Pinhoe C of E Primary School
E Safety Policy
2017/2018
Scope of thePolicy
This policy applies to all members of the schoolcommunity (including staff, pupils, volunteers, parents, carers, visitors and community users) who have access to and are users of the schoolICT systems, both in and out of the establishment.
The Education and Inspections Act 2006 empowers Headteachers, to such extent as isreasonable,to regulate the behaviour of pupils when they are off the schoolsite andempowersmembers of staff to impose disciplinary penalties for inappropriate behaviour. This is pertinent to incidentsofcyber-bullying, or other e-safety incidents covered by this policy, which may take place outside of schoolbut are linked to membership of the establishment.
The school will deal with such incidents according to this policy, thebehavior policy and the agreed anti-bullying policy. Parents will be kept fully informed of any incidents of inappropriate e-safety behavior at all times.
Roles andResponsibilities
The following section outlines the e-safety roles and responsibilities of individuals and groups within the school.
Governors:
The school governors are responsible for the approval of the E-Safety Policy and for reviewing theeffectivenessof the policy. The governors will review the effectiveness of the policy, by receiving regularinformationabout e-safety incidents and monitoring reports. A member of the Governing Body has taken on theroleof E-Safety Governor. The role of the E-Safety Governorwillinclude:
•regular meetings with the E-Safety Coordinator
•regular monitoring of e-safety incidentlogs
•reporting to relevant Governors meetings
Headteacher and SeniorLeaders:
•The Headteacherhas a duty of care for ensuring the safety (including e-safety)ofmembers of the school community, though the day to day responsibility for e-safety willbedelegated to the E-Safety Co-ordinator.
•The Headteacher and (at least) another member of the Senior Leadership Team should be aware of the procedures to be followed in the event ofaserious e-safety allegation being made against a member of staff.(See flow chart ondealingwith e-safety incidents included in the later section: Responding to incidents of misuse (page 11.)
•The Headteacher / Senior Leaders are responsible for ensuring that theE-SafetyCoordinator, and other relevant staff, receive suitable training to enable them to carry out their e-safety roles and to train other colleagues, as relevant.
•The Senior Leadership Team will receive regular monitoringreportsfrom the E-Safety Coordinator.
E Safety Coordinator:
•Leads the e-safetycommittee
•Takes day to day responsibility for e-safety issues and has a leading role in establishingandreviewing the school e-safety policies anddocuments.
•Ensures that all staff are aware of the procedures that need to be followed in the event of ane-safety incident takingplace.
•Provides training and advice forstaff.
•Liaises with the Local Authority.
•Liaises with school technicalstaff.
•Receives reports of e-safety incidents and creates a log of incidents to inform futuree-safetydevelopments.
•Meets regularly with the E-SafetyGovernorto discuss current issues and review incidentlogsand filtering.
•Attends relevant meetings.
•Reports regularly to Senior Leadership Team.
Network Manager / Technicalstaff:
The Network Manager and other technical staff are responsible for ensuring:
•That the school’stechnical infrastructure is secure and is not open to misuseormalicious attack.
•That the schoolmeets required e-safety technical requirements and anyLocalAuthorityE-Safety Policy.
•That staff may only access the networks and devices through a properly enforcedpasswordprotection policy.
•That they keep up to date with e-safety technical information in order to effectively carry out theire-safety role and to inform and update others asrelevant.
•That the use of the network, internet, remote access, iPads and emailisregularly monitored in order that any misuse or attempted misuse can be reported totheHeadteacher or E-Safety Coordinator for investigation.
Child Protection/Safeguarding Designated Person
This member of staff should be trained in e-safety issues and be aware of the potential for serious child protection /safeguardingissues to arisefrom:
•sharing of personaldata
•access to illegal / inappropriatematerials
•inappropriate on-line contact with adults /strangers
•potential or actual incidents ofgrooming
•cyber-bullying
Teaching and SupportStaff
Teaching and Support Staff are responsible for ensuringthat:
•They have an up to date awareness of e-safety matters and of the current schoole-safety policy andpractices.
•They have read, understood and signed the Staff Acceptable Use Policy(SAUP).
•They report any suspected misuse or problem to the Headteacher or E-Safety Coordinatorfor investigation.
•All digital communications with pupils, parents and carers should be onaprofessional level and only carried out using official schoolsystems.
•E-safety issues are embedded in all aspects of the curriculum and otheractivities
•Pupils understand and follow the e-safety and acceptable usepolicies.
•Pupils have a good understanding of research skills and the need to avoid plagiarismanduphold copyrightregulations.
•They monitor the use of digital technologies, mobile devices, cameras etc in lessons andotherschool activities (where allowed) and implement current policies with regard to thesedevices.
•In lessons where internet use is pre-planned, pupils should be guided to sites checkedassuitable for their use and that processes are in place for dealing with any unsuitable material thatisfound in internetsearches.
Pupils:
•Are responsible for using the schooldigital technology systems inaccordancewith the Pupil Acceptable UsePolicy (PAUP).
•Have a good understanding of research skills and the need to avoid plagiarism and upholdcopyrightregulations.
•Need to understand the importance of reporting cyberbullying, abuse, misuse or access to inappropriatematerialsand know how to doso.
•Understand that the use of personal mobile devices is prohibited.
•Should understand the importance of adopting good e-safety practice when usingdigitaltechnologies out of school and realise that the school’se-safety policy coverstheiractions out of school, if related to their membership of theschool.
Parents andCarers
Parents and Carers play a crucial role in ensuring that their children understand the need to use the internet andmobile devices in an appropriate way. The school will take every opportunity to helpparentsunderstand these issues through parents’ evenings, newsletters, the website and informationaboutnational/local e-safety campaigns/literature. Parents and carers will be encouraged to support the schoolin promoting good e-safety practice and to follow guidelines on the appropriate useof:
•digital and video images taken at schoolevents
•access to parents’ sections of the website and on-line pupilrecords (e.g. Tapestry)
PolicyStatements
Education – Pupils
Whilst regulation and technical solutions are very important, their use must be balanced by educating pupilsto take a responsible approach. The education of pupils in e-safety is therefore anessentialpart of the school’s e-safety provision. Children and young people need the help and support of the schooltorecognise and avoid e-safety risks and build theirresilience.
E-safety should be a focus in all areas of the curriculum and staff should reinforce e-safetymessagesthrough following the Pinhoe School Curriculum which has an e-safety strand. The e-safety curriculum should be broad, relevant and provide progression,withopportunities for creative activities and will be provided in the following ways:
•A planned e-safety curriculum should be provided as part of Computing / PHSE /otherlessons and should be regularlyrevisited.
•Key e-safety messages should be reinforced as part of a planned programme ofassembliesand other pastoralactivities.
•Pupils should be taught in all lessons to be critically aware of the materialsand content they access on-line and be guided to validate the accuracy ofinformation.
•Pupils shouldbetaughttoacknowledgethesourceofinformationusedandtorespectcopyrightwhenusingmaterialaccessedontheinternet.
•Pupils should be helped to understand the need for the pupil AcceptableUsePolicy and encouraged to adopt safe and responsible use both within and outsideschool.
•Staff should act as good role models in their use of digital technologies, the internet andmobiledevices.
•In lessonswhereinternetuseispre-planned,itisbestpracticethatpupilsshouldbeguidedtositescheckedassuitablefortheiruseandthatprocessesareinplacefordealingwithanyunsuitable material that is found in internetsearches.
•Wherepupilsareallowedtofreelysearchtheinternet,staffshouldbevigilantinmonitoringthe content of the websites the young peoplevisit.
•Itisacceptedthatfromtimetotime,forgoodeducationalreasons,studentsmayneedtoresearchtopics(e.g,racism,drugs)thatwouldnormallyresultininternetsearchesbeingblocked.Insuchasituation,staffcanrequestthatthetechnicalstaff(orotherrelevantdesignatedperson)cantemporarilyremovethosesitesfromthefilteredlistfortheperiodofstudy.Anyrequesttodoso,shouldbeauditable,withclearreasonsfortheneed. Staff can also chose to bypass the proxy server if they have been provided with a username and password for SWGfL filtering. They should be aware that this username is tracked and any inappropriate use will be traced back to the relevant username.
Education – Parents andCarers
Many parents and carers have only a limited understanding of e-safety risks and issues, yet they playanessential role in the education of their children and in the monitoring and regulation of the children’son-linebehaviours. Parents may underestimate how often children and young people come across potentiallyharmfuland inappropriate material on the internet and may be unsure about how torespond. The school will therefore seek to provide information and awareness to parents and carers through:
- Letters, newsletters and the school web site.
- Parents/ Carers Annual E Safety briefings.
- High profile events / campaigns e.g. Safer InternetDay.
- Reference to the relevant web sites and publications.
Education & Training – Staff /Volunteers
It is essential that all staff receive e-safety training and understand their responsibilities, as outlined in thispolicy.Training will be offered as follows:
•A planned programme of formal e-safety training will be made available to staff. This willberegularly updated and reinforced.
•All new staff should receive e-safety training as part of their induction programme,ensuringthat they fully understand the school e-safety policy and Acceptable UseAgreements.
•The E-Safety Coordinator will receive regular updatesthroughattendance at external training events (eg from SWGfL / LA / other relevant organisations) andbyreviewing guidance documents released by relevant organisations.
•This E-Safety policy and its updates will be presented to and discussed by staff in staff meetings.
•The E-Safety Coordinator will provide advice and training to individuals as required.
Training – Governors
Governors should take part in e-safety trainingwithparticularimportance for those who are members of any group involved in technology, e-safety, health and safety and child protection. This may be offered in a number ofways:
•Attendance at training provided by the Local Authority, National Governors Association orotherrelevant organisations (eg SWGfL).
•Participation in school training / information sessions for staff or parents (this mayincludeattendance at assemblies and/or lessons).
Technical – Infrastructure / equipment, filtering andmonitoring
The school uses a managed ICT service provided by TME. It is the responsibilityofthe managed service to ensure that the following e-safety measures are in place:
•There will be regular reviews and audits of the safety and security of schooltechnicalsystems.
•Servers, wireless systems and cabling must be securely located and physicalaccessrestricted.
•All users will have clearly defined access rights to school technical systemsanddevices.
•All users will be provided with a username and (staff) secure password byTME who will keep an up to date record of users and their usernames. Usersareresponsible for the security of their username and password and will be required tochangetheir password every year.
•The administrator passwords for the school ICT system, used bytheNetwork Manager, must also be available to the Headteacheror other nominated leader and kept in a secure place.
•Internet access is filtered for all users. Illegal content (child sexual abuse images) is filteredbythe broadband or filtering provider by actively employing the Internet Watch Foundation CAIClist.Content lists are regularly updated and internet use is logged and regularly monitored.
•School technical staff regularly monitor and record the activity of users on theschooltechnical systems and users are made aware of this in the Acceptable Use Agreement.
•Appropriate security measures are in place to protecttheservers, firewalls, routers, wireless systems, work stations, mobile devices etc from accidentalormalicious attempts which might threaten the security of the school systems and data.
•The school infrastructure and individual workstations are protected by up todatevirussoftware.
•Specific passwords will be provided for the provision of temporary access of “guests”(egtrainee teachers, supply teachers, visitors) onto the schoolsystems.
•The network is set up in such a way as to prohibit staff fromdownloadingexecutable files and installing programmes on schooldevices.
Use of digital and videoimages
The development of digital imaging technologies has created significant benefits to learning, allowing staffandpupils instant use of images that they have recorded themselves or downloaded from theinternet.However, staff, parents and carers need to be aware of the risks associated withpublishingdigital images on the internet. Such images may provide avenues for cyberbullying to take place. Digitalimagesmay remain available on the internet forever and may cause harm or embarrassment to individuals in theshortor longer term. It is common for employers to carry out internet searches for information about potentialandexisting employees. The school will inform and educate users about these risks and will implement policiestoreduce the likelihood of the potential for harm:
•When using digital images, staff should inform and educate pupils about therisksassociated with the taking, use, sharing, publication and distribution of images. Inparticularthey should recognise the risks attached to publishing their own images on the internet.
•In accordance with guidance from the Information Commissioner’s Office, parents and carersarewelcome to take videos and digital images of their children at school events (not trips) for their ownpersonaluse (as such use in not covered by the Data Protection Act). To respect everyone’s privacy and, in some cases, protection, theseimagesshould not be published or made publicly available on social networking sites as inevitably other children may feature in the photograph/videos. Should the image/video taken simply feature the child of the parent or carer, the use of the image should be left to his or her discretion. However, the school strongly advises that parents and carers refrain from adding such pictures/videos to social networking sites as the child’s school uniform is likely to give away unnecessary personal information and not all parents/carers are confident in managing their security settings.
•Staff and volunteers are allowed to take digital / video images to support educational aims,butmust follow school policies concerning the sharing, distribution and publication of thoseimages.Those images should only be taken on school equipment; the personal equipment of staffshouldnot be used for suchpurposes.
•Care should be taken when taking digital / video images thatpupils areappropriatelydressed and are not participating in activities that might bring the individuals or the schoolintodisrepute.
•Pupils must not take, use, share, publish or distribute images of others withouttheirpermission
•Photographs published on the website, or elsewhere that include pupils, will beselectedcarefully and will comply with good practice guidance on the use of suchimages.
•Pupils’ full names will not be used anywhere on a website or blog, particularlyinassociation withphotographs. Where names are used, only first names will be allowed.
•Written permission from parents/carers will be obtained before photographs of pupilsare published on the school website (part of the AUP signed by parents/ carers each year).
DataProtection
Personal data will be recorded, processed, transferred and made available according to the Data ProtectionAct1998 which states that personal data mustbe:
•Fairly and lawfullyprocessed.
•Processed for limitedpurposes.
•Adequate, relevant and notexcessive.
•Accurate.
•Kept no longer than is necessary.
•Processed in accordance with the data subject’srights.
•Secure.
•Only transferred to others with adequateprotection.
The school must ensurethat:
- It will hold the minimum personal data necessary to enable it to perform its function anditwill not hold it for longer than necessary for the purposes it was collectedfor.
- Every effort will be made to ensure that data held is accurate, up to date andthatinaccuracies are corrected without unnecessarydelay.
- All personal data will be fairly obtained in accordance with the “Privacy Notice” andlawfullyprocessed in accordance with the “Conditions for Processing.
- It has a Data Protection Policy.
It is registered as a Data Controller for the purposes of the Data Protection Act(DPA)
- Risk assessments are carried out.
- It has clear and understood arrangements for the security, storage and transfer of personaldata.
- There are clear and understood routines for the deletion and disposal ofdata.
- There are clear Data Protection clauses in all contracts where personal data may be passed tothirdparties
Staff must ensure that they:
•At all times take care to ensure the safe keeping of personal data, minimising the risk ofitsloss ormisuse.
•Use personal data only on secure password protected computers and otherdevices,ensuring that they are properly “logged-off” at the end of any session in which theyareusing personaldata.
•Transfer data using encryption and secure password protecteddevices.
When personal data is stored on any portable computer system, memory stick or any other removablemedia:
•The device must be password protected (many memory sticks / cards and other mobiledevicescannot be passwordprotected)
•The device must offer approved virus and malware checkingsoftware
•The data must be securely deleted from the device once ithasbeen transferred or its use iscomplete.
Use of Mobile Devices/Communication Technologies
The school has two sets of iPads for use by staff and pupils. Pupils are to be supervised at all times when using these devices and internet is filtered. With regard to personal mobile devices, please see the table below:
Staff otheradults / Students /PupilsCommunicationTechnologies / Allowed / Allowed at certaintimes / Not allowed / Notallowed / Allowed / Allowed at certaintimes / Allowed with staffpermission / Notallowed
Mobile phones may be brought toschool / x / x
Use of mobile phones inlessons / x / x
Use of mobile phones in socialtime / x / x
Taking photos on mobile phones /cameras / x / x
Use of other personal mobile devices eg tablets, / x / x
Use of personal email addresses in school, or onschoolnetwork / x / x
Use of school email for personalemails / x / x
Use of messagingapps / x / x
Use of socialmedia / x / x
Use ofblogs / x / x
When using communication technologies, the school considers the following as goodpractice: