The Wisdom Academy

E-Safety Policy 2015


CONTENTS

Guidance and Suggested Text 1

Introduction. 2

Monitoring. 4

Breaches. 5

Incident Reporting. 5

Acceptable Use Agreement: Pupils - Primary. 6 

Acceptable Use Agreement: Staff and Visitors. 8 

Staff Professional Responsibilities. 9 

Computer Viruses. 10 

e-Mail 11 

Managing e-Mail 11 

Sending e-Mails. 12 

Receiving e-Mails. 12 

e-mailing Personal, Sensitive, Confidential or Classified Information. 13 

Equal Opportunities. 14 

Pupils with Additional Needs. 14 

eSafety. 15 

eSafety - Roles and Responsibilities. 15 

eSafety in the Curriculum.. 15 

eSafety Skills Development for Staff 16 

Managing the School eSafety Messages. 16 

Incident Reporting, eSafety Incident Log & Infringements. 17 

Incident Reporting. 17 

eSafety Incident Log. 17 

Misuse and Infringements. 17 

Flowcharts for Managing an eSafety Incident 18 

Internet Access. 20 

Managing the Internet 20 

Internet Use. 20 

Infrastucture. 20 

Managing Other Web 2 Technologies. 22 

Parental Involvement 23 

Passwords and Password Security. 24 

Passwords. 24 

Password Security. 24 

Zombie Accounts. 25 

Safe Use of Images. 26 

Taking of Images and Film.. 26 

Consent of Adults Who Work at the School 26 

Publishing Pupil’s Images and Work. 26 

Storage of Images. 27 

Webcams and CCTV.. 27 

Video Conferencing. 28

School ICT Equipment including Portable & Mobile ICT Equipment & Removable Media. 29

School ICT Equipment 29

Portable & Mobile ICT Equipment 30

Mobile Technologies. 30

Removable Media. 31

Smile and Stay Safe Poster 32

Social Media, including Facebook and Twitter 33

Telephone Services. 34

Mobile Phones. 34

Writing and Reviewing this Policy. 35

Staff and Pupil Involvement in Policy Creation. 35

Review Procedure. 35

Current Legislation. 36

Acts Relating to Monitoring of Staff eMail 36

Other Acts Relating to eSafety. 36

Acts Relating to the Protection of Personal Data. 38


Guidance and Suggested Text

This policy has been developed by the eSafety subgroup of the HSCB.  The following sections contain guidance and suggested statements for schools to use in compiling their own school’s Policy for ICT Acceptable Use. It is intended for staff and pupil use.

Once this policy has been ratified by the School’s Governors it should be made available to all personnel involved in the working of the school, including Governors, pupils and parents.

The Acceptable Use of ICT Agreement should be issued to the appropriate user for signature and collated by a designated member of staff.

Schools should ensure that all persons, including Governors and pupils, who join the establishment mid year are provided with the policy and agreement.

Introduction

ICT in the 21st Century is seen as an essential resource to support learning and teaching, as well as playing an important role in the everyday lives of children, young people and adults.  Consequently, schools need to build in the use of these technologies in order to arm our young people with the skills to access life-long learning and employment.

Information and Communications Technology covers a wide range of resources including; web-based and mobile learning.  It is also important to recognise the constant and fast paced evolution of ICT within our society as a whole.  Currently the internet technologies children and young people are using both inside and outside of the classroom include:

  • · Websites
  • · E-mail, Instant Messaging and chat rooms
  • · Social Media, including Facebook and Twitter
  • · Mobile/ Smart phones with text, video and/ or web functionality
  • · Other mobile devices with web functionality
  • · Gaming, especially online
  • · Learning Platforms and Virtual Learning Environments
  • · Blogs and Wikis
  • · Podcasting
  • · Video Broadcasting
  • · Music Downloading

Whilst exciting and beneficial both in and out of the context of education, much ICT, particularly web-based resources, are not consistently policed.  All users need to be aware of the range of risks associated with the use of these Internet technologies and that some have minimum age requirements, usually 13 years.

At The Wisdom Academy, we understand the responsibility to educate our pupils on e-Safety issues; teaching them the appropriate behaviours and critical thinking skills to enable them to remain both safe and legal when using the internet and related technologies, in and beyond the context of the classroom.

Schools hold personal data on learners, staff and other people to help them conduct their day-to-day activities.   Some of this information is sensitive and could be used by another person or criminal organisation to cause harm or distress to an individual. The loss of sensitive information can result in media coverage, and potentially damage the reputation of the school. This can make it more difficult for your school to use technology to benefit learners.

Everybody in the school has a shared responsibility to secure any sensitive information used in their day to day professional duties and even staff not directly involved in data handling should be made aware of the risks and threats and how to minimise them.

Both this policy and the Acceptable Use Agreement (for all staff, governors, visitors and pupils) are inclusive of both fixed and mobile internet; technologies provided by the school (such as PCs, laptops, mobile devices,  webcams, whiteboards, voting systems, digital video equipment, etc); and technologies owned by pupils and staff, but brought onto school premises (such as laptops, mobile phones, and other mobile devices).

Monitoring

Mr. Maniam , our ICT co-ordinator and ICT maintenance manager will be referred to as ‘Authorised ICT staff’ may inspect any ICT equipment owned or leased by the school at any time without prior notice. If you are in doubt as to whether the individual requesting such access is authorised to do so, please ask for their identification badge and contact their department. Any ICT authorised staff member will be happy to comply with this request.

ICT authorised staff may monitor, intercept, access, inspect, record and disclose telephone calls, e-mails, instant messaging, internet/intranet use and any other electronic communications (data, voice or image) involving its employees or contractors, without consent, to the extent permitted by law.  This may be to confirm or obtain school business related information; to confirm or investigate compliance with school policies, standards and procedures; to ensure the effective operation of school ICT; for quality control or training purposes; to comply with a Subject Access Request under the Data Protection Act 1998, or to prevent or detect crime.

ICT authorised staff may, without prior notice, access the e-mail or voice-mail account where applicable, of someone who is absent in order to deal with any business-related issues retained on that account.

All monitoring, surveillance or investigative activities are conducted by ICT authorised staff and comply with the Data Protection Act 1998, the Human Rights Act 1998, the Regulation of Investigatory Powers Act 2000 (RIPA) and the Lawful Business Practice Regulations 2000.

Please note that personal communications using School ICT may be unavoidably included in any business communications that are monitored, intercepted and/or recorded.

All internet activity is logged by the school’s internet provider. These logs may be monitored by authorised HCC staff.

Breaches

A breach or suspected breach of policy by a school employee, contractor or pupil may result in the temporary or permanent withdrawal of school ICT hardware, software or services from the offending individual.

Any policy breach is grounds for disciplinary action in accordance with the school Disciplinary Procedure or, where appropriate, the HCC Disciplinary Procedure or Probationary Service Policy.

Policy breaches may also lead to criminal or civil proceedings.

The ICO's new powers to issue monetary penalties came into force on 6 April 2010, allowing the Information Commissioner's office to serve notices requiring organisations to pay up to £500,000 for serious breaches of the Data Protection Act.

The data protection powers of the Information Commissioner's Office are to:

  • · Conduct assessments to check organisations are complying with the Act;
  • · Serve information notices requiring organisations to provide the Information Commissioner's Office with specified information within a certain time period;
  • · Serve enforcement notices and 'stop now' orders where there has been a breach of the Act, requiring organisations to take (or refrain from taking) specified steps in order to ensure they comply with the law;
  • · Prosecute those who commit criminal offences under the Act;
  • · Conduct audits to assess whether organisations processing of personal data follows good practice,
  • · Report to Parliament on data protection issues of concern

Incident Reporting

Any security breaches or attempts, loss of equipment and any unauthorised use or suspected misuse of ICT must be immediately reported to the school’s SIRO or eSafety Co-ordinator. Additionally, all security breaches, lost/stolen equipment or data (including remote access SecureID tokens and PINs), virus notifications, unsolicited emails, misuse or unauthorised use of ICT and all other policy non-compliance must be reported to your Senior Information Risk Owner who is Fuad Dol.

Please refer to the section Incident Reporting, eSafety Incident Log & Infringements.

Acceptable Use Agreement: Pupils

The Wisdom Academy Pupil Acceptable Use

Agreement / e-Safety Rules

  • ·
  • ·

I will only open e-mail attachments from people I know, or who my teacher has approved.

I will not tell other people my ICT passwords.

I will only open/delete my own files.

I will make sure that all ICT contact with other children and adults is responsible, polite and sensible.

I will not deliberately look for, save or send anything that could be unpleasant or nasty.   If I accidentally find anything like this I will tell my teacher immediately.

I will not give out my own details such as my name, phone number or home address.  I will not arrange to meet someone unless this is part of a school project approved by my teacher and a responsible adult comes with me.

I will be responsible for my behaviour when using ICT because I know that these rules are to keep me safe.

I will support the school approach to online safety and not deliberately upload or add any images, video, sounds or text that could upset any member of the school community

I know that my use of ICT can be checked and that my parent/ carer contacted if a member of school staff is concerned about my e-Safety.


Dear Parent/ Carer

ICT including the internet, e-mail and mobile technologies has become an important part of learning in our school.   We expect all children to be safe and responsible when using any ICT

Please read and discuss these e-Safety rules with your child and return the slip at the bottom of this page.  If you have any concerns or would like some explanation please contact Br. Solayman in the school office.

"

Parent/ carer signature

We have discussed this and ……………………………………..........(child name) agrees to follow the eSafety rules and to support the safe use of ICT at  The Wisdom Academy.

Parent/ Carer Signature …….………………….………………………….

Class ………………………………….  Date ………………………………

Acceptable Use Agreement: Staff, Volunteer and Visitors

Staff, Volunteer and Visitor

Acceptable Use Agreement / Code of Conduct

ICT (including data) and the related technologies such as e-mail, the internet and mobile devices are an expected part of our daily working life in school.  This policy is designed to ensure that all staff are aware of their professional responsibilities when using any form of ICT.  All staff are expected to sign this policy and adhere at all times to its contents.  Any concerns or clarification should be discussed with Mr. Maniam, school e-Safety coordinator

I will only use the school’s email / Internet / Intranet / Learning Platform and any related technologies for professional purposes or for uses deemed ‘reasonable’ by the Head or Governing Body.

I will comply with the ICT system security and not disclose any passwords provided to me by the school or other related authorities

I will ensure that all electronic communications with pupils and staff are compatible with my professional role.

I will not give out my own personal details, such as mobile phone number and personal e-mail address, to pupils.

I will only use the approved, secure e-mail system(s) for any school business.

I will ensure that personal data (such as data held on our server, school reports, assessments etc) is kept secure and is used appropriately, whether in school, taken off the school premises or accessed remotely.  Personal data can only be taken out of school or accessed remotely when authorised by the Headteacher. Personal or sensitive data taken off site must be encrypted.

I will not install any hardware of software without permission of Mr. Maniam  (ICT co-ordinator)

I will not browse, download, upload or distribute any material that could be considered offensive, illegal or discriminatory.

Images of pupils and/ or staff will only be taken, stored and used for professional purposes in line with school policy and with written consent of the parent, carer or staff member.  Images will not be distributed outside the school network without the permission of the parent/ carer, member of staff or Headteacher.

I will support the school approach to online safety and not deliberately upload or add any images, video, sounds or text that could upset or offend any member of the school community

I understand that all my use of the Internet and other related technologies can be monitored and logged and can be made available, on request, to my Line Manager or Headteacher.

I will respect copyright and intellectual property rights.

I will ensure that my online activity, both in school and outside school, will not bring my professional role into disrepute.

I will support and promote the school’s e-Safety and Data Security policies and help pupils to be safe and responsible in their use of ICT and related technologies.

I understand this forms part of the terms and conditions set out in my contract of employment.

User Signature

I agree to follow this code of conduct and to support the safe and secure use of ICT throughout the school

Signature …….………………….………… Date ……………………

Full Name ………………………………….........................................(printed)

Job title . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Computer Viruses

  • · All files downloaded from the Internet, received via e-mail or on removable media such as a  memory stick,,  must be checked for any viruses using school provided anti-virus software before being used
  • · Never interfere with any anti-virus software installed on school ICT equipment that you use
  • · If your machine is not routinely connected to the school network, you must make provision for regular virus updates through your IT team
  • ·

e-Mail

The use of e-mail within most schools is an essential means of communication for both staff and pupils. In the context of school, e-mail should not be considered private.  Educationally, e-mail can offer significant benefits including; direct written contact between schools on different projects, be they staff based or pupil based, within school or international. We recognise that pupils need to understand how to style an e-mail in relation to their age and good network etiquette. In order to achieve ICT level 4 or above, pupils must have experienced sending and receiving e-mails.

Managing e-Mail

  • · The school gives some staff their own e-mail account to use for all school business as a work based tool This is to protect staff, minimise the risk of receiving unsolicited or malicious e-mails and avoids the risk of personal profile information being revealed
  • ·
  • · Under no circumstances should staff contact pupils, parents or conduct any school business using personal e-mail addresses
  • · The school requires a standard disclaimer to be attached to all e-mail correspondence, stating that, ‘the views expressed are not necessarily those of the school or the LA’.  The responsibility for adding this disclaimer lies with the account holder
  • · All e-mails should be written and checked carefully before sending, in the same way as a letter written on school headed paper
  • ·
  • · Pupils may only use school approved accounts on the school system and only under direct teacher supervision for educational purposes
  • ·

- Delete all e-mails of short-term value

- Organise e-mail into folders and carry out frequent house-keeping on all folders and archives

  • · The following pupils have their own individual school issued accounts (list groups of children or individuals), all other children use a class/ group e-mail address
  • ·
  • · All pupil e-mail users are expected to adhere to the generally accepted rules of netiquette particularly in relation to the use of appropriate language and not revealing any personal details about themselves or others in e-mail communication, or arrange to meet anyone without specific permission, virus checking attachments
  • · Pupils must immediately tell a teacher/ trusted adult if they receive an offensive e-mail
  • · Staff must inform (the eSafety co-ordinator/ line manager) if they receive an offensive e-mail
  • · Pupils are introduced to e-mail as part of the ICT Scheme of Work
  • · However you access your school e-mail (whether directly, through webmail when away from the office or on non-school hardware) all the school e-mail policies apply

Sending e-Mails

  • · If sending e-mails containing personal, confidential, classified or financially sensitive data to external third parties or agencies, refer to the Section e-mailing Personal, Sensitive, Confidential or Classified Information
  • · Use your own school e-mail account so that you are clearly identified as the originator of a message
  • · Keep the number and relevance of e-mail recipients, particularly those being copied, to the minimum necessary and appropriate
  • ·
  • · School e-mail is not to be used for personal advertising

Receiving e-Mails

  • · Check your e-mail regularly
  • · Activate your ‘out-of-office’ notification when away for extended periods
  • · Never open attachments from an untrusted source; Consult your network manager first
  • ·
  • · The automatic forwarding and deletion of e-mails is not allowed

e-mailing Personal, Sensitive, Confidential or Classified Information

  • · Where your conclusion is that e-mail must be used to transmit such data:

- Obtain express consent from your manager to provide the information by e-mail

- Exercise caution when sending the e-mail and always follow these checks before releasing the e-mail:

  1. o
  1. o Verify the details, including accurate e-mail address, of any intended recipient of the information
  1. o Verify (by phoning) the details of a requestor before responding to e-mail requests for information
  1. o Do not copy or forward the e-mail to any more recipients than is absolutely necessary

- Do not send the information to any body/person whose details you have been unable to separately verify (usually by phone)

- Send the information as an encrypted document attached to an e-mail

- Provide the encryption key or password by a separate contact with the recipient(s)

- Do not identify such information in the subject line of any e-mail

- Request confirmation of safe receipt

In exceptional circumstances provision can be made for other external agencies.

Equal Opportunities

Pupils with Additional Needs

The school endeavours to create a consistent message with parents for all pupils and this in turn should aid establishment and future development of the schools’ eSafety rules.

However, staff are aware that some pupils may require additional support or teaching including adapted resources, reminders, prompts and further explanation to reinforce their existing knowledge and understanding of eSafety issues.

Where a pupil has poor social understanding, careful consideration is given to group interactions when raising awareness of eSafety.  Internet activities are planned and well managed for these children and young people.

eSafety

eSafety - Roles and Responsibilities

As eSafety is an important aspect of strategic leadership within the school, the Head and governors have ultimate responsibility to ensure that the policy and practices are embedded and monitored.  The named eSafety co-ordinator in this school is Fuad Dol who has been designated this role as a member of the senior leadership team.  All members of the school community have been made aware of who holds this post.  It is the role of the eSafety co-ordinator to keep abreast of current issues and guidance through organisations such as Herts LA, , CEOP (Child Exploitation and Online Protection) and Childnet.

Senior Management and governors are updated by the Head/ eSafety co-ordinator and all governors have an understanding of the issues and strategies at our school in relation to local and national guidelines and advice.

This policy, supported by the school’s acceptable use agreements for staff, governors, visitors and pupils, is to protect the interests and safety of the whole school community.  It is linked to the following mandatory school policies: child protection, health and safety, home–school agreements, and behaviour/pupil discipline (including the anti-bullying) policy and PSHE

eSafety in the Curriculum

ICT and online resources are increasingly used across the curriculum.  We believe it is essential for eSafety guidance to be given to the pupils on a regular and meaningful basis.  eSafety is embedded within our curriculum and we continually look for new opportunities to promote eSafety.

  • · The school has a framework for teaching internet skills in ICT/ PSHE lessons, this can be found in the ICT schemes of study (Hamilton Trust and LCP schemes)
  • · The school provides opportunities within a range of curriculum areas to teach about eSafety
  • · Educating pupils about the online risks that they may encounter outside school is done informally when opportunities arise and as part of the eSafety curriculum
  • · Pupils are aware of the relevant legislation when using the internet such as data protection and intellectual property which may limit what they want to do but also serves to protect them
  • · Pupils are taught about copyright, respecting other people’s information, safe use of images and other important areas through discussion, modeling and appropriate activities
  • ·
  • ·

eSafety Skills Development for Staff

  • ·
  • ·
  • · New staff receive information on the school’s acceptable use policy as part of their induction
  • · All staff have been made aware of their individual responsibilities relating to the safeguarding of children within the context of eSafety and know what to do in the event of misuse of technology by any member of the school community (see enclosed flowcharts)
  • · All staff are encouraged to incorporate eSafety activities and awareness within their curriculum areas

Managing the School eSafety Messages

  • · We endeavour to embed eSafety messages across the curriculum whenever the internet and/or related technologies are used
  • · The eSafety policy will be introduced to the pupils at the start of each school year
  • · eSafety posters will be prominently displayed
  • · The key eSafety advice will be promoted widely through school displays, newsletters, class activities and so on

Incident Reporting, eSafety Incident Log & Infringements

Incident Reporting

Any security breaches or attempts, loss of equipment and any unauthorised use or suspected misuse of ICT must be immediately reported to the school’s SIRO or eSafety Co-ordinator. Additionally, all security breaches, lost/stolen equipment or data (including remote access SecureID tokens and PINs), virus notifications, unsolicited emails, misuse or unauthorised use of ICT and all other policy non-compliance must be reported to your Senior Information Risk Owner.

e-Safety Incident Log

Keeping an incident log can be a good way of monitoring what is happening and identify trends or specific concerns.

The Wisdom Academy  E-Safety Log Form

Date and Time

Name of Pupil or Staff Member

Male or female

Room and Computer Device Number

Details of incident

Details of all e-safety incidences to be recorded by the e-safety co-ordinator.  This incident log will be monitored by the Headteacher upon every incident and half-termly or sooner depending on the seriousness of incidences. Cyber bullying may be recorded on this form.

Misuse and Infringements

Complaints

Complaints and/ or issues relating to eSafety should be made to the eSafety co-ordinator or Headteacher

Inappropriate Material

  • All users are aware of the procedures for reporting accidental access to inappropriate materials. The breach must be immediately reported to the eSafety co-ordinator
  • Deliberate access to inappropriate materials by any user will lead to the incident being logged by the eSafety co-ordinator, depending on the seriousness of the offence; investigation by the Headteacher/ Propreitor.
  • immediate suspension, possibly leading to dismissal and involvement of police for very serious offences (see flowchart)
  • Users are made aware of sanctions relating to the misuse or misconduct by (add how your school do this here)

Flowcharts for Managing an eSafety Incident

Internet Access

The internet is an open worldwide communication medium, available to everyone  at all times.  Anyone can view information, send messages, discuss ideas and publish material which makes it both an invaluable resource for education, business and social interaction, as well as a potential risk to young and vulnerable people. All use of the Hertfordshire Grid for Learning (HGfL) is logged and the logs are randomly but regularly monitored. Whenever any inappropriate use is detected it will be followed up.

Managing the Internet

  • · The school provides pupils with supervised access to Internet resources (where reasonable) through the school’s fixed and mobile internet connectivity
  • · Staff will preview any recommended sites before use
  • · Raw image searches are discouraged when working with pupils
  • ·
  • ·
  • · All users must observe copyright of materials from electronic resources

Internet Use

  • · You must not post personal, sensitive, confidential or classified information or disseminate such information in any way that may compromise the  intended restricted audience
  • · Do not  reveal names of colleagues, pupils, others or any other confidential information acquired through your job on any social networking site or other online application
  • · On-line gambling or gaming is not allowed

It is at the Headteacher’s discretion as to what internet activities are permissible for staff and pupils and how this is disseminated.

Infrastucture

  • · Hertfordshire Local Authority has a monitoring solution via the Hertfordshire Grid for Learning where web-based activity is monitored and recorded
  • ·
  • · The Wisdom Academy is aware of its responsibility when monitoring staff communication under current legislation and takes into account; Data Protection Act 1998, The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, Regulation of Investigatory Powers Act 2000, Human Rights Act 1998
  • · Staff and pupils are aware that school based email and internet activity can be monitored and explored further if required
  • · The school does not allow pupils access to internet logs
  • · The school uses management control tools for controlling and monitoring workstations
  • · If staff or pupils discover an unsuitable site, the screen must be switched off/ closed and the incident reported immediately to the e-safety coordinator or teacher as appropriate
  • · It is the responsibility of the school, by delegation to the network manager, to ensure that anti-virus protection is installed and kept up-to-date on all school machines
  • ·
  • · Pupils and staff are not permitted to download programs or files on school based technologies without seeking prior permission from (the Headteacher/technician/ICT subject leader)
  • · If there are any issues related to viruses or anti-virus software, the network manager should be informed (in person or by email)

Managing Other Web 2 Technologies

Online technologies,  including social networking sites, if used responsibly both outside and within an educational context can provide easy to use, creative, collaborative and free facilities.  However it is important to recognise that there are issues regarding the appropriateness of some content, contact, culture and commercialism. To this end, we encourage our pupils to think carefully about the way that information can be added and removed by all users, including themselves, from these sites.

  • · At present, the school endeavors to deny access to social networking and online games websites to pupils within school
  • · All pupils are advised to be cautious about the information given by others on such websites, for example users not being who they say they are
  • · Pupils are taught to avoid placing images of themselves (or details within images that could give background details) on such websites and to consider the appropriateness of any images they post due to the difficulty of removing an image once online
  • · Pupils are always reminded to avoid giving out personal details on websites which may identify them or where they are (full name, address, mobile/ home phone numbers, school details, IM/ email address, specific hobbies/ interests)
  • · Our pupils are advised to set and maintain their online profiles to maximum privacy and deny access to unknown individuals
  • · Pupils are encouraged to be wary about publishing specific and detailed private thoughts and information online
  • · Our pupils are asked to report any incidents of Cyberbullying to the school
  • · Staff may only create blogs, wikis or other online areas in order to communicate with pupils using the school learning platform or other systems approved by the Headteacher

Parental Involvement

We believe that it is essential for parents/carers to be fully involved with promoting eSafety both in and outside of school and to be aware of their responsibilities.   We regularly consult and discuss eSafety with parents/ carers and seek to promote a wide understanding of the benefits of new technologies  together with the associated risks.

  • ·
  • · Parents/carers are asked to read through and sign acceptable use agreements on behalf of their child on admission to the school
  • ·
  • · Parents/carers are expected to sign a Home School agreement containing the following statement or similar

® We will support the school approach to on-line safety and not deliberately upload or add any text, image, sound or video that could upset or offend any member of the school community

  • · The school disseminates information to parents relating to eSafety where appropriate in the form of;
    • Information evenings
    • Posters
    • School website
    • Newsletter items

Passwords and Password Security

Passwords

  • · Always use your own personal passwords
  • ·
  • · Staff should change temporary passwords at first logon
  • · Change passwords whenever there is any indication of possible system or password compromise
  • · Do not record passwords or encryption keys on paper or in an unprotected file
  • · Ensure that all personal passwords that have been disclosed are changed once the requirement is finished
  • · Never tell a child or colleague your password
  • · If you are aware of a breach of security with your password or account inform Fuad Dol  immediately
  • ·
  • · Passwords should contain a mixture of upper and lowercase letters, numbers and symbols
  • · User ID and passwords for staff and pupils who have left the school are removed from the system within

If you think your password may have been compromised or someone else has become aware of your password report this to your ICT support team

Password Security

Password security is essential for staff, particularly as they are able to access and use pupil data. Staff are expected to have secure passwords which are not shared with anyone. The pupils are expected to keep their passwords private and not to share with others, particularly their friends. Staff and pupils are regularly reminded of the need for password security.

  • · All users read and sign an Acceptable Use Agreement to demonstrate that they have understood the school’s eSafety Policy and Data Security
  • ·
  • · Pupils are not allowed to deliberately access on-line materials or files on the school network, of their peers, teachers or others
  • ·
  • · Due consideration should be given when logging into the school learning platform, virtual learning environment or other online application to the browser/cache options (shared or private computer)
  • · In our school, all ICT password policies are the responsibility of Fuad Dol and all staff and pupils are expected to comply with the policies at all times

Zombie Accounts

Zombie accounts refers to accounts belonging to users who have left the school and therefore no longer have authorised access to the school’s systems. Such Zombie accounts when left active can cause a security threat by allowing unauthorised access.

  • · Ensure that all user accounts are disabled once the member of the school has left
  • · Prompt action on disabling accounts will prevent unauthorized access
  • · Regularly change generic passwords to avoid unauthorized access (Microsoft© advise every 42 days)

Safe Use of Images

Taking of Images and Film

Digital images are easy to capture, reproduce and publish and, therefore, misuse.  We must remember that it is not always appropriate to take or store images of any member of the school community or public, without first seeking consent and considering the appropriateness.  HCC guidance can be found: http://www.thegrid.org.uk/eservices/safety/research/index.shtml#safeuse

  • · With the written consent of parents (on behalf of pupils) and staff, the school permits the appropriate taking of images by staff and pupils with school equipment
  • ·
  • · Pupils are not permitted to use personal digital equipment, including mobile phones and cameras, to record images of pupils, staff and others without advance permission from the Headteacher
  • · Pupils and staff must have permission from the Headteacher before any image can be uploaded for publication

Consent of Adults Who Work at the School

  • · Permission to use images of all staff who work at the school is sought on induction and a copy is located in the personnel file

Publishing Pupil’s Images and Work

On a child’s entry to the school, all parents/carers will be asked to give permission to use their child's work/photos in the following ways:

  • ·
  • · in the school prospectus and other printed publications that the school may produce for promotional purposes
  • · recorded/ transmitted on a video or webcam
  • ·
  • · in display material that may be used in the school’s communal areas
  • · in display material that may be used in external areas, ie exhibition promoting the school
  • · general media appearances, eg local/ national media/ press releases sent to the press highlighting an activity (sent using traditional methods or electronically)

This consent form is considered valid for the entire period that the child attends this school unless there is a change in the child’s circumstances where consent could be an issue, eg divorce of parents, custody issues, etc.

Parents or  carers may withdraw permission, in writing, at any time.  Consent has to be given by both parents in order for it to be deemed valid.

Pupils’ names will not be published alongside their image and vice versa.  E-mail and postal addresses of pupils will not be published.  Pupils’ full names will not be published.

Before posting student work on the Internet, a check needs to be made to ensure that permission has been given for work to be displayed.

Only the ICT co-ordinator and Headteacher have the  authority to upload to the site.

Storage of Images

  • · Images/ films of children are stored on the school’s network and (name any other media)
  • ·
  • · Rights of access to this material are restricted to the teaching staff and pupils within the confines of the school network or other online school resource
  • · (name/names) has the responsibility of deleting the images when they are no longer required, or when the pupil has left the school

Webcams and CCTV

  • ·
  • · We do not use publicly accessible webcams in school
    • Consent is sought from parents/carers and staff on joining the school, in the same way as for all images

Video Conferencing

  • · Permission is sought from parents and carers if their children are involved in video conferences
  • · Permission is sought from parents and carers if their children are involved in video conferences with end-points outside of the school
  • · All pupils are supervised by a member of staff when video conferencing
  • · All pupils are supervised by a member of staff when video conferencing with end-points beyond the school
  • ·
  • · Approval from the Headteacher is sought prior to all video conferences within school
  • · The school conferencing equipment is not set to auto-answer and is only switched on for scheduled and approved conferences
  • · No part of any video conference is recorded in any medium without the written consent of those taking part

Additional points to consider:

  • · Participants in conferences offered by 3rd party organisations may not be DBS/CRB checked

  • · Conference supervisors need to be familiar with how to use the video conferencing equipment, particularly how to end a call if at any point any person taking part becomes unhappy with the content of the conference

School ICT Equipment including Portable & Mobile ICT Equipment & Removable Media

School ICT Equipment

  • · As a user of the  school ICT equipment , you are responsible for your  activity
  • · It is recommended that schools log ICT equipment issued to staff and record serial numbers as part of the school’s inventory
  • · Do not allow your visitors to plug their ICT hardware into the school network points (unless special provision has been made). They should be directed to the wireless ICT facilities if available
  • · Ensure that all ICT equipment that you use is kept physically secure
  • ·
  • ·
  • · Personal or sensitive data should not be stored on the local drives of desktop PC, laptop, USB memory stick,  or other portable device . If it is necessary to do so the local drive must be encrypted
  • ·
  • · Privately owned ICT equipment should not be used on a school network
  • ·
  • · It is your responsibility to ensure that any information accessed from your own PC or removable media equipment is kept secure, and that no personal, sensitive, confidential or classified information is disclosed to any unauthorised person
  • ·
  1. o maintaining control of the allocation and transfer within their Unit
  1. o recovering and returning equipment when no longer needed
  • · All redundant ICT equipment is disposed of in accordance with Waste Electrical and Electronic Equipment (WEEE) directive and Data Protection Act (DPA)

Portable & Mobile ICT Equipment

This section covers such items as laptops, mobile devices and removable data storage devices. Please refer to the relevant sections of this document when considering storing or transferring personal or sensitive data

  • · All activities carried out on school systems and hardware will be monitored in accordance with the general policy
  • ·
  • ·
  • · Synchronise all locally stored data, including diary entries, with the central school network server on a frequent basis
  • · Ensure portable and mobile ICT equipment is made available as necessary for anti-virus updates and software installations, patches or upgrades
  • · The installation of any applications or software packages must be authorised by the ICT support team, fully licensed and only carried out by your ICT support
  • · In areas where there are likely to be members of the general public, portable or mobile ICT equipment must not be left unattended and, wherever possible, must be kept out of sight
  • · Portable equipment must be transported in its protective case if supplied

Mobile Technologies

Many emerging technologies offer new opportunities for teaching and learning including a move towards personalised learning and 1:1 device ownership for children and young people. Mobile technologies such as, Smartphones, Blackberries, iPads,  games players are generally very familiar to children outside of school.  They often provide a collaborative, well-known device with possible internet access and thus open up risk and misuse associated with communication and internet use.  Emerging technologies will be examined for educational benefit and the risk assessed before use in school is allowed.  Our school chooses to manage the use of these devices in the following ways so that users exploit them appropriately.

Personal Mobile Devices (including phones)

  • ·
  • ·
  • ·
  • · The school is not responsible for the loss, damage or theft of any personal mobile device
  • · The sending of inappropriate text messages between any member of the school community is not allowed
  • · Permission must be sought before any image or sound recordings are made on these devices of any member of the school community
  • · Users bringing personal devices into school must ensure there is no inappropriate or illegal content on the device

School Provided Mobile Devices (including phones)

  • · The sending of inappropriate text messages between any member of the school community is not allowed
  • · Permission must be sought before any image or sound recordings are made on the devices of any member of the school community
  • · Where the school provides mobile technologies such as phones, laptops and iPads for offsite visits and trips, only these devices should be used
  • · Where the school provides a laptop for staff, only this device may be used to conduct school business outside of school

Removable Media

If storing or transferring personal, sensitive, confidential or classified information using Removable Media:

  • · Always consider if an alternative solution already exists
  • · Only use recommended removable media
  • · Encrypt and password protect – See P 14
  • · Store all removable media securely
  • · Removable media must be disposed of securely by your ICT support team

Smile and Stay Safe Poster

eSafety guidelines to be displayed throughout the school

and stay safe

Staying safe means keeping your personal details private, such as full name, phone number, home address, photos or school. Never reply to ASL (age, sex, location)

Meeting up with someone you have met online can be dangerous. Only meet up if you have first told your parent or carer and they can be with you

Information online can be untrue, biased or just inaccurate. Someone online my not be telling the truth about who they are - they may not be a ‘friend’

Let a parent, carer, teacher or trusted adult know if you ever feel worried, uncomfortable or frightened about something online or someone you have met or who has contacted you online

Emails, downloads, IM messages, photos and anything from someone you do not know or trust may contain a virus or unpleasant message. So do not open or reply

Social Media, including Facebook and Twitter

Facebook, Twitter and other forms of social media are increasingly becoming an important part of our daily lives.

  • · Staff are not permitted to access their personal social media accounts using school equipment at  during from school during school hours
  • · Staff are able to setup social media accounts, using their school email address, in order to be able to teach pupils the safe and responsible use of Facebook or other applications
  • · Pupils are not permitted to access their social media accounts whilst at school
  • · Staff, governors, pupils, parents and carers are regularly provided with information on how to use social media responsibly and what to do if they are aware of inappropriate use by others
  • · Staff, governors, pupils, parents and carers are aware that the information, comments, images and video they post online can be viewed by others, copied and stay online forever
  • · Staff, governors, pupils, parents and carers are aware that their online behaviour should at all times be compatible with UK law

Telephone Services

Mobile Phones

  • ·
  • · Report the loss or theft of any school mobile phone equipment immediately
  • · The school remains responsible for all call costs until the phone is reported lost or stolen
  • ·

Writing and Reviewing this Policy

Staff and Pupil Involvement in Policy Creation

  • Staff,  pupils have been involved in making/ reviewing the Policy for ICT Acceptable Use through ( school council, staff meetings)

Review Procedure

There will be on-going opportunities for staff to discuss with the eSafety coordinator any eSafety issue that concerns them

There will be on-going opportunities for staff to discuss with the SIRO/AIO any issue of data security that concerns them

This policy will be reviewed every (12) months and consideration given to the implications for future whole school development planning

The policy will be amended if new technologies are adopted or Central Government change the orders or guidance in any way

This policy has been read, amended and approved by the staff, head teacher and governors on……………………………….

Current Legislation

Acts Relating to Monitoring of Staff eMail

Data Protection Act 1998

The Act requires anyone who handles personal information to comply with important data protection principles when treating personal data relating to any living individual. The Act grants individuals rights of access to their personal data, compensation and prevention of processing.

http://www.hmso.gov.uk/acts/acts1998/19980029.htm

The Telecommunications (Lawful Business Practice)

(Interception of Communications) Regulations 2000

http://www.hmso.gov.uk/si/si2000/20002699.htm

Regulation of Investigatory Powers Act 2000

Regulating the interception of communications and making it an offence to intercept or monitor communications without the consent of the parties involved in the communication. The RIP was enacted to comply with the Human Rights Act 1998. The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, however, permit a degree of monitoring and record keeping, for example, to ensure communications are relevant to school activity or to investigate or detect unauthorised use of the network. Nevertheless, any monitoring is subject to informed consent, which means steps must have been taken to ensure that everyone who may use the system is informed that communications may be monitored. Covert monitoring without informing users that surveillance is taking place risks breaching data protection and privacy legislation.

http://www.hmso.gov.uk/acts/acts2000/20000023.htm

Human Rights Act 1998

http://www.hmso.gov.uk/acts/acts1998/19980042.htm

Other Acts Relating to eSafety

Racial and Religious Hatred Act 2006

It a criminal offence to threaten people because of their faith, or to stir up religious hatred by displaying, publishing or distributing written material which is threatening. Other laws already protect people from threats based on their race, nationality or ethnic background.

Sexual Offences Act 2003

The new grooming offence is committed if you are over 18 and have communicated with a child under 16 at least twice (including by phone or using the Internet) it is an offence to meet them or travel to meet them anywhere in the world with the intention of committing a sexual offence. Causing a child under 16 to watch a sexual act is illegal, including looking at images such as videos, photos or webcams, for your own gratification. It is also an offence for a person in a position of trust to engage in sexual activity with any person under 18, with whom they are in a position of trust.   Schools should already have a copy of “Children & Families: Safer from Sexual Crime” document as part of their child protection packs.

For more information  www.teachernet.gov.uk

Communications Act 2003 (section 127)

Sending by means of the Internet a message or other matter that is grossly offensive or of an indecent, obscene or menacing character; or sending a false message by means of or persistently making use of the Internet for the purpose of causing annoyance, inconvenience or needless anxiety is guilty of an offence liable, on conviction, to imprisonment. This wording is important because an offence is complete as soon as the message has been sent: there is no need to prove any intent or purpose.

The Computer Misuse Act 1990 (sections 1 3)

Regardless of an individuals motivation, the Act makes it a criminal offence to gain:

  • · access to computer files or software without permission (for example using another persons password to access files)
  • · unauthorised access, as above, in order to commit a further criminal act (such as fraud)
  • · impair the operation of a computer or program

UK citizens or residents may be extradited to another country if they are suspected of committing any of the above offences.

Malicious Communications Act 1988 (section 1)

This legislation makes it a criminal offence to send an electronic message (e-mail) that conveys indecent, grossly offensive, threatening material or information that is false; or is of an indecent or grossly offensive nature if the purpose was to cause a recipient to suffer distress or anxiety.

Copyright, Design and Patents Act 1988

Copyright is the right to prevent others from copying or using work without permission. Works such as text, music, sound, film and programs all qualify for copyright protection. The author of the work is usually the copyright owner, but if it was created during the course of employment it belongs to the employer. Copyright infringement is to copy all or a substantial part of anyone’s work without obtaining them author’s permission. Usually a licence associated with the work will allow a user to copy or use it for limited purposes. It is advisable always to read the terms of a licence before you copy or use someone else’s material. It is also illegal to adapt or use software without a licence or in ways prohibited by the terms of the software licence.

Public Order Act 1986 (sections 17 29)

This Act makes it a criminal offence to stir up racial hatred by displaying, publishing or distributing written material which is threatening. Like the Racial and Religious Hatred Act 2006 it also makes the possession of inflammatory material with a view of releasing it a criminal offence.

Protection of Children Act 1978 (Section 1)

It is an offence to take, permit to be taken, make, possess, show, distribute or advertise indecent images of children in the United Kingdom. A child for these purposes is a anyone under the age of 18. Viewing an indecent image of a child on your computer means that you have made a digital image. An image of a child also covers pseudo-photographs (digitally collated or otherwise). A person convicted of such an offence may face up to 10 years in prison.

Obscene Publications Act 1959 and 1964

Publishing an “obscene” article is a criminal offence. Publishing includes electronic transmission.

Protection from Harassment Act 1997

A person must not pursue a course of conduct, which amounts to harassment of another, and which he knows or ought to know amounts to harassment of the other.

A person whose course of conduct causes another to fear, on at least two occasions, that violence will be used against him is guilty of an offence if he knows or ought to know that his course of conduct will cause the other so to fear on each of those occasions.

Acts Relating to the Protection of Personal Data

Data Protection Act 1998

http://www.opsi.gov.uk/acts/acts1998/ukpga_19980029_en_1

The Freedom of Information Act 200

http://www.ico.gov.uk/for_organisations/freedom_of_information_guide.aspx