The latest draft of the Department for Education’s “Keeping Children Safe in Education 2023” has been published. The purpose of the document is to provide statutory guidance for schools and colleges. It will come into force on the 1st September 2023 so we have outlined the major changes and the associated policies that you need to be aware of from a technology perspective.
What are the main differences between 2022 and 2023 from a technology perspective?
The document highlights the importance of all staff having ‘an understanding of the expectations, applicable roles and responsibilities in relation to filtering and monitoring’
The school’s approach to online safety, including appropriate filtering and monitoring on school devices and school networks should be reflected in their Child Protection policy which should also include awareness of the ease of access to mobile phone networks.
Added to the PREVENT section is a link to the filtering and monitoring standards which is outlined here:
Filtering and monitoring standards for schools and colleges
The senior leadership team are responsible for:
- procuring filtering and monitoring systems
- documenting decisions on what is blocked or allowed and why
- reviewing the effectiveness of your provision
- overseeing reports
- understand their role
- are appropriately trained
- follow policies, processes and procedures
- act on reports and concerns
Senior leaders should work closely with governors or proprietors, the designated safeguarding lead (DSL) and IT service providers in all aspects of filtering and monitoring.
Day to day management of filtering and monitoring systems requires the specialist knowledge of both safeguarding and IT staff to be effective. The DSL should work closely together with IT service providers to meet the needs of your setting. You may need to ask filtering or monitoring providers for system specific training and support.
The DSL should take lead responsibility for safeguarding and online safety, which could include overseeing and acting on:
- filtering and monitoring reports
- safeguarding concerns
- checks to filtering and monitoring systems
The IT service provider should have technical responsibility for:
- maintaining filtering and monitoring systems
- providing filtering and monitoring reports
- completing actions following concerns or checks to systems
Cyber security standards for schools and colleges
There is also a reminder of the importance of meeting cyber security standards for schools. Here is an outline of the standards:
- protect all devices on every network with a properly configured boundary or software firewall
- network devices should be known and recorded with their security features enabled, correctly configured and kept up-to-date
- accounts should only have the access they require to perform their role and should be authenticated to access data and services
- you should protect accounts with access to personal or sensitive operational data and functions by multi-factor authentication
- you should use anti-malware software to protect all devices in the network, including cloud-based networks
- an adminstrator should check the security of all applications downloaded onto a network
- all online devices and software must be licensed for use and should be patched with the latest security updates
- you should have at least 3 backup copies of important data, on at least 2 seperate devices, at least 1 must be offsite
- your business continuity and disaster recovery plan should include regularly tested contingency plan in response to a cyber attack
- serious cyber attacks should be reported
- you must conduct a Data Protection Impact Assessment by statute for personal data you hold as required by GDPR
- train all staff with access to school IT networks in the basics of cyber security
What are the key actions that schools need to take?
The key actions are as follows:
- check your filtering and monitoring procedures to ensure it clearly defines who is responsible for the filtering and monitoring
- ensure that it is clearly stated who checks and responds to any attempted breaches of the filtering systems
- document how frequently is this done and how is it recorded
- who decides what is inappropriate and harmful content
- who checks the filtering systems are up to date and monitoring for appropriate words
- check your cyber security policy and controls are robust and appropriate.
All of these actions should be carried out under the guidance of the designated safeguarding lead who will need to work closely with your IT provider.
Do you need any help to ensure that your school or college is Keeping Children Safe in Education?
Why not schedule a 15-minute no-obligation conversation with our team today to see how we can help.
Dara IT Solutions are specialists in Managed IT Support in the Education and Professional Service sectors. We work in partnership with our clients to understand their technology challenges and provide a friendly, stress free proactive support service.