- To ensure there is a clear and consistent approach responding to incidents;
- To ensure that every person responsible for the children is fully aware of his/her responsibilities;
- To set boundaries of use (goalposts) of any school owned IT equipment, or personal IT equipment used in the school, and set the boundaries of services such as social networking (e.g. blogging, Twitter), email use, internet use etc.
In its most basic form your e-safety policy is a safeguarding document to mitigate risk to the student, the staff and to the school; in this context, the e-safety policy is a document that sets out:
- Use of technology
- The boundaries of appropriate and inappropriate use of technology
- Responsibilities and reporting mechanisms
- Education and training
Much like health and safety, e-safety is the responsibility of everyone. I visit lots of schools where e-safety is still seen as an ICT issue rather than a safeguarding issue. The ultimate responsibility for e-safety is the Headteacher and governing body, and whilst tasks (i.e. the day to day duties) may be delegated, the overall responsibility cannot.
So who should write your policy? In reality, it doesn’t really matter who writes it. In fact, nobody should ever need to write a policy from a blank piece of paper, as there are plenty of good templates available that can then be tailored to your exact requirements. What is important is who is involved, and who ratifies it.
The policy needs to be read and understood by everyone. That includes all staff (including support), volunteers, parents and of course the students (although students will invariably read a cut-down version, the Acceptable Use Policy (AUP)). Therefore it is important that there is a shared responsibility across the school and that there is opportunity for input by everybody, including students and their parents.
Ofsted – Inspection Framework
In September 2012, Ofsted significantly changed the way in which e-safety is inspected in schools; prior to this an inspector would commonly ask if a school had an AUP and there would be a tick in the box. The new inspection framework is very different, it has gone from a single question to a 24 page document, although to be fair much of that document is guidance and principles.
In the context of an e-safety policy, Ofsted states:
“Rigorous e-safety policies and procedures are in place, written in plain English, contributed to by the whole school, updated regularly and ratified by governors. The e-safety policy should be integrated with other relevant policies such as behaviour, safeguarding and anti-bullying.”
To guide you, here is a small list of tips and principles:
- Clear, concise, plain English – there should be no room for error or misunderstanding. Your e-safety policy is a safeguarding policy, not technical IT policy. There is no need for a 3-page introduction explaining why IT is important across the curriculum. Your policy will be read by a wide audience; you should not need an English doctorate to read it.
- How many policies? – an Internet policy, acceptable use policy, social media policy, iPad policy, blogging policy etc. Is there really a need for all these policies? Despite the work to develop and review all of these, you run the risk of missing something, creating confusion, or even worse, contradictory statements. Your e-safety policy includes (or should include) all of the above.
- Device agnostic – where possible keep technology out of it. Only mention specific devices if you really need to. You’ve got iPads in your school; that’s okay, the e-safety risks and issues are no different to PCs and laptops, so why specifically mention iPads or have a different iPad policy?
- Boundaries of use – your e-safety policy must set all the boundaries for both school-owned IT equipment used on or off site, and personally owned IT equipment used on school premises (school premises can also mean on school trips etc).
- Acceptable use policies – include staff and student AUP’s inside your e-safety policy; student AUP’s should be age-appropriate.
- Governance – who writes the policy, who needs to be involved, who endorses, when is it written?
- Technology – although device agnostic, your policy should have statements of use, for example “Email should only be used for professional communication, personal email addresses should never be used”.
Things to include – a small list of important bits of the e-Safety Policy that should be included, but are regularly missed:
Risk assessment template – any introduction of any new technology (whether device or service) should be risk assessed against the foreseeability of any risk.
Flowcharts – what to do in a given incident. How to report an incident – whether you need to make an internal report or external report. Make clear under what circumstances you need to make a report, who to (by name if internal, agency if external) and include details of how (i.e. contact details, web address).
Training – who (as in staff, governing body, parents, key stage etc.) has been trained, when, what did it include, when is the next update planned?
I have created a model policy for you to refer to, or to tailor to your own school requirements, along with guidance and advice. The model policy can be downloaded here.
Image Credit: FutUndBeidl
Are these tips of use to you and your colleagues? How have you handled e-safety policies in the past? Let us know in the comments.