OCL E-Safety Policy

OCL E-Safety Policy

Oasis IT Services

Last updated: 01/09/2016

Version 2.0

E-Safety Policy

V2.0 September 2016

IT Services / Review date01/09/2017

Document Control

Changes History

Version / Date / Amended by / Recipients / Purpose
2.0 / 01/09/16 / Rob Lamont Head of IT / All Oasis staff / Updated Legislation

Approvals

This document requires the following approvals.

Name / Position / Date Approved / Version
John Barneby / Acting Director HR / 01/09/16 / 2.0

Distribution

This document has been distributed to:

Name / Position / Date / Version
All Oasis Academy Principals / - / 02/09/16 / 2.0
All Academies Staff And Oasis Centre Staff / - / 2.0

E-Safety Policy

V2.0 September 2016

IT Services / Review date01/09/2017 1

contents

Introduction

Purpose

Scope

Change

Authorisation

Privacyand Monitoring

Definitions ofUnacceptable Usage

Legalconstraints

OverviewofE-Safety

Statement ofResponsibilitiesforE-Safety

AccesstoOasisNetwork,Internet,anyonline Oasis system and Microsoft Office 365

Child protection,incidentsand sanctions

Appendices - Guidance documents

Appendix1

Legalconstraints- references

Copyright, DesignsandPatentsAct 1988

MaliciousCommunications Act 1988

Computer Misuse Act1990

Criminal Justice& PublicOrder Act 1994

Trade Marks Act1994

DataProtectionAct 1998

Human RightsAct 1998

Regulation of InvestigatoryPowersAct2000

Freedom ofInformationAct2000

CommunicationsAct 2003

Criminal JusticeandImmigration Act 2008

Appendix 2

Developing E-Safety, Academy Strategy for use of Technologies, Escalation points and sanctions

Rulesfor Students

SAFETY FIRST

Information is power!

Respect!

Protect!

WholeAcademy Planning and Procedures

Incident and sanctions matrices

Planning tool-SanctionsMatrix

Default Oasis IT Services policy re communication technologies

Flowdiagramofhowtoreportincidents

Appendix 3

Rolesand responsibilities

Appendix 4

Oasis Safeguarding Statement of Intent

Policyand Procedures

Board of TrusteesResponsibilities

Disclosure & Barring Checks

SafeguardingLeads/Child ProtectionOfficers

Training

Audit

Appendix 5

E-Safety embedded into other Oasis Policies

Introduction

1Anti-bullying Policy

2BehaviourforLearningPolicy

3CurriculumPolicy(Primary)

4TeachingandLearningPolicyGuidance(Primary)

5CurriculumPolicy(Secondary)

6TeachingandLearningPolicy(Secondary)

7Parental/carer’sCodeofConductPolicy

8OffsiteActivitiesandEducationalVisitsPolicy

•Personaldevices

•Mobile Phones

E-Safety Policy

V2.0 September 2016

IT Services / Review date01/09/2017 1

E-Safety Policy

Introduction

Purpose

ThisE-Safety Policy applies without exception to all users of ICT facilities and equipment within the Oasis Trust (Oasis). This includes staff, students and any visitors who have been provided with temporary access privileges.

The purpose of this policy is to provide guidance on the use of network resources which includes the use of any online Oasis system and Microsoft Office 365, the internet, e-mail, instant messaging,socialmedia,mediapublications, filetransmissionand voicecommunications.

Scope

ThepolicyappliestoactivitiestakingplaceinanylocationwhereaccesstoandtheuseofanyOasisICTsystemsand/orequipmenttakesplace,e.g.laptopcomputersathome;remoteaccesstoanyonline Oasis system and Microsoft Office 365 andnetworkedresources.

The policy alsocoversthe useof personallyowned PCsanddevicesonOasispremises.

AlluserswillbedeemedtobefamiliarwithandboundbythisE-SafetyPolicy.Acopyofthispolicycanbefoundon the Oasis SharePoint.

The contents of this document are fully compliant with the DfE statutory guidelines that come to be enforced from 05.09.2016 in ‘Keeping children safe in education’. Although still under the advisory provision, the Appendices within this document and the E-Safety policy cover the use of Oasis IT Services if applied correctly within Academies.

Change

ThispolicyismaintainedbyOasisGroupITServices.RequeststochangethepolicyshouldbemadetotheHeadofGroupITServices.AllchangeswillneedtobeapprovedbytheHeadofGroupITServicesandtheOasisGroup Executive.

Authorisation

InordertouseICTfacilitiesatOasisapersonmusthavebeenissuedstaff,studentorguestaccesstothenetwork. Useof OasisICTfacilitieswill be deemed tobeacceptanceof the terms andconditionsof thispolicy.

Itisexpectedthatalluserswilladheretogrouppasswordpolicyandguidelinesinadditiontoallrelevantregulatoryandlegal requirements. Detailsof thePassword protocolsareavailableinthisdocument.

Privacyand Monitoring

Oasis IT Services reserve the rightto monitoremail, telephone and any other electronically-mediated communications, whether stored or in transit, in line with relevant legislation.

AllusersofOasisICTfacilitiesorequipmentexpresslywaiveranyrightofprivacyandthereforeshouldhavenoexpectationsofprivacyin anythingtheycreate,store,send or receive using Oasis’ ICTsystems andequipment.

Reasonsfor suchmonitoringinclude the need to:

•Establish the existence of facts (e.g. to provide evidence of commercial transactions in casesof disputes);

•Investigate or detect unauthorised use of group telecommunications systems and ensure compliance with this policy or other Oasis policies;

•Ensure operational effectiveness of services (e.g. to detect viruses or other threats to the systems);

•Prevent breach of the law or investigate a suspected breach of the law, the Oasis polices or contracts;

•Monitor standards and ensure effective quality control.

Monitoring may involve:

•Examining the number and frequency of emails;

•Viewing sent or received emails from a particular mailbox or stored on any server;

•Examining logs of ICT facility usage;

•Monitoring the amount of time spent on the Internet;

•Internet sitesvisitedandinformation downloaded.

Whereabuseissuspectedamoredetailedinvestigationinvolvingfurthermonitoringandexaminationofstoreddatamaybeundertaken.Wheredisclosureofinformationisrequestedbythepolice,(oranotherlawenforcementauthority)therequestshould be directed to the Headof GroupITServicesor otherdesignatedstaffmember.

Oasisstaffwhohaveaccesstopersonaldata,(asdefinedundertheDataProtectionAct1998)areresponsibleforensuringthatsuchdataisnotmadeavailabletounauthorisedindividualsandthatthesecurityofallsystemsusedto accessand manage thisdataisnotcompromised.

OasisITServicesmaintaintherighttoaccesstheOasisemailaccountofstaffmembersafterterminationofemploymentforoperational reasonsand forthecontinuing deliveryofservices.

Definitions ofUnacceptable Usage

Unacceptableuse ofcomputersand networkresources maybe summarisedas:

•Creating, displayingor transmittingmaterial that isfraudulentor otherwise unlawful orinappropriate.

•Threatening,intimidatingorharassingemployeesandstudentsincludinganymessagethatcouldconstitutebullyingorharassment,e.g.onthegroundsofsex,race,disability,religionorbelief,sexualorientation orage.

•Usingobscene, profane orabusive language.

•Usinglanguagethatcouldbecalculatedtoincitehatedagainstanyethnic,religiousorotherminoritygroup

•Intellectualproperty rights infringement,includingcopyright,trademark,patent,designandmoralrights

•Defamation(genuine scholarlycriticismispermitted)

•Unsolicitedadvertising often referredto as“spamming”

•Sendingemailsthatpurporttocomefromanindividualotherthanthepersonactuallysendingthemessageusing, e.g. a forgedaddress

•Attemptsto break intoor damagecomputersystemsor dataheldthereon

•Actionsorinactionswhichintentionally,orunintentionally,aidthedistributionofcomputervirusesorothermalicioussoftware

•Attemptstoaccessoractionsintendedtofacilitateaccesstocomputersforwhichtheindividualisnotauthorised

•Usingthenetworkforunauthenticatedaccess

•Usingthe ICTfacilitiestoconduct personalcommercialbusiness or trading

Theserestrictionsshouldbetakentomean,forexample,thatthefollowingactivitieswillnormallybeconsideredto bea breachof policy:

•Downloading,distribution,orstorageofmusic,video,filmorothermaterial,forwhichyoudonotholdavalid licenceor other valid permission formthe copyright holder

•Distribution orstoragebyanymeansofpiratedsoftware

•Connectinganunauthoriseddevicetothenetwork,i.e.onethathasnotbeenconfiguredtocomplywiththispolicyandanyotherrelevantregulationsandguidelinesrelatingtosecurity,purchasingpolicy,andacceptableuse

•Circumvention ofnetworkaccess control

•Monitoring orinterception ofnetworktraffic, without permission

•Probingfor thesecurity weaknesses of systemsbymethods such asport-scanning,withoutpermission

•Associatinganydevice to networkAccessPoints, includingwireless,to which youarenotauthorised

•Non-academic/non-businessrelatedactivitieswhichgenerateheavynetworktraffic,especiallythosewhich interfere with others’legitimateuseof ICTservices orwhich incur financial costs

•Excessiveuseofresourcessuchasfilestore,leadingtoadenialofservicetoothers,especiallywhencompoundedbynot responding to requests for action

•FrivoloususeofICTsuites,especiallywheresuchactivitiesinterferewithothers’legitimateuseofICTservices

•UseofCDs,DVDs,andother storagedevicesforthepurposeofcopyingunlicensedcopyrightsoftware,music,etc.

•Copying ofother peoples’websitematerial withouttheexpresspermission of thecopyrightholder

•Useofpeer-to-peerandrelatedapplications.Theseinclude,butarenotlimitedto,Ares,BitTorrent,Direct Connect, Morpheus, KaZaA

StaffandstudentsshouldconsiderthespiritoftheOasisEthoswhenworkingonOasisICTsystems.AnyconductwhichmaydiscreditorharmOasis,itsstaffortheICTfacilitiesorcanotherwisebeconsideredintentionallyunethical isdeemed unacceptable.

IncidentsofmisusewillbedealtwithbyOasisinaccordancewiththeBehaviourforLearningPolicy(students)orbesubject tothedisciplinaryproceduresoutlinedinthetermsandconditionsof employment (staff). Theappropriatelevelofsanctionswillbeappliedasdeterminedbythenatureofthereportedmisuse.Asamplematrixforstudent-related incidentswhichcouldoccurcanbeseen intheOasisE-Safety Policy.

Legalconstraints

Softwaremaynotbecopied,installed,orusedonOasisITequipmentexceptaspermittedbytheownerofthesoftware andbylaw. OasisITserviceswill properlylicense software andstrictlyadhere toall licensingprovisions,including installation, use,copying, numberofsimultaneous users, and termsof the license

Itisuptotheusertocheckthetermsandconditionsofanylicencefortheuseofthe softwareorinformationandtoabidebythem.SoftwareprovidedbyOasisITServicesmayonlybeusedaspartoftheuser’sdutiesasanemployee orstudentor foreducationalpurposes.

TheusermustabidebyallthelicencingagreementsforsoftwareenteredintothebytheOasisTrustwithotherparties,notingthattherighttouseanysuchsoftwareoutsideOasispremiseswillceasewhenanindividualleavestheinstitution.AnysoftwareonaprivatelyownedcomputerthathasbeenlicensedunderanOasisagreementmust thenbe removed from it, aswell asanyOasisowned data.

Theusermustcomplywithalltherelevantlegislationandlegalprecedent,includingtheprovisionsofthefollowing Acts of Parliament, or anyre-enactment thereof:

•Copyright,Designs andPatentsAct1988;

•MaliciousCommunicationsAct1988;

•Computer Misuse Act 1990;

•CriminalJusticeandPublicOrder Act1994;

•TradeMarksAct 1994;

•Data ProtectionAct1998;

•Human RightsAct1998;

•Regulationof InvestigatoryPowersAct 2000;

•FreedomofInformationAct2000;

•CommunicationsAct2003;

•CriminalJusticeandImmigration Act2008.

Anybreachoftheabovelegislationorrelatedpolicesisconsideredtobeanoffenceandinthatevent,OasisTrust disciplinaryprocedureswill apply.

For furtherinformationpleasecontact theNational ITServiceDesk:

E-Safety Policy

V2.0 September 2016

IT Services / Review date01/09/2017 1

OverviewofE-Safety

OasisrecognisesthattheuseofICTisexpandingrapidlyinallsectorsofsociety.Theexchangeofideas,socialinteractionandlearningopportunitiesinvolvedaregreatlybeneficial.However,theinternetisvastandunregulated,and,incommonwithallcommunicationmedia,thereremainstheconcernthatitcanbeabused.Thereforethispolicysetsoutstrategiesforthesafeandresponsibleuseofanyonline Oasis system and Microsoft Office 365, Oasis networksand theinternet.

All usersare accessing the internet both inand out of the Oasisnetwork. Therefore, OasisTrustaspirestoensurethatallusersintheAcademiesareawareofpotentialrisksandhowtopractisesafe,responsiblebehaviourwhenever and wherever theyare online.

Wewill ensure that all usersoftechnologycanbe safe online when theyare in thecareofOasisandwilleducatethemtoprotectthemselveswhentheyarenotinOasiscare.Asaconsequence,whentheyusetechnologythatisnewto them, they willactina responsible andsafe way.

Wewantallprofessionalstousetechnologytoenhancetheirworkingpracticeandfindnewwaysofpersonalisinglearningthatsuitthedifferentaptitudesandinterestsoflearners,includingthosewithspecialneeds.Technologycanimprovetheplanninganddeliveryofteachingaswellasmakingthelearningexperiencemoredynamicandinteractive.ICTcanhelptoensurethatstudentsfindthelearningprocessmoremeaningful,enjoyableandengaging.Therefore,wewanttheeffectiveuseoftechnologytobeembeddedinteachingandlearningacrossallOasisactivities.

E-SafetyisseenbyOasisasanextensionofgeneralsafeguardingandchildsafety.Thereforeweaimtogenerateawide-rangingawarenessoftheresponsibilities,policiesandproceduresaroundchildsafety.Safeguardingusersiseveryone’sresponsibilitythereforetheseregulationsapplytoallusers,nomatterwhattheir role within Oasis.

Thispolicygivesprovidesguidanceforsafe,responsiblebehaviourwhilstaccessingtheOasissystemsandtheinternet.PleaserefertotheOasisITSecurityPolicyandtheAcceptableUseofTechnologyPolicyforguidanceregarding thesecurity ofdataand ICTequipment.

ItisOasis’policytoprotectusersfromharm,sofar asisreasonablypracticable,whilstmaximisingtheeducationalandsocialbenefitsofusingtechnology.Therefore,thispolicyaimstogiveguidanceonhowthiscanbe accomplished.

Statement ofResponsibilitiesforE-Safety

Oasishasaresponsibilitytoensurethatallreasonableandappropriatestepshavebeentakentoprotectuserswhilst usingInformation Technologies.

Whilst each individual is responsible for their own E-Safety, a detailed description for the role and responsibility for each of the following groups is defined in Appendix 3 – Roles and Responsibilities

Oasis Trust Group Executive:

Overall responsibility for theE-Safety Policy

National/Regional Academy Directors:

Responsiblefor the effective operation andmonitoring of theE-SafetyPolicybyAcademiesand AcademyCouncils

Oasis Academy Councillors:

Responsibility for ensuringthat theE-Safety Policy isapproved andapplied withinan Academy

OasisAcademyPrincipals,SeniorLeadersandSafeguardingOfficers

Responsibility for implementation of theE-Safety Policy within an Academyand reviewingon a regular basis

OasisNational,Regionalandsite-basedITsupportteams:

Responsibilityforthecreationofasafeworkingenvironmentandreviewingregularlyproceduresagainstnewtechnologies

Oasisstaff,includingexternalagencies

Responsibility tomake sure that theyandstudents can work safelywithin E-Safety guidelines

OasisStudents

Responsibility for theirown actionsandtheir use of ITfacilitiesat Oasis.

ResponsibilitiesofParents/carers

ResponsibilityforunderstandingtheOasisE-SafetyguidelinesandensuringthattheirchildworkswithinthoseE-Safety guidelines.

Eachindividualisresponsiblefor making sure that theyunderstand what their role and responsibility entails,

OasishasaresponsibilitytoensurethatallreasonableandappropriatestepshavebeentakentoprotectuserswhilstusingInformationTechnologies.TothatendeachOasisAcademywilltakeeveryopportunitytohelpstaff,studentsandtheirparents/carersunderstandE-Safetyissuesthroughstafftraining,parents’meetings,newsletters,letters,website,onlinelearningspacesaswellasprovidinginformationaboutnationalandlocalE-Safety campaigns.

(See theOasisSafeguardingStatementof Intent–Appendix4)

AccesstotheOasisNetwork,Internet,anyonline Oasis system and Microsoft Office 365

Oasisviewsaccesstoitstechnologyandtotheinternetasaprivilegeandnotaright.Oasis’scomputernetworkisthe property of Oasisand allstaffhave the responsibility touse Oasis’computerresourcesandtheinternetin aprofessional, lawful andethicalmanner.

Whereauthorisedbytheirlinemanager,staffwillbeprovidedwithaccesstoOasis’computernetworkandanyotheraccesstoonlineOasisresources.Theywillbegivenauniqueauthoriseduseraccountandpasswordforuseon the OasisNetworkonlywhen theyhave signed and agreed to abidebytheE-SafetyPolicyfor Staff.

Parents/carerswillbeaskedtosignandreturnaconsentformbeforestudentsareallowedtouseOasis’computersystemstoaccessthe internet ortouse email facilities.

StudentswillbeprovidedwithaccesstoOasis’scomputernetworkintheir initial coreIT lesson.TheywillalsobegivenabriefinductionandexplanationoftheirresponsibilitiesregardingtechnologyinOasis.Theywillbeaskedto sign acontract agreeing to theE-Safety Policy.

OnceusershavesignedtheE-SafetyAgreement(default level documentsofeachtypeofconsentformisfoundinAppendix5–SampleAcceptableUseAgreements)theOasisITServiceteamwillberesponsibleforsettingupauthoriseduseraccountsonthenetworkandgivingeveryuseraninitial password.AnypasswordsgeneratedforusebytheOasisITServiceteamshouldbechangedimmediatelyafterinitialuse.Pleaseseeguidanceonpasswordsbelow.

Oasisiscommittedtoreinforceresponsibleuseoftheinternetateverylevel.Therefore,‘RulesforStudents’,aresponsibleusestatementwhichclearlystateswhatisacceptableandwhatisnotacceptable,shouldbedisplayed prominentlywherever ITequipment and the internet isavailable within Oasis. (Please refer to a samplestatement in Appendix2 – RulesforStudents).

Passwords

Withtheadventofincreasinglysophisticatedpasswordcrackingprograms,stepsneedtobetakentominimisetheproblemposedbymalicioususerstryingtobreakinto accounts.Thesecurityofpasswordsused foraccountsheldonOasis’serversisahighlyimportantissue.Thepasswordsusedshouldbecarefullyconsideredasbadlychosenpasswordshave thepotential to becracked oreasilyguessed.

•Forstaff and Students (Key Stage 3 and above) passwords must be at least 7 characters long and should be a combination of letters and numbers

•For younger students a simpler password is allowed but must be at least 4 characters long.

•A password must not be based on anything connected with the individual who owns the account. This includes anything associated with a name or initials, job description, address or postcode.

•Any passwords generated for use by the Oasis IT Service team should be changed immediately after initial use.

•User accounts are issued by the Oasis IT Service team for individual use only.

•Accounts and passwords must not be shared, given away or offered for use to anybody else.

•Users must take all reasonable steps to keep their passwords confidential and must not disclose them to anyone else.

•Passwords shouldbechangedat regularintervals.

InternetAccess

AllaccesstotheinternetatOasismustbeviathefilteringsoftwareinstalledbyOasis.Thisfilteringsoftwareshouldhelptopreventaccesstoinappropriatesitesavailableovertheinternet.However,noautomaticfilteringservicecanbe100%effectiveinpreventingaccesstosuchsitesanditispossiblethatusersmayaccidentallyaccessunsavourymaterialwhilstusingtheinternet.Insuchcircumstances,usersmustexitthesiteimmediatelyandadvisethepersonresponsibleforICTintheAcademy,providingdetailsofthesite,includingthewebaddress,toreducethepossibilityofthematerialbeingaccessedagaininfuture.ThepersonresponsibleforICTwill then arrange forthe filtering rulestobe revised toblock the site.

Accesstotheinternetisavailableforauthorisedusersonlyandisprovidedtosupportworkrelatedactivitiesandfor educational purposesonly.

