If the organisation is already Cyber Aware and Cyber Resilient these measures should already be in place, however, the KCSIE document has added additional responsibility for this to the Governing Body and the DSL (Designated Safeguarding Lead).
The DfE has published Meeting digital and technology standards in schools and colleges as part of guiding schools to improve their network and systems to be more cyber resilient, but also as a method to improve online safeguarding of children; it is a cyber security standards recommendation for schools and colleges. This is published to support the increase in online use for teaching and learning and school management systems. The UK Safer Internet Centre provides A Guide for education settings and filtering providers.
Monitoring and Filtering
The document strongly advises the use of monitoring and filtering as a way to keep children safe.Filtering - will block access to harmful sites and content.
Monitoring - will identify when a user accesses or searches for certain types of harmful content on the organisation's devices. Someone is then alerted to any concerning content, depending on the criteria set, which can then be actioned. The monitoring would not stop someone accessing the content, but it could then be added to the filter-block list.
No monitoring and filtering system is 100% effective, so it should be constantly checked and updated.
SWGFL have produced a short video about what the DfE changes are:
The update to the KCSIE document says:
All Staff should:
- Understand the expectations, applicable roles and responsibilities in relation to monitoring and filtering as part of their training.
- Know who to report safeguarding and technical concerns to.
SLT should:
- Understand the online safety provisions in place.
- Know how to identify and escalate concerns.
- Buy in the monitoring and filtering system.
- Keep a document of what is blocked and why.
- Review how effective the system is, i.e. are concerning incidents picked up quickly and the outcomes recorded.
- Overseeing any reports from the monitoring and filtering.
- Ensure there is relevant training in place for staff and that it is regularly undertaken.
DSL should:
- Have overall responsibility for online safety which includes the monitoring and filtering system.
- Should work with IT staff to ensure it is effective and appropriate.
The Governing Body should:
- Have an understanding of the monitoring and filtering system.
- Ensure that staff training is completed.
Requirements:
The DfE advise that schools and colleges should conduct their own data protection impact assessment (DPIA) and review the privacy notices of the third party providers. Visit our DPIA Best Practice Library for further advice on conducting a DPIA and review our Transparency Best Practice Area for privacy notice templates and transparency guidance.
Cyber:
Monitoring of systems and networks is a way of reducing the risk of a cyber attack. Monitoring helps to identify any unexpected or malicious activity happening on a server or a network. Suspicious activity could result in a breach of the security and access to the systems or it could be via multiple requests to a server which might render it useless. It helps protect your organisation by establishing some basic cyber defences. Filtering will also help reduce the number of unsavoury websites that staff/students may try to access, which in turn may prevent downloads of malware or viruses. Visit our Info/Cyber Security Best Practice Library for help and guidance and review our Info/Cyber Security Checklist and consider what procedures and systems you have in place for monitoring devices, access control of systems and other system related questions.
The NCSC provide help and guidance about protecting your organisation: Reducing your exposure to a cyber attack.
Training and Awareness:
Training and awareness in the use of devices online and how to access the internet safely will not only protect the systems and network but the individual. All staff, governors and pupils should undertake online safety training. SLT and DSL's may require extra training so they are able to provide further help and support to staff and pupils. They should have a good understanding of any filtering and monitoring and be involved in the reporting process. The training should be done regularly, annually if possible. Review the training courses: Stay Safe Online NCSC and NCSC Cyber Security Training for School Staff via our Knowledge Bank.
What should staff report?
- if they witness or suspect unsuitable material has been accessed.
- they can access unsuitable material.
- they are teaching topics which could create unusual activity on the filtering logs.
- there is a failure in the system or abuse of the system.
- they notice abbreviations or misspellings that allow access to restricted material.
This will come into force on the 1st September 2023. LGFG have created a video with all the main changes to the updated KCSIE document: