It is a world where everything and anything goes from the extraordinary to the downright weird, and it is one of the fundamental principles of e-safety: don’t believe everything you read; question everything.

I’m a firm believer in freedom of speech and the right to express oneself, but I also believe there are boundaries particularly when it comes to children.  Quite frankly I don’t want my children exposed to some of the dross that crawls onto the Internet.  It’s no longer a case of “if you don’t look for it, you won’t find it,” the prevalence of social networks means that things now find you, not the other way round.

Let’s take a story that found its way onto my Twitter feed (@esafetyadviser) a few days ago. The story concerns a man, a real man, getting married to My Little Pony, as in the cartoon character, who has taken the hump with an artist who apparently draws sexual fantasy art of the aforementioned pony -

Brony Engaged to Twilight Sparkle; Pens Angry Letter To Pony Artist  – this is the story on MTV Geek, with the original letter allegedly HERE.

Now, I have no idea whether this is a prank, but given some of the stuff I see I wouldn’t be surprised if it wasn’t.

I do worry sometimes just how far the Internet is going to push the boundaries.  If there was a definition for “normal”, we would be redefining every few months.  Some say the very freedom the Internet gives us is a good thing, some say it goes too far.  I’m for the former, but with boundaries.

When I go into schools I am often asked, “What is appropriate?”  That’s not for me to answer, my definition (or my boundaries) of appropriate and inappropriate will be different to yours, as it will be different to the ages of children.

But one thing is for certain, children are becoming normalized to content which would have made you and I shudder only a few years ago.  Without any doubt this is causing behaviour issues.  Are you a primary school teacher?  If so, ask your kids how many of them play Grand Theft Auto.  To many parents this is a simple driving game, but many parents won’t see (WARNING, ADULT CONTENT) THIS or THIS, and these are the tame ones!

The Internet continually fascinates me; e-Safety continually challenges me!

The post What has e-Safety got to do with My Little Pony? appeared first on e-Safety for Schools.

Have a search on various social networking sites and see how students are finding e-safety lessons incredibly boring; using the same old videos and resources over and over again (don’t do this, you can’t do that) is creating a culture of apathy which is potentially increasing risk.

Ted Talks is a fantastic resource with some truly inspiring videos of speakers and all manner of subjects.  If you are a teacher you could think about using videos as part of a lesson to raise a discussion point; you could use videos as part of a collaborative project; the opportunities are endless.  You could even set homework by embedding questions within the video.

Here’s a couple of examples for you:

In this video (about 10 minutes) Evan Williams talks about how the original concept of Twitter has changed from a broadcast service to a collaborative tool.

By stopping at various points in this short talk, you could:

• Invite comments about the appropriate sharing of information.
• Give examples of inappropriate information sharing.
• Discuss the “digital reach” – or how far and wide your tweet actually goes.
• Discuss context – or how 140 characters can be interpreted in one way by one person, or another way by others.

Here’s a video from Adam Ostrow who talks (for about 6 minutes) on “your last update”.  A fascinating short talk about creating an archive of your life prior to death.  Essentially, as we all tweet, blog, Facebook update and all manner of other things, we leave behind us our digital footprint.

Discussion points here could include:

• How would you like to be remembered?
• Would you leave behind your “real” history or would you have to have a huge clearout first?
• Is there a moral dilemma in a digital footprint where context is conveyed (or viewed) differently?

And finally, here’s a really amusing poem (4 minutes) from Rives, “If I Owned the Internet” from 2006

Ted Talks is such a fantastic resource for e-safety discussion points; I’ll share more as I find them.

The post e-Safety – Using videos for collaborative discussion appeared first on e-Safety for Schools.

e-Safety risk assessment is an important part of school governance.
Schools risk assess all the time; sometimes this is a formally documented process, sometimes it is assessment through experience.

If you think about it, you are already risk assessing constantly: when you get into your car to go to work you take into account the weather, the amount of traffic on the roads, children waiting to cross the road and much more.  This is assessment through experience.

You know what to do in situations such as these.  But, when something happens that is unfamiliar you have to re-assess and make a decision, you have to weigh up all the factors and the unknowns.