Thereisahugeamountofinformationavailabletousersviatheinternet,andstudentsshouldbetaughttobecriticallyawareofthematerialstheyreadandshownhowtovalidateinformationbeforeacceptingitsaccuracy.Studentsshouldbetaughttoacknowledgethesourceofinformationusedandtorespectcopyrightwhenusinginternetmaterialin theirown work.

AcceptableuseoftheinternetisdetailedintheE-SafetyPolicy.Asageneralrule,usersshouldrememberthattheyareactingasarepresentativeofOasisandshouldatalltimeshaveregardforOasispoliciesandlegislationwhen using theinternet.

Email

Oasisoperatesanorganisation-wideemailsystem;whereappropriate,staffandstudentswillbeprovidedwithauniqueOasisaccountfortheirindividualuse.Accesstothisemailaccountwillberescindedonterminationofemploymentandall other networkpasswordschanged

However,un-regulatedemailcanprovideameansofaccessthatbypassesthetraditionalAcademyboundariesanditisdifficulttocontrolcontent.Therefore,inOasiscontext,emailshouldnotbeconsideredprivateandOasisreservestherighttomonitoremailaccounts.Tomaintainthesafetyofstaffandstudents,itisthepolicyofOasisTrust to filterincomingandoutgoingemailsfor viruses andpotentiallyharmful attachments.

Oasisrealisethatanyfilteringisnot100%effective,andthereisaclearcommitmenttoeducatestaffandstudents tobecomeresponsible usersof email and tobeself-regulating toa large extent.

Ifanoffensiveemailisreceived,theOasisITServiceteamorapersonresponsibleforICTattheAcademyshouldbecontactedimmediatelysothatappropriatemeasurescanbetaken.Studentswhochoosetomisusethe email systemwillbesubject todisciplinaryprocedures byOasis.

Email sentto anexternalorganisation fromOasisshouldbe writtencarefully.Personalemailor messagingwhilstinthecourseofemploymentatOasisshouldnottakeplaceandpersonalemailbetweenstaffandstudentsisforbidden.Abuse oftheuse ofemail maylead todisciplinaryconsequences for bothstaff and students.

MediaPublications

Videoandphotographictechnologiescanbeverypowerfullearningtools.However,photographsand/orvideomaybe taken bystaff tosupport educational aimsonly. Named imagesof studentswill onlybe published with theseparate writtenconsent oftheir parentsorcarers. Publishing includes,butis notlimited to:

•Oasisweb sites

•Webbroadcasting,

•TV presentations

•Newspapers

Studentswillbeallowedtousevideoconferencingfunctionalitywithinacontrollededucationalcontextundertheguidance of Oasisstaff

Care should betaken whencapturing photographs,videos orusing video-conferencing to ensurethatall studentsare appropriatelydressedandpermissionsgained fromparentsandcarersin line with normalguidance.

Thismaybealteredor amended atanytime bythe parentorcarerbywritten request.

Student’sworkwillonlybepublishediftheparent’sorcarer’swrittenconsentisreceived.Thismaybealteredoramendedat anytime bytheparent or carer bywritten request.

Social Networking sites, Newsgroups and Forums, Chat and Instant Messaging, Personal Website and Blogs

Conferencingisapowerfulmethodforstudentsandstafftoshareinformationandopinion.However,someconferencingapplications,includingchatandnewsgroupssometimesattractundesirableandirrelevantcomment.Openaccesstoun-moderatednewsgroupsbycontributorsmeansthatnewsgroupscanbeinfiltratedbythe immatureandoffensiveand for thisreason,maynotbe made available in Academies.

AspartoftheE-safetysessionsrunwithinthecurriculum,studentswillbeinstructedaboutaccesstosocialnetworkingsitesandhowsuchwebsiteswillbeusedwithinaneducationalcontext.Studentswillbetoldaboutthe restrictions thatapplyto personal use and howtheyshould protect theirpersonal information.

Oasiswillmaintainonline Oasis systems and Microsoft Office 365,toenablestaff,teachers,studentsandparents/carerstojointlycelebrate,shareandlearnfromoneanother.Thetoolsprovidedwithin anyonline Oasis system and Microsoft Office 365provideasecurewayofintroducingstudentstotheworldofsocialnetworkingandhowtoprotectthemselvesastheybecomeautonomoususersoftechnologysystemsthatfalloutsideofcontrolledschoolenvironment.Thesetoolsincludeblogs,forumandavideoconferencing/IMsolution.

Oasisrealisesthatthemajorityofyoungpeopleareusingsocialnetworkingsitesathome.Weaimtomakestudentsresponsibleusersofthesesitesandthereforestudentsshouldbemadeawareoftheadvantagesanddangersof usingthese websites.

Child protection,incidentsand sanctions

EachAcademyisresponsibleforsettinginplacearobustandsecuresystemtoensurethatanyincidentsorinfringementsoftheE-SafetyPolicyaretobereportedanddealtwithaccordingtotheirchosendisciplineandsanctions policy. This should reflect howthe E-safety issues will alsoimpact upon otherdisciplinarypolicies.

To ensurea baselineofcarethe following areasshould beclearlyidentified withineach Academy’sPolicies:

•HowanybreachesoftheE-Safety Policywill be dealtwith;

•HowE-Safety training will beimplementedfor the different users,including Parent/Carers;

•HowtheAcceptableUseofTechnologiesAgreementswillbeexplained,issuedandsignedbythedifferent usersofthe Oasissystemandequipment.

To assist in the developmentof an individual Academy’spolicies,guidance documents havebeendeveloped witha step bystepapproachto:

•Rolesand responsibilities

•E-Safety guidesforstudents

•Childprotection, incidents andsanctions checklists

•Acceptable Use of TechnologiesAgreements(Seethe Acceptable Useof TechnologiesPolicy)

•Home Use Agreement(See the Acceptable Useof TechnologiesPolicy)

•Flowdiagramofhowto reportincidents

E-Safety Policy

V2.0 September 2016

IT Services / Review date01/09/2017 1

Appendices - Guidance documents

TosupportanacademyindetermininghowtoapplytheE-SafetyPolicyandtoadapttotheirownenvironmentaseriesof Guidance documentsare providedfor consideration.

The Guidance documents cover:

•Appendix1–Legalconstraints

•Appendix2- Developing E-Safety, Academy Strategy for use of Technologies, Escalation points and sanctions

•Rulesfor Students

•Wholeschoolplanningandprocedures IncidentsandSanctionsMatrices

•Appendix3- Rolesand responsibilities

•Appendix4 - OasisSafeguardingStatement ofIntent

•Appendix 5 - E-Safety embedded in other Oasis Policies

•Anti-bullyingPolicy Behaviourfor learningPolicy CurriculumPolicy(Primary)

•TeachingandlearningPolicyGuidance(Primary) CurriculumPolicy(Secondary)

• Parental/Carer’sCode ofConductt Policy OffsiteactivitiesandeducationalvisitsPolicy

E-Safety Policy

V2.0 September 2016

IT Services / Review date01/09/2017 1

Appendix1

Legalconstraints- references

Copyright, DesignsandPatentsAct 1988

ThisAct,togetherwithanumberofStatutoryInstrumentsthathaveamendedandextendedit,controlscopyrightlaw.Itmakesitanoffencetocopyall,orasubstantialpart,whichcanbeaquitesmallportion,ofacopyrightwork.Thereare,however,certainlimiteduserpermissions,suchasfairdealing,whichmeansundercertaincircumstancespermissionisnotneededtocopysmallamountsfornon-commercialresearchorprivatestudy.TheActalsoprovidesforMoralRights,wherebyauthorscansueiftheirnameisnotincludedinaworktheywrote,oriftheworkhasbeenamendedinsuchawayastoimpugntheirreputation.Copyrightcoversmaterialsinprintandelectronicform,andincludeswords,images,sound,movingimages,TVbroadcastsandmanyothermedia.

MaliciousCommunications Act 1988

UnderthisActitisanoffencetosendanindecent,offensive,orthreateningletter,electroniccommunicationorother article to another person.Additionally,under the TelecommunicationsAct 1984 it isasimilaroffence to senda telephonemessage, whichisindecent,offensive,or threatening.

Computer Misuse Act1990

ThisActmakes it an offence

•to erase oramenddataor programswithoutauthority;

•to obtainunauthorised accessto acomputer;

•to "eavesdrop"onacomputer;

•to makeunauthorised use ofcomputer timeor facilities;

•maliciouslyto corrupt or erasedata orprograms;

•to denyaccesstoauthorisedusers.

Criminal Justice& PublicOrder Act 1994

Thisdefinesacriminal offence ofintentional harassment,whichcoversallformsofharassment,includingsexual.A person isguilty ofanoffence if, with intent tocausea person harassment, alarmordistress, they:

•use threatening,abusive orinsulting wordsorbehaviour,or disorderlybehaviour;or

•displayanywriting,sign orother visible representation whichisthreatening, abusive or insulting, therebycausingthat or another personharassment,alarm or distress.

Trade Marks Act1994

ThisActprovidesprotectionforRegisteredTradeMarks,whichcanbeanysymbol(wordsorimages)orevenshapesofobjectsthatareassociatedwithaparticularsetofgoodsorservices.AnyonewhousesaRegisteredTradeMarkwithoutpermissioncanexposethemselvestolitigation.ThiscanalsoarisefromtheuseofaMarkthat is confusinglysimilarto anexisting Mark.

DataProtectionAct 1998

OasisTrusthasacomprehensiveData Protection Policy, ofwhich the following statementisthesummary:

Everyonehasrightswithregardtohowtheirpersonalinformationishandled.Duringthecourseofouractivitieswewillcollect,storeandprocesspersonalinformationaboutourstaff,andwerecognisetheneedtotreatitinanappropriate and lawfulmanner.

Thetypesofinformationthatwemayberequiredtohandleincludedetailsofcurrent,pastandprospectiveemployees,suppliers, stakeholdersandothersthat we communicate with. The information, which maybe held onpaperoronacomputerorothermedia,issubjecttocertainlegalsafeguardsspecifiedintheDataProtectionAct1998 (the Act) and other regulations. The Act imposesrestrictions on how we mayusethat information.

Thispolicydoesnotformpartofanyemployee'scontractofemploymentanditmaybeamendedatanytime.Anybreach ofthispolicybyamember of staff will be takenseriouslyand mayresult in disciplinaryaction

OasisCommunityLearningandtheacademiesitmanagesandmaintainsbelievethatprotectingtheprivacyofourstaffandpupilsandregulatingtheirsafetythroughdatamanagement,control,andevaluationisvitaltobothacademyandindividualprogress.Theacademiescollectpersonaldatafrompupils,parents,andstaffandprocessitinordertosupportteachingandlearning,monitorandreportonpupilandteacherprogress,andstrengthen ourpastoral provision.

Wetakeresponsibilityforensuringthatanydatathatwecollectandprocessisusedcorrectlyandonlyasisnecessary,andtheacademywillkeepparentsfullyinformedofthehowdataiscollected,whatiscollected,andhowitisused.Nationalcurriculumresults,attendanceandregistrationrecords,specialeducationalneedsdata,and anyrelevantmedicalinformation are examplesofthetype ofdatathattheacademyneeds. Througheffectivedatamanagementwecanmonitorarangeofacademyprovisionsandevaluatethewellbeingandacademicprogressionof ouracademybodyto ensurethat we are doing allthat we can to support both staff and students.

Human RightsAct 1998

ThisActdoesnotsetouttodealwithanyparticularmischieforaddressspecificallyanydiscretesubjectareawithinthelaw.Itisatypeof"higherlaw",affectingallotherlaws.InthecontextoftheOasisTrust,importanthuman rights to be aware ofinclude:

•the right to a fair trial

•the right to respect forprivateand familylife, homeandcorrespondence

•freedomofthought, conscience and religion

•freedomofexpression

•freedomofassembly

•prohibition of discrimination

•the right to education

Theserightsarenotabsolute.TheOasisTrust,togetherwithallusersofitsITservices,isobligedtorespecttheserightsandfreedoms,balancingthemagainstthoserights,dutiesandobligationswhicharisefromotherrelevantlegislation.

Regulation of InvestigatoryPowersAct2000

TheActstatesthatitisanoffenceforanypersontointentionallyandwithoutlawfulauthorityinterceptanycommunication.Monitoringor keepingarecordofanyformofelectronic(includingtelephone)communicationsispermitted, inorderto:

•Establish the facts;

•Ascertaincompliance with regulatoryorself-regulatorypractices or procedures;

•Demonstrate standards, whichare orought tobe achieved bypersonsusing the system;

•Investigateor detect unauthoriseduseof the communicationssystem;

•Prevent or detect crime orin the interests of nationalsecurity;

•Ensuretheeffectiveoperationof thesystem.

Freedom ofInformationAct2000

TheAct,intendedtoincreaseopennessandtransparency,obligespublicbodies,includingEducationalInstitutions,todiscloseawiderangeofinformation,bothproactivelyandinresponsetorequestsfromthepublic.Thetypesofinformationthatmaybehavetobefoundandreleasedarewide-ranging,forexampleminutesrecorded at aboardmeetingof the institution or documentation relating to important resolutions passed. Retrievalofsucharangeofinformationplacesaconsiderableburdenonaninstitutionsubjecttosuchaninformationrequest.Inadditiontosettinganewstandardofhowsuchbodiesdisseminateinformationrelatingtointernalaffairs,theActsetstimelimitsbywhichtheinformationrequestedmustbemadeavailable,andconfersclearlystatedrightsonthepublic,regardingsuchinformationretrieval.Thereforeallstaffhavearesponsibilitytoknowwhat information theyholdandwhere and howto locateit.

CommunicationsAct 2003

ThisActmakesitillegaltodishonestlyobtainelectroniccommunicationservices,suchase-mailandtheWorldWideWeb.

Criminal JusticeandImmigration Act 2008

ThisActincreasedthepenaltiesforpublishinganobscenearticle.Italsointroducedfinesfordataprotectioncontraventionswhenorganisations'kneworoughttohaveknownthattherewasariskthatthecontraventionwouldoccur,andthatsucha contraventionwouldbeofakindlikelytocausesubstantial distressordamage,butfailed totake reasonable stepsto prevent thecontravention.'

E-Safety Policy

V2.0 September 2016

IT Services / Review date01/09/2017 1

Appendix 2

Developing E-Safety, Academy Strategy for use of Technologies, Escalation points and sanctions

Rulesfor Students

TobeadaptedoradoptedbyanAcademyanddisplayedwhereusersareaccessingonline Oasis system and Microsoft Office 365ortheinternet.

Safety First

Information is power!

•Keep personalinformation, password anddata safe byensuring that it isnot shared withothers.

•OnlyaccessOasis’snetworkusinguser accountandpassword.

•Do not give user nameandpassword to anyoneelse.

•If you think someone has learned your password, informamemberofstaffimmediately.

•Log off after having finishedusing the computer.

•Ifyoufindamachineloggedonunderanotheruser’saccount,informamemberofstaffwhowillensurethat the machineissafelyshutdown.

Respect!

•Showself-respectthroughyouractions.OnlyuseappropriatelanguageandimagesbothwithintheLearning Platformand on the internet.

•Do not postinappropriate personalinformationabout yourlife, experiences or relationships.

•Do not useanyelectronicmediumstobully, harassor stalkpeople.

•Do not visitany websitesthat are degrading,pornographic, racist or thatOasis would deeminappropriate.

•Donotabuseaccessprivilegesbyattemptingtoorenteringotherpeople’sprivatespacesorworkareas.

Protect!

•Ensurethatinformation postedonline will put no-oneat risk, including you.

•Donotpublishfullcontactdetails,ascheduleofactivities,orinappropriatepersonaldetailsinpublicspaces.

•Report anyaggressive orinappropriate behaviour directed atanyone,including you.

•Do not forward, save or print materials (including emails and images) that Oasis would deeminappropriateor that maycause offenceto others.

When mapping out students’ experience for the use of a range of technological tools:
Internet
What aretherestrictions placed oninternetusewithinAcademy?
Are thereindividualloginstoall accessible websitesandsecurity time-outs?
DoestheAcademyuse asafelistof websites,or isaccessfiltered?
Are studentstaught howto criticallyevaluatematerialsaswellaslearninggoodsearchingskills?
Are studentstaughttheimportance of intellectualpropertyregardingmaterialstheyfind on theinternet?
What istheAcademy’s policyon downloadingmaterialsfromthe internet?
Aretheredifferentguidelinesfordifferenttypesofmaterials–forexample,copyright-freematerialstosupportclassroomwork canbedownloaded,but downloading of gamesandmusic is prohibited?
Email
Do studentshaveaccesstoemailinthe Academy?Isthisviagroup orindividualaddresses?
IfstudentsdohaveanindividualemailaddressintheAcademy,whataretherestrictionsonuse?Forexample,canitbeusedforwork-relatedcorrespondenceonlyorforpersonaluse?Isemailusemonitored,and arestudentsaware of this?
Are studentsaware ofthe Academy’spoliciesonemailattachments?
Do studentsknowhowto virus-check attachments,bothincomingandoutgoing?
Are studentsaware oftheseriousnessofbullying byemail?
Isthis incorporatedin theAcademy’santi-bullyingpolicy?
Are allstudentsawarethatthere aresanctionsformisuse ofemail ontheAcademy’snetwork?
Webmail
What istheAcademy’s policyon webmailservices? Aretheyblocked onthe Academy’snetwork?
Do studentsknowhowto usewebmailservicessafelyoutside the Academy, for example bylooking forprivacystatementswhen registeringfor webmailaccounts?
Do studentsknowhowto useinbuiltjunk mailfilterswithinwebmailservices?
Spamandspoofing
Are studentsaware oftheissuessurroundingspamandspoofing?
Are studentstaughtappropriatestrategies for recognisinganddealingwith spam?
Are technologicalsystemsemployedwithinthe Academytohelpminimisespam?
Chat Rooms
Are studentsaware ofthesafety issuesrelatingto usingchatrooms?
Are studentsawarehowto safelynegotiateonline relationships?
Are studentsaware oftheimportance ofkeepingpersonalinformationprivatewhenchatting?
Are studentsaware ofthedangers of arrangingofflinemeetingswithpeopletheyhavemetonline?
IsuseofchatroomspermittedwithintheAcademy? Ifso, isthisforclassroomuseonly?
InstantMessaging
IsaccesstoinstantmessagingservicespermittedwithintheAcademy?Ifnot,aresuchservicesappropriatelyblockedontheAcademy’s network?
Are studentsaware ofthesafety issuesrelatingto instantmessaging?
Dostudentsknowhowtoprotectpersonalinformationwhenregistering for instantmessagingservices,and howto setupclosedgroupsorbuddylists?
Dostudentsknowwheretogethelpandadviceiftheyexperienceproblemssuchasunwantedmessages or bullyingbyinstantmessaging?
Mobilephones andotherportabledevices
Arestudentsawareofthesafetyissuesrelatingtomobilephonesandotherportablecommunicationsdevices,suchaspersonaliPads,TabletPCsandlaptops?Risksincludealwaysbeingaccessible(andhenceexclusionfromotherformsofsocialcontact),inappropriateandunsolicitedcontactbytextmessage,textoveruseandmisuse,andbullying bymobilephone.
Arestudentsawareofthenewformsofserviceandcontentincreasinglyavailableviamobilephones,suchaspictureandvideomessaging,Bluetooth,commercialcontent,andlocation-awareservices,and thesafety issuesrelatingtothese?
Dostudentsknowhowtoprotectthemselvesfrommobilephonetheft?AretheyawareofproceduresforreportingtheIMEI(InternationalMobileEquipmentIdentity)number,hencedisablingthephoneifitislostor stolen?
AremobilephonespermittedwithintheAcademy? IfmobilephonesarepermittedintheAcademy,doesthe Academyprovideguidelines on howand when theycanbe used?
What arethesanctionsformisuse?
If mobilephonesare notpermittedwithintheAcademy, howwill the policybe enforced?
Cameraphones
Are studentsawareof the safety issues relatingto camera phones,forexamplehavingtheirphotographtakenwithouttheirknowledge or permission?
ArecameraphonespermittedwithintheAcademy?IfcameraphonesarepermittedintheAcademy,doesthe Academyprovideguidelines on howand when theymaybeused?
What arethesanctionsformisuse?
If cameraphonesarenotpermittedwithintheAcademy,how will the policybe enforced?
Webcams
ArewebcamsusedwithintheAcademyforcurriculumactivitiessuchasvideoconferencing?Ifso,arestudents aware of theappropriatebehaviourstoadoptwhenusingthem?
ArestudentsawareoftheissuesofusingwebcamsoutsidetheAcademy,suchasinappropriatecontactand Trojanhorseswhichmightactivatea webcamwithouttheirknowledge?

WholeAcademy Planning and Procedures