Guide for education settings and filtering providers about establishing 'appropriate levels of monitoring'
Schools (and registered childcare providers) in England and Wales are required “to ensure children are safe from terrorist and extremist material when accessing the internet in school, including by establishing appropriate levels of filtering”. Furthermore, it expects that they “assess the risk of [their] children being drawn into terrorism, including support for extremist ideas that are part of terrorist ideology”. There are a number of self review systems (e.g 360 degree safe) that will support a school in assessing their wider online safety policy and practice.
The Department for Education’s statutory guidance ‘Keeping Children Safe in Education’ obliges schools and colleges in England to “ensure appropriate filters and appropriate monitoring systems are in place” and they “should be doing all that they reasonably can to limit children’s exposure to the above risks from the school’s or college’s IT system” however, schools will need to “be careful that “over blocking” does not lead to unreasonable restrictions as to what children can be taught with regards to online teaching and safeguarding.”
Supplementary to the risk assessment above, UK Safer Internet Centre recommends that Schools and Colleges further assess their broader online safety provision that includes filtering (and monitoring) provision. The risk assessment should consider the risks that both children and staff may encounter online, together with associated mitigating actions and activities. A risk assessment module has recently been integrated in 360 degree safe. Here schools can consider, identify and record the risks posed by technology and the internet to their school, children, staff and parents.
The aim of this document is to help schools (and providers) comprehend, in conjunction with their completed risk assessment, what should be considered as ‘appropriate’ monitoring.
There are a range of monitoring strategies and systems however the appropriate monitoring strategy selected should be informed by your risk assessment and circumstances. It is also vitally important to also review and refine the relevant policies as part of assessing (or implementing) a monitoring strategy or system. The following are examples.
Physical monitoring can contribute where circumstances and the assessment suggests low risk, with staff directly supervising children on a one to one ratio whilst using technology. This could be: physical supervision of children whilst using the Internet; assigning additional classroom support staff to monitor screen activity; or actively monitoring all screen activity during a lesson from a central console using appropriate technology. The following are possible limitations or points to consider
- It is difficult to physically monitor any independent use of technology
- Can be resource intensive
- Less effective across a larger group or a group using mobile devices
- Students often adapt screen behaviour to avoid monitoring
- Advantage of immediate intervention when an issue arises which can be developed as a teaching opportunity
2)Internet and web access
Some Internet Service Providers or filtering providers provide logfile information that details and attributes websites access and search term usage against individuals. Through regular monitoring, this information could enable schools to identify and intervene with issues concerning access or searches. The following are possible limitations or points to consider
- Assign appropriate responsibility for analysing the logfile information. These reports can often be difficult to understand and may require specialism to analyse.
- The frequency that block or monitoring lists are updated by your provider
- The logfile information should be able to identify an individual user (or group as appropriate) for effective intervention
- Logs need to be regularly reviewed, interpreted and alerts prioritised for intervention
- Information held by the school that indicates potential harm, must be acted upon
- Be aware of any limitations of the logfile information. Schools should ensure clear and appropriate data retention policies and logfiles (Internet history) should include the identification of individuals and the duration to which all data is retained.
3)Active/Pro-active technology monitoring services
Where the risk is assessed as higher, Active or Pro-active monitoring technologies may be suitable. These specialist services provide technology based monitoring systems that actively monitor use through keywords and other indicators across devices. These can prove particularly effective in drawing attention to concerning behaviours, communications or access. These systems can take the form of:
Active monitoring where a system generates alerts for the school to act upon. Active Monitoring is most effective where
- There is sufficient internal capability and capacity to interrogate and interpret the volumes of information and alerts generated by the system
- Appropriate Safeguarding expertise is assigned to review, prioritize and take action on alerts that signal potential harm.
