To request a printed copy please click or tap here
GEM Hereford standards - promoting young people’s achievement, and enhancing teaching and learning. The use of online services is embedded throughout the school; therefore, there are a number of controls in place to ensure the safety of students and staff.
The breadth of issues classified within online safety is considerable, but they can be categorised into four areas of risk:
The measures implemented to protect young people and staff revolve around these areas of risk. Our school has created this policy with the aim of ensuring appropriate and safe use of the internet and other digital technology devices by all students and staff.
Legal framework
This policy has due regard to all relevant legislation and guidance including, but not limited to, the following:
This policy operates in conjunction with the following school policies:
Roles and responsibilities
The governing board and board of directors will be responsible for:
The headteacher will be responsible for:
The DSL will be responsible for:
ICT lead and external IT provider (BOSS Hereford) will be responsible for:
All staff members will be responsible for:
Student’s will be responsible for:
Managing online safety
All staff will be aware that technology is a significant component in many safeguarding and wellbeing issues affecting young people, particularly owing to the rise of social media and the increased prevalence of children using the internet.
The DSL has overall responsibility for the school’s approach to online safety, with support from deputies and the headteacher where appropriate, and will ensure that there are strong processes in place to handle any concerns about students’ safety online. The DSL should liaise with the police or children’s social care services for support responding to harmful online sexual behaviour.
The importance of online safety is integrated across all school operations in the following ways:
Handling online safety concerns
Any disclosures made by students to staff members about online abuse, harassment or exploitation, whether they are the victim or disclosing on behalf of another child, will be handled in line with the Child Protection and Safeguarding Policy.
Staff will be aware that harmful online sexual behaviour can progress on a continuum, and appropriate and early intervention can prevent abusive behaviour in the future. Staff will also acknowledge that young people displaying this type of behaviour are often victims of abuse themselves and should be suitably supported.
The victim of online harmful sexual behaviour may ask for no one to be told about the abuse. The DSL will consider whether sharing details of the abuse would put the victim in a more harmful position, or whether it is necessary in order to protect them from further harm. Ultimately the DSL will balance the victim’s wishes against their duty to protect the victim and other young people. The DSL and other appropriate staff members will meet with the victim’s parents to discuss the safeguarding measures that are being put in place to support their child and how the report will progress.
Confidentiality will not be promised, and information may be still shared lawfully, for example, if the DSL decides that there is a legal basis under UK GDPR such as the public task basis whereby it is in the public interest to share the information. If the decision is made to report abuse to children’s social care or the police against the victim’s wishes, this must be handled extremely carefully – the reasons for sharing the information should be explained to the victim and appropriate specialised support should be offered.
Concerns regarding a staff member’s online behaviour are reported to the headteacher, who decides on the best course of action in line with the relevant policies. If the concern is about the headteacher, it is reported to the chair of governors or board of directors.
Concerns regarding a young person’s online behaviour are reported to the DSL, who investigates concerns with relevant staff members, e.g. the headteacher and staff, in accordance with relevant policies depending on their nature, e.g. the Behaviour Policy and Child Protection and Safeguarding Policy.
Where there is a concern that illegal activity has taken place, the headteacher contacts the police.
The school avoids unnecessarily criminalising young people, e.g. calling the police, where criminal behaviour is thought to be inadvertent and as a result of ignorance or normal developmental curiosity, e.g. a student has taken and distributed indecent imagery of themselves. The DSL will decide in which cases this response is appropriate and will manage such cases in line with the Child Protection and Safeguarding Policy.
All online safety incidents and the school’s response are recorded by the DSL.
Cyberbullying
Cyberbullying can include, but is not limited to, the following:
The school will be aware that certain young people can be more at risk of abuse and/or bullying online, such as LGBTQ+ students and young people with SEND.
Cyberbullying against students or staff is not tolerated under any circumstances. Incidents of cyberbullying are dealt with quickly and effectively wherever they occur in line with the Anti-bullying Policy.
Child-on-child sexual abuse and harassment
Students may also use the internet and technology as a vehicle for sexual abuse and harassment. Staff will understand that this abuse can occur both in and outside of school, off and online, and will remain aware that young people are less likely to report concerning online sexual behaviours, particularly if they are using websites that they know adults will consider to be inappropriate for their age.
The following are examples of online harmful sexual behaviour of which staff will be expected to be aware:
All staff will be aware of and promote a zero-tolerance approach to sexually harassing or abusive behaviour, and any attempts to pass such behaviour off as trivial or harmless. Staff will be aware that allowing such behaviour could lead to a school culture that normalises abuse and leads to students becoming less likely to report such conduct.
Staff will be aware that creating, possessing, and distributing indecent imagery of other children, i.e. individuals under the age of 18, is a criminal offence, even where the imagery is created, possessed, and distributed with the permission of the child depicted, or by the child themselves.
The school will be aware that interactions between the victim of online harmful sexual behaviour and the alleged perpetrator(s) are likely to occur over social media following the initial report, as well as interactions with other students taking “sides”, often leading to repeat harassment. The school will respond to these incidents in line with the Child-on-child Abuse Policy and the Social Media Policy.
The school will respond to all concerns regarding online child-on-child sexual abuse and harassment, regardless of whether the incident took place on the school premises or using school-owned equipment. Concerns regarding online child-on-child abuse will be reported to the DSL, who will investigate the matter in line with the Child-on-child Abuse Policy and the Child Protection and Safeguarding Policy.
Grooming and exploitation
Grooming is defined as the situation whereby an adult builds a relationship, trust and emotional connection with a child with the intention of manipulating, exploiting and/or abusing them.
Staff will be aware that grooming often takes place online and that students who are being groomed are commonly unlikely to report this behaviour for many reasons, e.g. the young person may have been manipulated into feeling a strong bond with their groomer and may have feelings of loyalty, admiration, or love, as well as fear, distress and confusion.
Due to the fact students are less likely to report grooming than other online offences, it is particularly important that staff understand the indicators of this type of abuse. The DSL will ensure that online safety training covers online abuse, the importance of looking for signs of grooming, and what the signs of online grooming are, including:
Child sexual exploitation (CSE) and child criminal exploitation (CCE)
Although CSE often involves physical sexual abuse or violence, online elements may be prevalent, e.g. sexual coercion and encouraging children to behave in sexually inappropriate ways through the internet. In some cases, a student may be groomed online to become involved in a wider network of exploitation, e.g. the production of child pornography or forced child prostitution and sexual trafficking.
CCE is a form of exploitation in which children are forced or manipulated into committing crimes for the benefit of their abuser, e.g. drug transporting, shoplifting and serious violence. While these crimes often take place in person, it is increasingly common for children to be groomed and manipulated into participating through the internet.
Where staff have any concerns about students with relation to CSE or CCE, they will bring these concerns to the DSL without delay, who will manage the situation in line with the Child Protection and Safeguarding Policy.
Radicalisation
Radicalisation is the process by which a person comes to support terrorism and extremist ideologies associated with terrorist groups. This process can occur through direct recruitment, e.g. individuals in extremist groups identifying, targeting and contacting young people with the intention of involving them in terrorist activity, or by exposure to violent ideological propaganda. Children who are targets for radicalisation are likely to be groomed by extremists online to the extent that they believe the extremist has their best interests at heart, making them more likely to adopt the same radical ideology.
Staff members will be aware of the factors which can place certain students at increased vulnerability to radicalisation, as outlined in the Prevent Duty Policy. Staff will be expected to exercise vigilance towards any students displaying indicators that they have been, or are being, radicalised.
Where staff have a concern about a student relating to radicalisation, they will report this to the DSL without delay, who will handle the situation in line with the Prevent Duty Policy.
Mental health
Staff will be aware that online activity both in and outside of school can have a substantial impact on a student’s mental state, both positively and negatively. The DSL will ensure that training is available to help ensure that staff members understand popular social media sites and terminology, the ways in which social media and the internet in general can impact mental health, and the indicators that a student is suffering from challenges in their mental health. Concerns about the mental health of a student will be dealt with in line with the Social, Emotional and Mental Health (SEMH) Policy.
Online hoaxes and harmful online challenges
For the purposes of this policy, an “online hoax” is defined as a deliberate lie designed to seem truthful, normally one that is intended to scaremonger or to distress individuals who come across it, spread on online social media platforms.
For the purposes of this policy, “harmful online challenges” refers to challenges that are targeted at young people and generally involve users recording themselves participating in an online challenge, distributing the video through social media channels and daring others to do the same. Although many online challenges are harmless, an online challenge becomes harmful when it could potentially put the participant at risk of harm, either directly as a result of partaking in the challenge itself or indirectly as a result of the distribution of the video online – the latter will usually depend on the age of the young person and the way in which they are depicted in the video.
Where staff suspect there may be a harmful online challenge or online hoax circulating amongst young people in the school, they will report this to the DSL immediately.
The DSL will conduct a case-by-case assessment for any harmful online content brought to their attention, establishing the scale and nature of the possible risk to young people, and whether the risk is one that is localised to the school or the local area, or whether it extends more widely across the country. Where the harmful content is prevalent mainly in the local area, the DSL will consult with the LA about whether quick local action can prevent the hoax or challenge from spreading more widely.
Prior to deciding how to respond to a harmful online challenge or hoax, the DSL and the headteacher will decide whether each proposed response is:
Where the DSL's assessment finds an online challenge to be putting students at risk of harm, they will ensure that the challenge is directly addressed to the relevant young people, e.g. those within a particular age range that is directly affected or individual students at risk where appropriate.
The DSL and headteacher will only implement a school-wide approach to highlighting potential harms of a hoax or challenge when the risk of needlessly increasing a young persons exposure to the risk is considered and mitigated as far as possible.
Cyber-crime
Cyber-crime is criminal activity committed using computers and/or the internet. There are two key categories of cyber-crime:
The school will factor into its approach to online safety the risk that students with a particular affinity or skill in technology may become involved, whether deliberately or inadvertently, in cyber-crime. Where there are any concerns about a young person’s use of technology and their intentions with regard to using their skill and affinity towards it, the DSL will consider a referral to the Cyber Choices programme, which aims to intervene where children are at risk of committing cyber-crime and divert them to a more positive use of their skills and interests.
The DSL and headteacher will ensure that young people are taught, throughout the curriculum, how to use technology safely, responsibly and lawfully.
Online safety training for staff
The DSL will ensure that all safeguarding training given to staff includes elements of online safety, including how the internet can facilitate abuse and exploitation, and understanding the expectations, roles and responsibilities relating to filtering and monitoring systems. All staff will be made aware that students are at risk of abuse, by their peers and by adults, online as well as in person, and that, often, abuse will take place concurrently via online channels and in daily life.
Online safety and the curriculum
Online safety is embedded throughout the curriculum; however, it is particularly addressed in the following subjects:
Online safety teaching is always appropriate to students ages and developmental stages.
Young people are taught the underpinning knowledge and behaviours that can help them to navigate the online world safely and confidently regardless of the device, platform or app they are using. The underpinning knowledge and behaviours students learn through the curriculum include the following:
The online risks students may face online are always considered when developing the curriculum.
The DSL will be involved with the development of the school’s online safety curriculum. Students will be consulted on the online safety curriculum, where appropriate, due to their unique knowledge of the kinds of websites they and their peers frequent and the kinds of behaviours in which they engage online.
Relevant members of staff, e.g. the SENCO and designated teacher for LAC, will work together to ensure the curriculum is tailored so that students who may be more vulnerable to online harms, e.g. students with SEND and LAC, receive the information and support they need.
The school will also endeavour to take a more personalised or contextualised approach to teaching about online safety for more susceptible children, and in response to instances of harmful online behaviour from students.
Class teachers will review external resources prior to using them for the online safety curriculum, to ensure they are appropriate for the cohort of students.
External visitors may be invited into school to help with the delivery of certain aspects of the online safety curriculum. The headteacher and DSL will decide when it is appropriate to invite external groups into school and ensure the visitors selected are appropriate.
Before conducting a lesson or activity on online safety, the class teacher and DSL will consider the topic that is being covered and the potential that students in the class have suffered or may be suffering from online abuse or harm in this way. The DSL will advise the staff member on how to best support any student who may be especially impacted by a lesson or activity. Lessons and activities will be planned carefully so they do not draw attention to a student who is being or has been abused or harmed online, to avoid publicising the abuse.
