying to parents/carers so that they are aware of the signs, how to report it and how they can support children who may be affected.

In relation to a specific incident of cyber-bullying, the school will follow the processes set out in the school behaviour policy. Where illegal, inappropriate, or harmful material has been spread among students, the school will use all reasonable endeavours to ensure the incident is contained.

The DSL will consider whether the incident should be reported to the police if it involves illegal material and will work with external services if it is deemed necessary to do so.

10.1.1 Trust schools may have different approaches to use of mobile devices in schools which should be reflected in the school’s Positive Learning Strategy or Behaviour Protocol.

10.1.2 Students may bring mobile devices into school, but are not permitted to use them during:

• Lessons
• Tutor group time
• Clubs before or after school, or any other activities organised by the schools

10.1.3 Any use of mobile devices in Trust schools by students must be in line with the acceptable use agreement (see Appendix 1) and the school local behaviour protocol.

10.1.4 Any breach of the acceptable use agreement by a student may trigger disciplinary action in line with the Trust Behaviour Policy and school protocol, which may result in confiscation of their device.

School staff have the specific power under the Education and Inspections Act 2006 (which has been increased by the Education Act 2011) to search for and, if necessary, delete inappropriate images or files on Students’ electronic devices, including mobile phones, iPads and other tablet devices, where they believe there is a ‘good reason’ to do so.

When deciding whether there is a good reason to examine or erase data or files on an electronic device, staff must reasonably suspect that the data or file in question has been, or could be, used to:

• Cause harm, and/or
• Disrupt teaching, and/or
• Break any of the school rules

If inappropriate material is found on the device, it is up to the staff member in conjunction with the DSL or other member of the senior leadership team to decide whether they should:

• Delete that material, or
• Retain it as evidence (of a criminal offence or a breach of school discipline), and/or
• Report it to the police*

*Staff may also confiscate devices for evidence to hand to the police, if a pupil discloses that they are being abused and that this abuse includes an online element.

Any searching of students will be carried out in line with:

• The DfE’s latest guidance on screening, searching and confiscation
• UKCIS guidance on sharing nudes and semi-nudes: advice for education settings working with children and young people

Any complaints about searching for or deleting inappropriate images or files on students’ electronic devices will be dealt with through the school complaints procedure.

All students, parents, staff, volunteers, and Board members are expected to sign an agreement regarding the acceptable use of the Trust IT systems and the internet (Appendices 1 and 2). Visitors will be expected to read and agree to the Trust terms on acceptable use if relevant.

Use of the Trust internet must be for educational purposes only, or for the purpose of fulfilling the duties of an individual’s role.

We will monitor and filter the websites visited by students, staff, volunteers, Board members and visitors (where relevant) to ensure they comply with the above.

More information is set out in the acceptable use agreements in Appendices 1 and 2.

11.1.1 Employees must not identify themselves as employees of the Trust in their personal web space. This is to prevent information on these sites from being linked with the Trust and to safeguard the privacy of staff members, particularly those involved in providing sensitive frontline services.

11.1.2 The Trust does not expect employees to discontinue contact with their family members via personal social media once the Trust starts providing services for them. However, any information employees obtain in the course of their employment must not be used for personal gain or be passed on to others who may use it in such a way.

11.1.3 Employees must not have any contact with pupils’ family members through personal social media if that contact is likely to constitute a conflict of interest or call into question their objectivity.

11.1.4 If employees wish to communicate with pupils through social media sites or to enable pupils to keep in touch with one another, they can only do so with the approval of the Trust and through official Trust sites created according to the requirements specified in section 11.

11.1.5 Employees must decline ‘friend requests’ from pupils they receive in their personal social media accounts. Instead, if they receive such requests from pupils of any school who are not family members, they may discuss these in general terms in class where the pupils attend the school and signpost pupils to become ‘friends’ of the official school site if there is one.

11.1.6 Information employees have access to as part of their employment, including personal information about pupils and their family members, colleagues, and other parties and Trust corporate information must not be discussed on their personal web space.

11.1.7 Photographs, videos, or any other types of images of pupils and their families or images depicting employees wearing clothing with school logos on must not be published on personal web space.

11.1.8 Trust/school email addresses and other official contact details must not be used for setting up personal social media accounts or to communicate through such media.

11.1.9 The Trust only permits limited personal use of social media during designated break points. However, employees are expected to devote their contracted hours of work to their professional duties, and, in practice, personal use of the internet should not be in the Trust’s time. This is subject to such use:

• Not depriving pupils of the use of the equipment and/or
• Not interfering with the proper performance of employee’s duties

11.1.10 Caution is advised when inviting work colleagues to be ‘friends’ in personal social networking sites. Employees are advised that they set the privacy levels of their personal sites as strictly as they can and to opt out of public listings on social networking sites to protect their own privacy. Employees should keep their passwords confidential, change them often and be careful about what is posted online. It is not appropriate to reveal home addresses, telephone numbers and other personal information. It is a good idea to use a separate email address just for social networking so that any other contact details are not given away.

11.2.1 Employees can only use official Trust sites for communicating with pupils or to enable pupils to communicate with one another.

11.2.2 Employees should seek permission from the Headteacher before creating an official Trust related site explaining their business reasons for doing so.

11.2.3 Any official Trust sites created must not breach the terms and conditions of social media service providers, particularly regarding minimum age requirements.

11.2.4 Employees must always act in the best interests of children and young people when creating, participating in or contributing content to social media sites.

11.2.5 If you are contacted for comments about the Trust for publication anywhere, including in any social media outlet please direct the enquiry to the Headteacher.

11.3.1 Staff who use the Trust’s IT and communication systems:

• Must use it responsibly
• Must keep it safe
• Must keep passwords confidential and must report any breach of password confidentiality to the Headteacher or nominated IT team as soon as possible.
• Must report any known breaches of this policy, including any inappropriate images or other material which may be discovered on the Trust’s IT systems.
• Must report to the Headteacher or designated safeguarding officer any vulnerabilities affecting child protection in the Trust’s IT and communications systems.
• Must not install software on the Trust’s equipment unless authorised by the IT leadership.
• Must comply with any IT security procedures governing the use of systems in the school, including anti-virus measures.
• Must ensure that it is used in compliance with this policy.

11.3.2 Any equipment provided to a Trust employee is provided for their sole use. Any use of the equipment by family or friends is not permitted and any misuse of the equipment by unauthorised users will be the responsibility of the staff member.

11.4.1 The following uses of IT are prohibited, may amount to gross misconduct, and could result in dismissal. Please see the Disciplinary Policy for further guidance.

• To make, to gain access to, or for the publication and distribution of inappropriate sexual material, including text and/or images, or other material that may deprave or corrupt those likely to read or see it
• To make, to gain access to, and/or for the publication and distribution of material promoting homophobia or racial or religious hatred
• For the purpose of bullying or harassment, or for or in connection with discrimination on the grounds of gender, race, religion, disability, age or sexual orientation
• For the publication and/or distribution of libellous statements or material which defames or degrades others
• For the publication of material that brings the Trust/school or its pupils or employees into disrepute
• For the publication and distribution of personal data without authorisation
• Where the content of the email correspondence is unlawful
• To participate in on-line gambling
• Where the use infringes copyright law
• To gain unauthorised access to internal or external computer systems (commonly known as hacking)
• To create or deliberately distribute IT or communications systems viruses
• To record or monitor telephone or email communications without the express approval of the Trust. In no case will such recording, or monitoring be permitted unless it has been established that such action is in full compliance will the relevant legislation i.e. the Regulation of Investigatory Powers Act 2000.
• To participate in “chain” e-mail correspondence
• In pursuance of personal business or financial interests or political activities (excluding the legitimate activities of recognised trade unions).

12.1 Staff members using a work device outside school must not install any unauthorised software on the device and must not use the device in any way which would violate the Trust’s terms of acceptable use, as set out in Appendix 2.

12.2 Staff must ensure that their work device is secure and password-protected, preferably encrypted where possible and practical, and that they do not share their password with others. Any USB, disks or portable hard drives devices containing Trust or school data must be encrypted/password protected.

12.3 Staff must take all reasonable steps to ensure the security of their work device when using it outside school. For example, but not limited to:

• Not connecting to an unprotected WIFI connection
• Using the device where the screen may be visible by others when accessing personal data e.g. student and staff records:
• Making sure the device is locked if left unattended
• Not sharing the device among family or friends

13.1 It is a condition of the Trust Insurance Policy that whenever hardware e.g., laptops and mobile phones are left in an unattended vehicle, they must be kept out of sight in a luggage compartment, glove compartment, or similar container and all windows or openings must be closed and all doors locked. If the items are left in an unattended vehicle overnight, the vehicle must be in a secure or attended garage or compound. In the event of a theft, failure to adhere to these conditions will result in an insurance claim being refused.

If staff have any concerns over the security of their device, they must seek advice from the IT team or Cluster Business Manager.

13.2 Work devices must be used solely for work activities.

13.3 Loss or theft of any work equipment must be reported to the police immediately and IT Team or Cluster Business Manager immediately. Full details of the loss or theft will be required together with the crime reference number for insurance purposes.

10.5.1 The Trust (where authorised by the Headteacher) reserves the right to monitor usage of its internet and email services without prior notification or authorisation from users.

14.1 The Trust (where authorised by the Headteacher) reserves the right to monitor usage of its internet and email services without prior notification of authorisation from users.

14.2 Case example: A recent European Court of Human Rights case ruled that an employer was legitimately entitled to access an employee’s social media messenger account. This was because the messages had been sent during working hours, from a work account and on a work device. Therefore, users of the Trust’s email and internet services should have no expectation of privacy in anything they create, store, send or receive using the Trust’s IT system. As such employees should not use the school’s IT resources or communication systems for any matters that are private and confidential.

15.1 Any breach of this policy will be fully investigated and may lead to disciplinary action being taken against the employee/s involved in line with the Trust’s Disciplinary Policy and Procedure.

15.2 A breach of this policy leading to breaches of confidentiality, or defamation or damage to the reputation of the Trust/school or any illegal act/s that render the Trust/school liable to third parties may result in disciplinary action or dismissal.

15.3 Contracted providers of the Trust’s services must inform the Trust immediately if they become aware of any breaches of this policy so that appropriate action can be taken to protect confidential information and limit damage to the reputation of the Trust.

15.4 Under the Regulation of Investigatory Powers Act (2000) the Trust can exercise the right to monitor the use of the Trust’s/school’s information systems and internet access where it is believed that unauthorised use may be taking place, to ensure compliance with regulatory practices, to ensure standards of service are maintained, to prevent or detect crime, to protect the communications system and to pick up messages if someone is away from school.

15.5 In certain circumstances the Trust will be obliged to inform the Local Authority Designated Officer (LADO) and/or police of any activity where there are concerns that it may constitute a safeguarding issue or potentially involve illegal activity.

16.1 Where a student misuses the Trust’s IT systems or internet, we will follow the procedures set out in the Trust Behaviour Policy and school protocol. The action taken will depend on the individual circumstances, nature, and seriousness of the specific incident, and will be proportionate.

16.2 Where a staff member misuses the Trust’s IT systems or the internet or misuses a personal device where the action constitutes misconduct, the matter will be dealt with in accordance with the staff disciplinary procedures. The action taken will depend on the individual circumstances, nature, and seriousness of the specific incident.

16.3 The Trust will consider whether incidents which involve illegal activity or content, or otherwise serious incidents, should be reported to the police.

16.4 Any incidents which result in the unauthorised access, processing or sharing of personal data this will be considered a data breach under the Trust GDPR Data Protection and FOI Policy and must be notified immediately to the Cluster Business Manager.

17.1 All new staff members will receive training, as part of their induction, on safe internet use and online safeguarding issues including cyber-bullying and the risks of online radicalisation.

17.2 All staff members will receive refresher training at least once each academic year as part of safeguarding training, as well as relevant updates as required (for example through emails, e-bulletins and staff meetings).

By way of this training, all staff will be made aware that:

• Technology is a significant component in many safeguarding and wellbeing issues, and that children are at risk of online abuse
• Children can abuse their peers online through:
• Abusive, harassing, and misogynistic messages
• Non-consensual sharing of indecent nude and semi-nude images and/or videos, especially around chat groups
• Sharing of abusive images and pornography, to those who don’t want to receive such content
• Physical abuse, sexual violence and initiation/hazing type violence can all contain an online element

Training will also help staff:

• Develop better awareness to assist in spotting the signs and symptoms of online abuse
• Develop the ability to ensure pupils can recognise dangers and risks in online activity and can weigh the risks up
• Develop the ability to influence pupils to make the healthiest long-term choices and keep them safe from harm in the short term

17.3 The DSL and Deputies will undertake child protection and safeguarding training, which will include online safety, at least every 2 years. They will also update their knowledge and skills on the subject of online safety at regular intervals, and at least annually.

17.4 Board members will receive training on safe internet use and online safeguarding issues as part of their safeguarding training.

17.5 Volunteers will receive appropriate training and updates, if applicable.

More information about safeguarding training is set out in our Child Protection and Safeguarding policy.

The DSL or Deputies will log behaviour and safeguarding issues related to online safety, using CPOMs.

This policy will be reviewed annually.

The review will be supported by an annual risk assessment and information gathered by the external safeguarding reviews which considers and reflects the risks pupils face online. This is important because technology, and the risks and harms related to it, evolve, and change rapidly.