Pro-active monitoring where alerts are managed or supported by a specialist third-party provider and may offer support with intervention. Proactive monitoring is most effective where
- School safeguarding staff are actively and immediately alerted to genuine risk of threats to health or life
- The provided SLA meets the school requirements
- Specialist organisations provide additional capability and capacity to support school safeguarding staff
- High number of devices are operating remotely (remote learning or snow days)
Recognising that no monitoring can guarantee to be 100% effective, schools should be satisfied that their monitoring strategy or system (including keywords if using technical monitoring services) at least covers the following content
- Illegal - Is illegal (eg. Child abuse images and terrorist content)
- Bullying - Involve the repeated use of force, threat or coercion to abuse, intimidate or aggressively dominate others
- Child Sexual Exploitation - Is encouraging the child into a coercive/manipulative sexual relationship. This may include encouragement to meet.
- Discrimination - Promotes the unjust or prejudicial treatment of people with protected characteristics listed in the Equality Act 2010.
- Drugs / Substance abuse - displays or promotes the illegal use of drugs or substances
- Extremism - promotes terrorism and terrorist ideologies, violence or intolerance
- Pornography - displays sexual acts or explicit images
- Self Harm - promotes or displays deliberate self harm
- Violence - Displays or promotes the use of physical force intended to hurt or kill
- Suicide - Suggest the user is considering suicide
Monitoring Strategy/System Features
Schools should consider how their system integrates within their policies and should satisfy themselves the extent that their monitoring strategy meets the following principles
- Age appropriate – includes the ability to implement variable monitoring appropriate to age. This will in turn define which alerts are prioritised and responded to. Further situations may warrant additional capability, for examples boarding schools or community based access
- BYOD (Bring Your Own Device) – if the system includes the capability to monitor personal mobile and app technologies (ie not owned by the school), ensure it is deployed in accordance with policy and how data is managed. Does it monitor beyond the school hours and location
- Data retention – should be clear what data is stored, where it is stored (physically – ie cloud/school infrastructure) and for how long. This should also include any data backup provision
- Devices – if software is required to be installed on devices, the monitoring system should be clear about the devices (and operating systems) it covers
- Flexibility - changes in keywords (addition or subtraction) can be easily according to an agreed policy.
- Group / Multi-site Management – the ability for deployment of central policy and central oversight or dashboard
- Impact - How do monitoring results inform your policy and practice?
- Monitoring Policy – How are all users made aware that their online access is being monitored? How are expectations of appropriate use communicated and agreed? Does the technology provider, offer any advice or guidance?
- Multiple language support – the ability for the system to manage relevant languages to your school
- Prioritisation – How alerts generated via monitoring are prioritised to enable a rapid response to immediate issues. What operational procedures are in place to facilitate that process?
- Remote monitoring – with many children and staff working remotely, the ability, extent and management for the monitoring of devices (school and/or personal). Included here is the hours of operation together with the explicit awareness of users.
- Reporting – how alerts are recorded, communicated and escalated?
- Harmful Image detection – The inclusion or extent to which visual content is discovered, monitored and analysed e.g. Image Hash.
Monitoring systems require capable and competent staff with sufficient capacity to effectively manage them, together with the support and knowledge of the entire staff. Monitoring systems are there to safeguard children and the responsibility therefore should lie with the school leadership/governors and Designated Safeguarding Lead. Schools and Colleges should ensure that their staff and in particular those responsible for and managing their monitoring strategy have sufficient capacity and capability. The UK Safer Internet Centre Helpline may be a source of support for schools looking for further advice in this regard.
Filtering and monitoring systems are only ever tools in helping to safeguard children when online and schools have an obligation to “consider how children may be taught about safeguarding, including online, through teaching and learning opportunities, as part of providing a broad and balanced curriculum”. To assist schools and colleges in shaping an effective curriculum, UK Safer Internet Centre published ProjectEVOLVE
This detail has been developed by the UK Safer Internet Centre, and in partnership and consultation with the 120 national ‘360 degree safe Online Safety Mark’ assessors and the NEN Safeguarding group (www.nen.gov.uk).