During an online safety lesson or activity, the class teacher will ensure a safe environment is maintained in which students feel comfortable to say what they feel and ask questions, and are not worried about getting into trouble or being judged.
If a staff member is concerned about anything students raise during online safety lessons and activities, they will make a report in line with the Child Protection and Safeguarding Policy.
If a student makes a disclosure to a member of staff regarding online abuse following a lesson or activity, the staff member will follow the reporting procedure outlined in the Child Protection and Safeguarding Policy.
Use of technology in the classroom
A wide range of technology will be used during lessons, including the following:
Prior to using any websites, tools, apps or other online platforms in the classroom, or recommending that students use these platforms at home, the class teacher will review and evaluate the resource. Class teachers will ensure that any internet-derived materials are used in line with copyright law.
Students will be supervised when using online materials during lesson time – this supervision is suitable to their age and ability.
Use of smart technology
While the school recognises that the use of smart technology can have educational benefits, there are also a variety of associated risks which the school will ensure it manages.
Students will be educated on the acceptable and appropriate use of personal devices and will use technology in line with the school’s Technology Acceptable Use Agreement for Students.
Staff will use all smart technology and personal technology in line with the school’s Staff ICT and Electronic Devices Policy.
The school recognises that students’ unlimited and unrestricted access to the internet via mobile phone networks means that some students may use the internet in a way which breaches the school’s acceptable use of ICT agreement for students.
Inappropriate use of smart technology may include:
Students will not be permitted to use smart devices or any other personal technology whilst in the classroom.
Where it is deemed necessary, the school will ban pupil’s use of personal technology whilst on school site.
Where there is a significant problem with the misuse of smart technology among students, the school will discipline those involved in line with the school’s Behaviour Policy.
The school will hold assemblies, where appropriate, which address any specific concerns related to the misuse of smart technology and outline the importance of using smart technology in an appropriate manner.
The school will seek to ensure that it is kept up to date with the latest devices, platforms, apps, trends and related threats.
The school will consider the 4Cs (content, contact, conduct and commerce) when educating students about the risks involved with the inappropriate use of smart technology and enforcing the appropriate disciplinary measures.
Educating parents
The school will work in partnership with parents to ensure students stay safe online at school and at home. Parents will be provided with information about the school’s approach to online safety and their role in protecting their children. Parents will be sent a copy of the Acceptable Use Agreement at the beginning of each academic year and are encouraged to go through this with their child to ensure their child understands the document and the implications of not following it.
Parents will be made aware of the various ways in which their children may be at risk online, including, but not limited to:
Parents will be informed of the ways in which they can prevent their child from accessing harmful content at home, e.g. by implementing parental controls to block age-inappropriate content.
Internet access
Students, staff and other members of the school community will only be granted access to the school’s internet network once they have read and signed the Acceptable Use Agreement. A record will be kept of users who have been granted internet access in the school office.
All members of the school community will be encouraged to use the school’s internet network, instead of 3G, 4G and 5G networks, as the network has appropriate filtering and monitoring to ensure individuals are using the internet appropriately.
Filtering and monitoring online activity
The governing bord and board of directors will ensure the school’s ICT network has appropriate filters and monitoring systems in place and that it is meeting the DfE’s ‘Filtering and monitoring standards for schools and colleges’. The governing board will ensure ‘over blocking’ does not lead to unreasonable restrictions as to what students can be taught with regards to online teaching and safeguarding.
The DSL will ensure that specific roles and responsibilities are identified and assigned to manage filtering and monitoring systems and to ensure they meet the school’s safeguarding needs.
The headteacher and ICT provider will undertake a risk assessment to determine what filtering and monitoring systems are required. The filtering and monitoring systems the school implements will be appropriate to students’ ages, the number of students using the network, how often students access the network, and the proportionality of costs compared to the risks. The ICT provider will undertake checks on the filtering and monitoring systems to ensure they are effective and appropriate.
Requests regarding making changes to the filtering system will be directed to the headteacher. Prior to making any changes to the filtering system, the ICT provider and the DSL will conduct a risk assessment. Any changes made to the system will be recorded by ICT provider. Reports of inappropriate websites or materials will be made to an ICT technician immediately, who will investigate the matter and makes any necessary changes.
Deliberate breaches of the filtering system will be reported to the DSL and ICT provider, who will escalate the matter appropriately. If a pupil has deliberately breached the filtering system, they will be disciplined in line with the Behaviour Policy. If a member of staff has deliberately breached the filtering system, they will be disciplined in line with the Disciplinary Policy and Procedure.
If material that is believed to be illegal is accessed, inadvertently or deliberately, this material will be reported to the appropriate agency immediately, e.g. the Internet Watch Foundation (IWF), CEOP and/or the police.
The school’s network and school-owned devices will be appropriately monitored. All users of the network and school-owned devices will be informed about how and why they are monitored. Concerns identified through monitoring will be reported to the DSL who will manage the situation in line with the Child Protection and Safeguarding Policy.
Network security
Technical security features, such as anti-virus software, will be kept up-to-date and managed by ICT provider. Firewalls will be switched on at all times. ICT provider will review the firewalls on a weekly basis to ensure they are running correctly, and to carry out any required updates. This is part of the providers contract with GEM Hereford.
Staff and students will be advised not to download unapproved software or open unfamiliar email attachments, and will be expected to report all malware and virus attacks to ICT provider.
All members of staff will have their own unique usernames and private passwords to access the school’s systems. Students will be provided with their own unique username and private passwords. Staff members and students will be responsible for keeping their passwords private. Passwords will have a minimum and maximum length and require a mixture of letters, numbers and symbols to ensure they are as secure as possible.
Users will inform ICT provider if they forget their login details, who will arrange for the user to access the systems under different login details. Users will not be permitted to share their login details with others and will not be allowed to log in as another user at any time. If a user is found to be sharing their login details or otherwise mistreating the password system, the headteacher will be informed and will decide the necessary action to take.
Users will be required to lock access to devices and systems when they are not in use.
Emails
Access to and the use of emails will be managed in line with the Data Protection Policy, Acceptable Use Agreement, and the Pupil Confidentiality Policy and Staff and Volunteer Confidentiality Policy.
Staff and students will be given approved school email accounts and will only be able to use these accounts at school and when doing school-related work outside of school hours. Prior to being authorised to use the email system, staff and students must agree to and sign the Acceptable Use Agreement. Personal email accounts will not be permitted to be used on the school site. Any email that contains sensitive or personal information will only be sent using secure and encrypted email.
Staff members and students will be required to block spam and junk mail, and report the matter to ICT provider. The school’s monitoring system can detect inappropriate links, malware and profanity within emails – staff and students will be made aware of this. Chain letters, spam and all other emails from unknown sources will be deleted without being opened.
Students will be given information on the following:
Any cyber-attacks initiated through emails will be managed in line with the Cyber Response and Recovery Plan.
Generative artificial intelligence (AI)
The school will take steps to prepare students for changing and emerging technologies, e.g. generative AI and how to use them safely and appropriately with consideration given to students’ age.
The school will ensure its IT system includes appropriate filtering and monitoring systems to limit pupil's ability to access or create harmful or inappropriate content through generative AI.
The school will ensure that students are not accessing or creating harmful or inappropriate content, including through generative AI.
The school will take steps to ensure that personal and sensitive data is not entered into generative AI tools and that it is not identifiable.
The school will make use of any guidance and support that enables it to have a safe, secure and reliable foundation in place before using more powerful technology such as generative AI.
Social networking
The use of social media by staff and students will be managed in line with the school’s Social Media Policy.
The school website
The headteacher will be responsible for the overall content of the school website – they will ensure the content is appropriate, accurate, up-to-date and meets government requirements.
The website will be managed in line with the School Website Policy.
Use of devices
Staff members and students will be issued with school-owned devices to assist with their work, where necessary. Requirements around the use of school-owned devices can be found in the school’s Device User Agreement.
Remote learning
All remote learning will be delivered in line with the school’s Remote Education Policy. This policy specifically sets out how online safety will be considered when delivering remote education.
Monitoring and review
The effectiveness of this policy will be monitored continually by the headteacher and the governing board and the board of directors of GEM Hereford. Any necessary amendments will be made immediately.
The next scheduled review date for this policy is stated on the version control rubric found of the front cover of this policy.
The school will establish a monitoring system that is backed up by performance measures and this will be reviewed following an incident.