New college guidance: Keeping IT safe and secure
Changes to statutory guidance on keeping children safe which came into force on the 5 September 2016 will have a profound impact on IT provision for colleges, says Steve O’Connell, sales director at Advantex Network Solutions Ltd, who explains more and offers advice on what to do to keep young people safe.
Earlier this year, the Department for Education (DfE) laid out plans (Keeping Children Safe in Education: Statutory Guidance for Schools and Colleges) designed to keep young people safe from classroom bullying, drugs, abuse and radicalisation among other things.
The guidance came into effect from the 5 September 2016 and outlines some key actions for senior management and leadership teams to consider in relation to staff understanding and knowledge of safeguarding in colleges.
Spanning a mix of safeguarding policies, training, handling disclosures, referrals, and early help processes, the guidance, critically, includes IT systems – senior leadership teams need to ensure that all their staff know the systems within their campuses that support safeguarding and that these are explained to them as a part of the induction.
The new government safeguarding guidance requires schools to have in place an effective and appropriate whole-college approach to online safety.
Previous guidance concentrated mainly on prevention, but this updated guidance is all encompassing, requiring schools to link together technology, people, policy, processes and procedures.
The new narrative is more direct that the previous 2015 guidance, stating ‘it is essential children are safeguarded from potentially harmful and inappropriate online material’, and schools should do ‘all that they reasonably can to limit children’s exposure’.
It also requires an ‘effective approach to online safety’ and ‘a clear policy on the use of mobile technology’.
The DfE states that it is essential for children to be safeguarded from potentially harmful and inappropriate online material.
This is part of a clear move to throw the spotlight – and responsibility – onto governing bodies and proprietors, who need to ensure that not only is appropriate ‘web filtering’ in place but also the appropriate ‘monitoring’ has been considered and enabled.
Why now?
While delivering untold benefits to facilitate learning, knowledge and understanding, the growth in education IT has also seen it become an easily accessible platform and conduit for those who are looking to do harm or spread a toxic narrative among vulnerable and influential children. Online safety can be broadly defined across three areas of risk, with an associated requirement to reasonably limit children’s exposure to the following:
- Content: being exposed to illegal, inappropriate or harmful material
- Contact: being subjected to harmful online interaction with other users
- Conduct: personal online behaviour that increases the likelihood of, or causes, harm
Open to interpretation
The new guidance provides a framework that enables each school to determine its own interpretation. However, there will some commonality as colleges will be required to demonstrate both a general understanding of the risks affecting children and young people, and ‘a specific understanding of how to identify individual children who may be at risk of radicalisation and what to do to support them.’
Colleges must also have clear procedures in place for protecting children ‘at risk of radicalisation, which may be set out in existing safeguarding policies.
Colleges will have to do all that they reasonably can from this September to limit a child’s exposure to the three areas of risk from an IT system and as part of this process, those with responsibility need to ensure the college has the appropriate filters and monitoring systems in place.
These will need to take into account the restriction of access to online material that can be divided into two different categories: illegal content and inappropriate online content.
To help, the DfE has put forward criteria that must be met if a filtering provider’s system is to be considered fit-for-purpose: they have to be a member of Internet Watch Foundation (IWF), block access to CAIC (Child Abuse Images and Content) and integrate the ‘the police assessed list of unlawful terrorist content, produced on behalf of the Home Office’.
However, while colleges are told to ensure that ‘appropriate filters and monitoring systems are in place’, they are also cautioned against ‘over blocking’, which might lead to ‘unreasonable restrictions’ on what children can be taught.
The new guidance stresses that each facility is different and is required to determine its own interpretation of the content – throughout the guidance there is specific reference to the need to assess risks and put appropriate measures in place.
Assessing the impact of the guidance
So in assessing the impact of the guidance, what should a college need to be asking itself to ensure compliance?
There’s no hard and fast rule but leaders will need to consider what can children access online, how do they do this and when do they do it?
What risks are created through the type and frequency of online access children have at school?
What is taught with regards to online teaching and safeguarding and how do our systems enable the school to be effective in doing this?
They also need to identify, who is responsible for managing online access and are they sufficiently qualified in safeguarding to manage the risks to the college?
Furthermore, what policies, processes and procedures exist to proactively identify children who are at risk of harm through online use, and what policies are in place to differentiate between groups of users groups?
What training is required, who requires this training and how do we sustain continued professional development around safeguarding to meet near future and more long-term needs?
Assessing the risk
In assessing the guidance’s impact, colleges need to assess whether changes are needed to their technical systems, policies, processes and procedures to ensure that they secure and not open to risk.
Given the requirements of the guidance this will undoubtedly mean a good deal will need to undertake an in-depth assessment in each of these areas.
The expectation is that the college has a strategy or plan built around a combination of technology; policies, processes and managerial procedures that enables vulnerable children to be identified and profiled, creating alerts that are then actively assessed and managed.
They need to undertake an assessment of each of these to understand whether they are fit for purpose and appropriate given the updated guidance.
It’s evident that it’s not enough to simply block inappropriate content. Children need to be kept safe by actually looking at the intent of what they are doing and what they are trying to achieve.
It’s no easy task, and presents a difficult problem for those with management, administrative and teaching responsibilities. However what is certain that colleges now should be reviewing their IT systems in order to assess risk in the light of the new regulations and create a safer online environment and network.
Failure to do so could not only be costly but also have severe consequences that are not only felt now but also long into the future.
Advantex, which provides IT systems and support services to dozens of education establishments across the UK, has introduced EduCare Schools Broadband.
This new online resource enables colleges to provide enterprise grade network protection, allowing children to learn using the internet and e-Learning resources in a safe and secure environment.
Real-time web filters cut-out inappropriate content on the internet, ensuring it remains out of the reach of children, while an additional firewall protects from external threats.
EduCare Schools Broadband allows school users to build filtering policies based on user or group. This means that administrators or delegated teaching staff can also access for certain sites or apps for different groups of people.
Using the new safeguarding report feature also enables the user to monitor blocked actions and search terms, improving the identification of, protection from and reporting of incidents and system attacks.
Steve O’Connell, Sales director at Advantex Network Solutions Ltd
More at http://www.educareschoolsbroadband.co.uk or tel. 0845 222 0 666.
Responses