You see blue lights coming up behind you; an emergency vehicle that needs to make progress.  But you have traffic coming towards you.  If you pull over can the emergency vehicle get past you?  Is it better to speed up where you know there is a better passing point? By pulling over does the emergency vehicle have to slow down to get past you and negotiate the oncoming traffic?

That is a decision that only you can make, but you do it all the time.

Risk assessing something totally new is quite a different ball game.  It’s a matter of understanding all the unknowns and then coming up with a plan to mitigate against the risks.  If you can’t mitigate the risks, are they so low that you can accept the risk?

There are many ways to risk assess and it very much depends on what you are assessing against: is it health and safety; a school trip; the parking situation outside at end of school?

But here we’re talking about e-safety; mitigating safeguarding risks to the children and the liability of the school.  What do I mean by the liability?  The liability is not doing something, or doing something incorrectly, perhaps through ignorance, so that the school is then held liable.

There are four principles that you need to consider:

1. The foreseeability of something happening.
2. Risk assessing.
3. Mitigating the risk
4. Making a decision.

For the purpose of being concise, I’m going to take you through this from a pragmatic sense rather than a formal one.

THE FORESEEABILITY OF SOMETHING HAPPENING

With e-safety, foreseeability can sometimes seem like scaremongering, but it isn’t.  You are considering what “could” happen, not what “will” happen.  Let’s use a simple example:

A common occurrence, you are getting or have got iPads to use in your school.  So, you have done your due diligence:  in your strategic school plan you are going to drive various initiatives this school year to improve outcomes; a number of staff have expressed a wish to use ICT as the tool to be the initiative enabler.  After a process of testing and value for money exercise you have decided iPads are the way ahead.  In other words, you have decided what you want to use technology for, before picking the technology that fits the bill.

An important part of that process is the safeguarding and liability risk assessment.  So having decided on iPads, before you even ask for quotes you need the assurance that any risks are sufficiently low or can be mitigated.  Let’s think of some risks; don’t forget we’re considering what “could” happen, not what “will”, this is the foreseeability.

1. An attractive item – risk of theft.
2. You would like to use the devices for videos/images.  Does your wireless network infrastructure have the capacity to handle that amount of data; do you have the broadband capacity?

Students may use the devices to

1. Access illegal or inappropriate material in school.
2. There is no “login” on these devices, cannot filter age-appropriate material using the school/LA Internet filtering.
3. Staff and students will be allowed to use the devices at home; there is a risk of illegal or inappropriate use.  No Internet filter at home.
4. Inappropriate or illegal material could be stored on the devices and then uploaded to school network.
5. You are going to use the devices to allow social networking: blogging; Twitter.  There are inherent e-safety risks, what are they?
6. Chances are you have technical support in your school, whether the LA or an outsourced provider.  Will they support these devices for you on your network? Will they charge extra?

There are many more, but we’re keeping things simple.

As you can see you there are lots of things to think about.  The start of the process is very much about blue-sky thinking; get all the staff together and get input from everyone.  Use the experience of the people you are buying the devices from; have they come across these risks? If so what was their advice to other schools?

Talk to other schools to see if they have identified more risks than you.  Working collaboratively makes far more sense than trying to do it all by yourself.

RISK ASSESSING

So, you now have all your risks in a nice list and you need to decide whether it is a low, medium or high risk.

By far the easiest way to do this is by scoring using “likelihood” and “impact”.  The other reason for doing it this way is that you have a documented process which can be reviewed and is also evidential, e.g. to Ofsted.

Essentially, likelihood is the process to determine how likely something is to happen.  Impact is the impact if it actually happens.  Both have a score between 1 and 3.  1 is low, 3 is high.  Scores are rated as follows:

1-3 is low risk.
4-6 is medium risk.
7-9 is high risk.

So, let’s use one of the examples from above:  Staff and students will be allowed to use the devices at home; there is a risk of illegal or inappropriate use.  No Internet filter at home.

Let’s look at staff first.  The likelihood of this happening?  I would say 1.  The impact would definitely be 3 if it were to happen.  Therefore 1 x 3 is 3, it is low risk.

Now for the children.  Likelihood could be 3 (it’s your choice), impact would definitely be 3.  It is 9 – high risk.  You MUST mitigate this risk otherwise you cannot deploy the devices.

MITIGATING THE RISK

So, having identified the risks and likelihood, you now need to mitigate.

For the staff, you have already decided the risk is low, but you must also consider the school liability.  Therefore you decide to incorporate use of the devices within the school e-safety policy and acceptable use policy – essentially you are setting the goalposts of use – appropriate and inappropriate.  Staff must sign as read and understood, any breach is a disciplinary matter.

For the students you have a high risk.  You CANNOT deploy these devices until this risk is mitigated.  You decide on a two-pronged approach using education and technology.

Education – you embark on a period of empowering the students (and potentially parents) with e-safety knowledge.  This will include all the social networking e-safety risks you have identified.

Technology – you are going to use some behaviour management software (or app).  This software will capture illegal or inappropriate behaviour that can then be used evidentially for disciplinary or police intervention.  Again, this is all stated within your e-safety policy and the student acceptable use policy, which is then signed by the students and/or parents (depending on age).

MAKING A DECISION

You have now mitigated the risk to both staff and students, and you have reduced the liability to the school. Although the risk is low there is still a risk.  No risk assessment will ever give you 100% assurance that nothing will happen.

You now need to decide whether you are comfortable with going ahead and purchasing the devices.

NOTE: where I have stated “you” in this post, the ultimate decision and responsibility lies with the governing body, therefore it is vital that governors are fully aware of what technology is being used in the school, what it is being used for, what the associated risks are etc.

SUMMARY

It may seem like a lot of work, even with this small example, but you have to do it.  Once it is done that isn’t the end.  There are two instances when you must review: in response to an incident to ensure that your assessment is still valid (reflection); and annually as part of policy review.

I would love to know your thoughts, and don’t forget to subscribe to the (free) school e-safety newsletter to receive similar updates HERE

The post e-Safety – Assessing the Risk appeared first on e-Safety for Schools.

Once again I read the news only to see another child that has committed suicide due to being bullied via a social network; this time because her hair wasn’t right and didn’t wear the right fashion clothes – she was 12 years old!

When I am invited into schools to talk to children, staff and parents I always make the point that technology is not the problem.  It is very easy to blame social networks; continually in the media you will read, “Facebook this,” and, “Twitter that”, (don’t get me started on Ask.FM).  Behaviour is the issue, not the technology – but there is a fine line.

Behaviour issues aside (that will be another post), social networks have got to be made to stand up and take responsibility.  Although technology is not the issue, the technology is the medium of communication, and if you provide a medium for such despicable behaviour to take place then you share a responsibility, a liability – there is no argument.

I’m sure yet again we’ll hear the corporate spin:

“There are too many users, we can’t watch them all” – it’s called scaling, it isn’t rocket science.  When you started off small the safety of users should have been one of your prime considerations.  As your user base goes upwards, you scale your resources upwards.  You are making a financial fortune from your users, put some of it back in.

“It’s not our responsibility” – arrogance to the extreme.  It is your responsibility; you are facilitating the communication.

I could go on and on, but this would simply turn into a rant.  The bottom line is this: the apathy of some social networks is diabolical.  There is nothing more important than the safety and wellbeing of a child; the fact that you have put up a safety advice page does not absolve you from your responsibility.

There are some great charities and organizations doing some fantastic work, particularly educating children and young people, but this is an issue that needs a multi-pronged attack, where behaviour can be tackled with education, technology and moderation.

I am seriously considering an e-safety campaign to get these social networks to sit up and listen, and to force this apathy out into the open, but quite honestly I’m not sure what good it would do when going up against big corporations.

The post Cyberbullying – another child lost appeared first on e-Safety for Schools.

What is personal data?  If you want to read the ICO’s horrendously complicated definition you can see it HERE, but essentially it means any information, or record that could identify a living individual.

Nine times out of ten when I visit a school, staff believe their data is encrypted because they use a password to log onto their PC’s and laptops. This is completely understandable; surely if you need a password to log in to your device the data is protected?

Unfortunately this isn’t the case, passwords are no more secure than a lock on a door that can be kicked down.  When that door is kicked down, your data is wide open for all to see.

When I drive my car, I’m not really interested in knowing how a 4-stroke combustion engine works; in the same way this explanation is basic and non-technical.  You just need to know the difference and why it is important.

Passwords

Your password works in conjunction with your username, i.e. the name you use to log on to your PC.  Your username is what gives you your profile.  Your profile is what personalizes your PC experience.  For example it defines your level of internet filtering; it allows access to your emails without having to log in again; it defines (or maps) your drives where you save your personal and work documents; it may give you access onto your VLE without signing in again (called single sign-on, SSO); and much more.

The password gives you a very limited level of security so that the odd passer-by can’t just sign into your account and view your data.  To put it really simply using an analogy, imagine your classroom; your classroom has a door, your data is everything in the classroom.  You (your username) are able to open that door and view everything in that classroom (the data).  The password in this context is a lock and key; you put your key in the door (your password) and unlock it.  So this means that anybody with that key can open the door and view everything in the classroom.

Passwords are relatively easy to crack, usually with a technique called a brute force attack.  This is essentially another computer (piece of software) that tries out variations of passwords at a rate of millions per second.  So once your password is cracked, your data is wide open. To check a password you can see HERE for a bit of fun (WARNING: Do NOT put in your real passwords). I say a bit of fun because there is no way of checking if these types of sites are legitimate; for example I tested the password “testing123456789″ and the site told me it would take 10 years to crack – hmmm I don’t think so!

Now, I don’t want to scaremonger!  Cracking a single PC password is easy (if it’s a poor password), so you may be wondering about all the passwords you use on the Internet for your shopping and the like.  Well, this is a very different kettle of fish and would be completely over the top for this post – maybe a future post.

Encryption

Encryption is something entirely different.  At its most basic level encryption is cryptography; this means that an algorithm is used with your password (known as a key) that renders your data complete unreadable gibberish without the correct key (or algorithm).  This means that if you lose your laptop or somebody tries to hack you, they simply can’t get at your data.

There are different types of encryption, for example file/folder encryption, full drive encryption and others.  My advice is that if your device has personal, sensitive or confidential data you need full disc encryption.

Encrypting your devices is not difficult, and neither does it need to be expensive; there are commercial as well as free offerings.  You should talk to your IT support to decide what best fits your needs.  Even better if you are a Windows 7 user, you already have encryption available to you supplied as part of the operating system.

So my advice is as follows:

If you’re not sure you need to encrypt your device, find out.
If you have data on your device that needs to be encrypted, and you’re not sure if it is or not, find out.
Ignorance will never be accepted as an excuse by the Information Commissioner’s Office.
You don’t need to know the technicalities, you just need to know: whether you do/don’t need encryption; if you do, that it is on your devices and working; if you do and it isn’t on your devices ask your IT support why not.

e-Safety isn’t just about the normal safeguards; we talk to children and young people of the appropriate and inappropriate ways of sharing personal data – we have a legal and moral duty to protect their personal data also.

The post e-Safety and your Data – Password or Encryption? appeared first on e-Safety for Schools.

BYOD in a school context often refers to the perspective of the student, however we must also remember that many schools allow staff to use their own technology.  One of the weakest elements of any BYOD strategy I see is that of the policy which is vital to the correct governance of any initiative.

The Information Commissioner’s Office (ICO) have recently released a BYOD guide; whilst not specifically aimed at schools it does give a good insight into their expectations if BYOD is something you are already doing, or are thinking of doing.  Simplistically speaking if you do allow staff or students to use their own devices you need to ascertain whether there is any processing of personal information, or personal information held on the devices.  For example are there any files with student data (e.g. name, date of birth etc).  If so, at a minimum those devices should be encrypted.

The ICO guide can be found HERE - it is only 13 pages in size, but it is a good, concise and factual document which should form another element of your e-safety toolkit.

The post BYOD and Data Protection in School appeared first on e-Safety for Schools.

According to news reports today a school is banning triangular flapjacks after one was thrown in the face of a student causing injury; instead the only flapjacks allowed are square ones.  But with media reporting you sometimes get only one side of the story, so I’m not going to disrespect the school by naming it in this blog but it does provide a useful analogy for me to use.

Was the flapjack at fault?  Or was it the person that threw the flapjack?

To some reading this blog it may seem like I’m going over old rope but it serves as a useful reminder; when I’m out and about I still regularly hear the same old sentence, “e-Safety? Our technician deals with that stuff”, or, “e-Safety? I don’t use the computers”.

e-Safety has as much to do with a PC (or device/app) as a car has to do with a burglar – it is just the mode of transport.  The relevance is how that car is used, or how (and why) that flapjack is thrown.  In other words it is often about the behaviour of the person putting themselves at risk due to inappropriate behaviour.  That behaviour could be because of ignorance or apathy, but often there are consequences.

In a school context there are three primary elements to e-safety which I refer to as the governance:
Policy/liability
Technology (in this context I’m talking about how the technology is used, not what it is)
Safe use.

I’ll blog about these in a future post, but let’s also remember that e-safety isn’t always about the children and young people; there are consequences for adults too as this Headteacher allegedly found out.

A short, quick blog post, but hopefully serves as a good e-safety reminder.

The post e-Safety and Flapjacks appeared first on e-Safety for Schools.

If you think about it, you are already risk assessing constantly: when you get into your car to go to work you take into account the weather, the amount of traffic on the roads, children waiting to cross the road and much more.  This is assessment through experience.

You know what to do in situations such as these.  But, when something happens that is unfamiliar you have to re-assess and make a decision, you have to weigh up all the factors and the unknowns.

You see blue lights coming up behind you; an emergency vehicle that needs to make progress.  But you have traffic coming towards you.  If you pull over can the emergency vehicle get past you?  Is it better to speed up where you know there is a better passing point? By pulling over does the emergency vehicle have to slow down to get past you and negotiate the oncoming traffic?

That is a decision that only you can make, but you do it all the time.

Risk assessing something totally new is quite a different ball game.  It’s a matter of guessing all the unknowns and then coming up with a plan to mitigate against the risks.  If you can’t mitigate the risks, are they so low that you can accept the risk?

There are many ways to risk assess and it very much depends on what you are assessing against: is it health and safety; a school trip; the parking situation outside at end of school?

But here we’re talking about e-safety; mitigating safeguarding risks to the children and the liability of the school.  What do I mean by the liability?  The liability is not doing something, or doing something incorrectly, perhaps through ignorance, so that the school is then held liable.

There are four fundamental principles that you need to consider:

1. The foreseeability of something happening.
2. Risk assessing.
3. Mitigating the risk
4. Making a decision.

For the purpose of being concise, I’m going to take you through this from a pragmatic sense rather than a formal one.

THE FORESEEABILITY OF SOMETHING HAPPENING

With e-safety, foreseeability can sometimes seem like scaremongering, but it isn’t.  You are considering what “could” happen, not what “will” happen.  Let’s use a simple example:

A common occurrence, you are getting or have got iPads to use in your school.  So, you have done your due diligence:  in your strategic school plan you are going to drive various initiatives this school year to improve outcomes; a number of staff have expressed a wish to use ICT as the tool to be the initiative enabler.  After a process of testing and value for money exercise you have decided iPads are the way ahead.  In other words, you have decided what you want to use technology for, before picking the technology that fits the bill.

An important part of that process is the safeguarding and liability risk assessment.  So having decided on iPads, before you even ask for quotes you need the assurance that any risks are sufficiently low or can be mitigated.  Let’s think of some risks; don’t forget we’re considering what “could” happen, not what “will”, this is the foreseeability.

1. An attractive item – risk of theft.
2. You would like to use the devices for videos/images.  Does your wireless network infrastructure have the capacity to handle that amount of data; do you have the broadband capacity?

Students may use the devices to

1. access illegal or inappropriate material in school.
2. There is no “login” on these devices, cannot filter age-appropriate material using the school/LA Internet filtering.
3. Staff and students will be allowed to use the devices at home; there is a risk of illegal or inappropriate use.  No Internet filter at home.
4. Inappropriate or illegal material could be stored on the devices and then uploaded to school network.
5. You are going to use the devices to allow social networking: blogging; Twitter.  There are inherent e-safety risks, what are they?
6. Chances are you have technical support in your school, whether the LA or an outsourced provider.  Will they support these devices for you on your network? Will they charge extra?

There are many more, but we’re keeping things simple.

As you can see you there are lots of things to think about.  The start of the process is very much about blue-sky thinking; get all the staff together and get input from everyone.  Use the experience of the people you are buying the devices from; have they come across these risks? If so what was their advice to other schools?

Talk to other schools to see if they have identified more risks than you.  Working collaboratively makes far more sense than trying to do it all by yourself.

RISK ASSESSING

So, you now have all your risks in a nice list and you need to decide whether it is a low, medium or high risk.

By far the easiest way to do this is by scoring using “likelihood” and “impact”.  The other reason for doing it this way is that you have a documented process which can be reviewed and is also evidential, e.g. to Ofsted.

Essentially, likelihood is the process to determine how likely something is to happen.  Impact is the impact if it actually happens.  Both have a score between 1 and 3.  1 is low, 3 is high.  Scores are rated as follows:

1-3 is low risk.
4-6 is medium risk.
7-9 is high risk.

So, let’s use one of the examples from above:  Staff and students will be allowed to use the devices at home; there is a risk of illegal or inappropriate use.  No Internet filter at home.

Let’s look at staff first.  The likelihood of this happening?  I would say 1.  The impact would definitely be 3 if it were to happen.  Therefore 1 x 3 is 3, it is low risk.

Now for the children.  Likelihood could be 3 (it’s your choice), impact would definitely be 3.  It is 9 – high risk.  You MUST mitigate this risk otherwise you cannot deploy the devices.

MITIGATING THE RISK

So, having identified the risks and likelihood, you now need to mitigate.

For the staff, you have already decided the risk is low, but you must also consider the school liability.  Therefore you decide to incorporate use of the devices within the school e-safety policy and acceptable use policy – essentially you are setting the goalposts of use – appropriate and inappropriate.  Staff must sign as read and understood, any breach is a disciplinary matter.

For the students you have a high risk.  You CANNOT deploy these devices until this risk is mitigated.  You decide on a two-pronged approach using education and technology.

Education – you embark on a period of empowering the students (and potentially parents) with e-safety knowledge.  This will include all the social networking e-safety risks you have identified.

Technology – you are going to use some behaviour management software (or app).  This software will capture illegal or inappropriate behaviour that can then be used evidentially for disciplinary or police intervention.  Again, this is all stated within your e-safety policy and the student acceptable use policy, which is then signed by the students and/or parents (depending on age).

MAKING A DECISION

You have now mitigated the risk to both staff and students, and you have reduced the liability to the school. Although the risk is low there is still a risk.  No risk assessment will ever give you 100% assurance that nothing will happen.

You now need to decide whether you are comfortable with going ahead and purchasing the devices.

NOTE: where I have stated “you” in this post, the ultimate decision and responsibility lies with the governing body, therefore it is vital that governors are fully aware of what technology is being used in the school, what it is being used for, what the associated risks are etc.

SUMMARY

It may seem like a lot of work, even with this small example, but you have to do it.  Once it is done that isn’t the end.  There are two instances when you must review: in response to an incident to ensure that your assessment is still valid (reflection); and annually as part of policy review.

I would love to know your thoughts, and don’t forget to subscribe to the school e-safety newsletter HERE

The post e-Safety and Risk Assessment (Updated 12 Apr 13) appeared first on e-Safety for Schools.

Parental engagement is an important part of whole-school and community e-safety. A fundamental part of this are the parents themselves.But if you don’t know what the parents do/don’t know, and you don’t know how children are using digital devices and the Internet at home you won’t know what you need to know. This is also a great way to prove to Ofsted that you are engaging with parents, as long as you can show tangible outcomes from the survey.

Below this text is a download link (Word document) for a sample parents e-safety survey that can be sent out either via traditional letter, via email, or host it on your website for parents to download and complete. Also included is a sample covering letter. Please note it is a sample only, you can add or delete questions as befits your own school environment, these questions are just a starter for ten.

If you want parents to complete the survey electronically you will need to “Protect” the document in MS Word so that only the Form elements can be altered.

Alternatively, if you are feeling really adventurous, you could copy the questions and Form elements into a Google doc, and cross-reference the Form elements to a Google spreadhseet so that it is updated automatically.

I have included my logos on the covering letter, but I’m not precious about them; feel free to replace with your own school logo. But, I would ask two small favours. Firstly I would be grateful if you could share your survey results with me (the completed results). This is purely for professional interest and so that I can get more ideas for my newsletters. Secondly, please point parents to the free parents e-safety newsletter on this website (www.esafety-adviser.com/newsletter). If they subscribe it again shows to Ofsted parental engagement.

If I get enough results, I may look at blogging them or writing up a report to share with you along with some opinions/recommendations.

NOTE: I do not recommend asking questions such as, “Has your child ever told you he/she has been bullied on the Internet?” You are asking for disclosure information, and this type of survey is not the place to be doing that.

Do let me know if you have any comments:
Alan Mackenzie
alan@esafety-adviser.com

Download: Parents e-Safety Survey (MS Word Doc, about 140Kb)

The post Parents e-Safety Survey Template appeared first on e-Safety for Schools.

• To ensure there is a clear and consistent approach responding to incidents.
• To ensure that every person responsible for the children is fully aware of his/her responsibilities.
• To set boundaries of use (goalposts) of any school owned IT equipment, or personal IT equipment used in the school.

The following is a short “10 top tips” for creating your e-safety policy in school.  There are many more, but these are some of the common ones that schools miss:

1. Clear – there should be no room for error.  Your e-safety policy is a safeguarding policy, not an IT policy.
2. Concise – do you need a 3 page introduction telling staff how important IT is across the curriculum?
3. Plain english – your e-safety policy will be read by a wide audience; having worked at a local authority for many years it still baffles me why people write policies requiring a doctorate in english to understand.
4. How many policies? – an internet policy, acceptable use policy, social media policy, iPad policy, blogging policy, what socks shall I wear on Thursdays policy.  Okay, I’m being a bit pedantic, but you get my drift.  There’s no need for all these policies.  Despite the work to develop and review all of these, you run the risk of missing something, creating confusion, or even worse contradictory statements.  Your e-safety policy includes (or should include) all of the above.
5. Device agnostic – where possible keep technology out of it.  Only mention specific devices if you really need to.  You’ve got iPads in your school, that’s okay, the e-safety risks and issues are no different to PC’s and laptops so why specifically mention iPads or have a different iPad policy?
6. Going back to point 5, there is nothing wrong with having a list of devices at the back that are used in school.  This is so that all staff are left in no doubt, but if you are going to include one, include them all:  PC’s; laptops, mobile devices, phones, cameras etc.
7. Include your Staff Acceptable Use and Student Acceptable Use policies inside your e-Safety Policy.  These don’t have to be separate policies, they are part of the same thing.  Essentially your Acceptable Use Policy is a “pull-out” reference sheet.  Think of your Acceptable Use Policy as the Highway Code, where your e-safety policy is the Road Traffic Act.
8. Boundaries of use – your e-safety policy must set all the boundaries for both school-owned IT equipment used on or off-site and personally owned IT equipment used on school premises. (Note: on school premises, in this context, includes school trips etc.)
9. One of the fundamental reasons for an e-safety policy is to ensure that any risk of liability to the school is low, by ensuring the school sets boundaries and the staff and children adhere to those boundaries.  One such example is use of social media (e.g. Facebook and Twitter) by staff in a personal context.  Your Head and/or Governing Body may stipulate that staff are never to mention the school name, staff names etc when using social media.
10. Things to include – a small list of important bits of the e-Safety Policy that should be included, but are regularly missed:

• Risk assessment template – any introduction of any new technology (whether device or service) must be risk assessed against the foreseeability of any risk.
• Flowcharts – what to do in a given incident.
• Training – who (as in staff, governing body, parents, key stage etc.) has been trained, when, what did it include, when is the next update planned?
• How to report an incident – whether you need to make an internal report or external report.  Make clear under what circumstances you need to make a report, who to (by name if internal, agency if external) and include details of how (i.e. contact details, web address).

There are lots more, but the ones above are the ones that are commonly missed.  Don’t forget, there is no such thing as an e-safety policy standard.

I am in the middle of creating some guidance to creating your e-safety policy;  if you would like to be contacted when it is ready drop me an email, or better still subscribe to the e-safety newsletter above as all the subscribers will get it as soon as it is ready.

In the meantime if you would like to offer some more tips on your e-safety policy I look forward to seeing them.

Thanks for reading, best wishes.

Alan Mackenzie
alan@esafety-adviser.com

The post Writing your esafety policy – ten top tips appeared first on e-Safety for Schools.