Acceptable Internet Use Policy 2023 / 2024

This policy is presented in HTML to support accessibility needs and to work across multiple platforms. A full PDF copy is also available below.
Date Approved - September 2023
Approved By - Full Governing Body
Review Frequency - Annually
Date of Next Review - September 2024
Full PDF Policy

History of Recent Policy Changes

Version

Date

Page

Change

Origin of Change

Contents

Introduction

Information and communications technology (ICT) is an integral part of the way our school works, and is a critical resource for pupils, staff (including senior leadership teams), Governors, volunteers and visitors. It supports teaching and learning, pastoral and administrative functions of the school.

However, the ICT resources and facilities our school uses also pose risks to data protection, online safety and safeguarding.

This policy aims to:

  • Set guidelines and rules on the use of school ICT resources for staff, pupils, parents and governors
  • Establish clear expectations for the way all members of the school community engage with each other online
  • Support the school’s policy on data protection, online safety and safeguarding
  • Prevent disruption to the school through the misuse, or attempted misuse, of ICT systems
  • Support the school in teaching pupils safe and effective internet and ICT use

This policy covers all users of our school’s ICT facilities, including governors, staff, pupils, volunteers, contractors and visitors.

Breaches of this policy may be dealt with under our staff code of conduct

The school reserves the right to examine or delete any files that may be held on its computer system or to monitor any Internet sites visited. Staff and student teachers should sign a copy of this Acceptable Internet Use statement and return it to the Headteacher.

Relevant legislation and guidance

This policy refers to, and complies with, the following legislation and guidance:

Data Protection Act 2018

The General Data Protection Regulation Computer Misuse Act 1990

Human Rights Act 1998

The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 Education Act 2011

Freedom of Information Act 2000

The Education and Inspections Act 2006

Keeping Children Safe in Education 2021 including paragraph 127 and Annex D

Searching, screening and confiscation: advice for schools

National Cyber Security Centre (NCSC)

Education and Training (Welfare of Children Act) 2021

Definitions

“ICT facilities”: includes all facilities, systems and services including but not limited to network infrastructure, desktop computers, laptops, tablets, phones, music players or hardware, software, websites, web applications or services, and any device system or service which may become available in the future which is provided as part of the ICT service

“Users”: anyone authorised by the school to use the ICT facilities, including governors, staff, pupils, volunteers, contractors and visitors

“Personal use”: any use or activity not directly related to the users’ employment, study or purpose

“Authorised personnel”: employees authorised by the school to perform systems administration and/or monitoring of the ICT facilities

“Materials”: files and data created using the ICT facilities including but not limited to documents, photos, audio, video, printed output, web pages, social networking sites and blogs

See appendix 6 for a glossary of cyber security terminology.

Statement of acceptability

Unacceptable use of the school’s ICT facilities includes:

  • Using the school’s ICT facilities to breach intellectual property rights or copyright
  • Using the school’s ICT facilities to bully or harass someone else, or to promote unlawful discrimination
  • Breaching the school’s policies or procedures
  • Any illegal conduct, or statements which are deemed to be advocating illegal activity
  • Online gambling, inappropriate advertising, phishing and/or financial scams
  • Accessing, creating, storing, linking to or sending material that is pornographic, offensive, obscene or otherwise inappropriate or harmful
  • Consensual and non-consensual sharing of nude and semi-nude images and/or videos and/or livestreams (also known as sexting or youth-produced sexual imagery)
  • Activity which defames or disparages the school, or risks bringing the school into disrepute
  • Sharing confidential information about the school, its pupils, or other members of the school community
  • Connecting any device to the school’s ICT network without approval from authorised personnel
  • Setting up any software, applications or web services on the school’s network without approval by authorised personnel, or creating or using any program, tool or item of software designed to interfere with the functioning of the ICT facilities, accounts or data
  • Gaining, or attempting to gain, access to restricted areas of the network, or to any password-protected information, without approval from authorised personnel
  • Allowing, encouraging or enabling others to gain (or attempt to gain) unauthorised access to the school’s ICT facilities
  • Causing intentional damage to ICT facilities
  • Removing, deleting or disposing of ICT equipment, systems, programs or information without permission by authorised personnel
  • Causing a data breach by accessing, modifying, or sharing data (including personal data) to which a user is not supposed to have access, or without authorisation
  • Using inappropriate or offensive language
  • Promoting a private business, unless that business is directly related to the school
  • Using websites or mechanisms to bypass the school’s filtering mechanisms
  • Engaging in content or conduct that is radicalised, extremist, racist, anti-Semitic or discriminatory in any other way

This is not an exhaustive list. The school reserves the right to amend this list at any time. The Headteacher will use professional judgement to determine whether any act or behaviour not on the list above is considered unacceptable use of the school’s ICT facilities

Staff (including governors, volunteers, and contractors)

Access to school ICT facilities and materials

The school’s Headteacher and Deputy Headteacher manages access to the school’s ICT facilities and materials for School staff. That includes, but is not limited to:

Computers, tablets, mobile phones and other devices Access permissions for certain programmes or files

Staff will be provided with unique log-in/account information and passwords that they must use when accessing the school’s ICT facilities.

Staff who have access to files they are not authorised to view or edit, or who need their access permissions updated or changed, should contact the Headteacher

Use of phones and email

The school provides each member of staff with an email address. This email account should be used for work purposes only.

All work-related business should be conducted using the email address the school has provided.

Staff must not share their personal email addresses with parents and pupils and must not send any work-related materials using their personal email account.

Staff must take care with the content of all email messages, as incorrect or improper statements can give rise to claims for discrimination, harassment, defamation, breach of confidentiality or breach of contract.

Email messages are required to be disclosed in legal proceedings or in response to requests from individuals under the Data Protection Act 2018 in the same way as paper documents. Deletion from a user’s inbox does not mean that an email cannot be recovered for the purposes of disclosure. All email messages should be treated as potentially retrievable.

Staff must take extra care when sending sensitive or confidential information by email. Any attachments containing sensitive or confidential information should be encrypted so that the information is only accessible by the intended recipient.

If staff receive an email in error, the sender should be informed and the email deleted. If the email contains sensitive or confidential information, the user must not make use of that information or disclose that information.

If staff send an email in error that contains the personal information of another person, they must inform the Headteacher immediately and follow our data breach procedure.

Staff must not give their personal phone numbers to parents or pupils. Staff must use phones provided by the school to conduct all work-related business.

Personal use

Staff are permitted to occasionally use school ICT facilities for personal use subject to certain conditions set out below. Personal use of ICT facilities must not be overused or abused. The Headteacher may withdraw permission for it at any time or restrict access at their discretion.

Personal use is permitted provided that such use:

Does not take place during teaching hours

Does not constitute ‘unacceptable use’, as defined in section 4

Takes place when no pupils are present

Does not interfere with their jobs, or prevent other staff or pupils from using the facilities for work or educational purposes

Staff may not use the school’s ICT facilities to store personal non-work-related information or materials (such as music, videos or photos).

Staff should be aware that use of the school’s ICT facilities for personal use may put personal communications within the scope of the school’s ICT monitoring activities (see section 5.5). Where breaches of this policy are found, disciplinary action may be taken.

Staff are also permitted to use their personal devices (such as mobile phones or tablets) in line with the school’s mobile phone policy

Staff should be aware that personal use of ICT (even when not using school ICT facilities) can impact on their employment by, for instance, putting personal details in the public domain, where pupils and parents could see them.

Staff should take care to follow the school’s guidelines on social media (see appendix 1) and use of email (see

section 5.1.1) to protect themselves online and avoid compromising their professional integrity.

Personal social media accounts

Members of staff should ensure their use of social media, either for work or personal purposes, is appropriate at all times.

The school has guidelines for staff on appropriate security settings for Facebook accounts (see appendix 1)

Monitoring and filtering of school network and use of ICT facilities

To safeguard and promote the welfare of children and provide them with a safe environment to learn. The school reserves the right to filter and monitor the use of its ICT facilities and network. This includes, but is not limited to, the filtering and monitoring of:

Internet sites visited
Bandwidth usage
Email accounts
Telephone calls
User activity/access logs
Any other electronic communications

Only authorised ICT staff may inspect, monitor, intercept, assess, record and disclose the above, to the extent permitted by law.

The school monitors ICT use in order to:

Obtain information related to school business
Investigate compliance with school policies, procedures and standards Ensure effective school and ICT operation
Conduct training or quality control exercises Prevent or detect crime
Comply with a subject access request, Freedom of Information Act request, or any other legal obligation

Our Governing board is responsible for making sure that:

  • The school meets the DfE’s filtering and monitoring standards
  • Appropriate filtering and monitoring systems are in place
  • Staff are aware of those systems and trained in their related roles and responsibilities
    • For the leadership team and relevant staff, this will include how to manage the processes and systems effectively and how to escalate concerns
  • It regularly reviews the effectiveness of the school’s monitoring and filtering systems

The school’s designated safeguarding lead (DSL) will take lead responsibility for understanding the filtering and monitoring systems and processes in place.

Where appropriate, staff may raise concerns about monitored activity with the school’s DSL and ICT manager, as appropriate.

Pupils

Access to ICT facilities

  • Computers/Laptops/IPads and equipment in the school’s charger unit are available to pupils only under the supervision of staff

Search

Under the Education Act 2011, the headteacher, and any member of staff authorised to do so by the headteacher, can search pupils and confiscate their mobile phones, computers or other devices that the authorised staff member has reasonable grounds for suspecting:

  • Poses a risk to staff or pupils, and/or
  • Is identified in the school rules as a banned item for which a search can be carried out and/or
  • Is evidence in relation to an offence

This includes, but is not limited to:

  • Pornography
  • Abusive messages, images or videos
  • Indecent images of children
  • Evidence of suspected criminal behaviour (such as threats of violence or assault)
  • Before a search, carried out by a member of SLT , if this authorised staff member is satisfied that they have reasonable grounds for suspecting any of the above, they will also:
  • Make an assessment of how urgent the search is, and consider the risk to other pupils and staff. If the search is not urgent, they will seek advice from the Headteacher
  • Explain to the pupil why they are being searched, and how and where the search will happen, and give them the opportunity to ask questions about it
  • Seek the pupil’s co-operation however if this is not responded to then the behaviour policy will be used

The authorised staff member should:

  • Inform the DSL (or deputy) of any searching incidents where they had reasonable grounds to suspect a pupil was in possession of a banned item.
  • Involve the DSL (or deputy) without delay if they believe that a search has revealed a safeguarding risk

Authorised staff members (DSL/DDSL) may examine any data or files on a device that they have confiscated where they believe there is a ‘good reason’ to do so.

When deciding whether there is a ‘good reason’ to examine data or files on a device, the staff member

should only do so if they reasonably suspect that the data has been, or could be, used to:

  • Cause harm, and/or
  • Undermine the safe environment of the school or disrupt teaching, and/or
  • Commit an offence

Parents and visitors

  • Parents and visitors to the school will not be permitted to use the school’s Wi-Fi unless specific authorisation is granted by the Headteacher.

The Headteacher will only grant authorisation if:

  • Parents are working with the school in an official capacity (e.g. as a volunteer or as a member of the PTA)
  • Visitors need to access the school’s Wi-Fi in order to fulfil the purpose of their visit (for instance, to access materials stored on personal devices as part of a presentation or lesson plan)

Staff must not give the Wi-Fi password to anyone who is not authorised to have it. Doing so could result in disciplinary action.

  • Parents must be reminded before any event that any photographs taken should only be used for personal or family use and must not be placed on social networking sites
  • Parents must not place any photographs of staff on social networking sites

Website

The Queen Margaret Primary School website is maintained by the Deputy Head and the Headteacher. The website will be checked regularly to ensure that there is no content that compromises the safety of children or staff

  • All staff must check the suitability of any work or photos submitted for the website
  • All staff must ensure that no children are named in photographs unless explicit parental consent has been given

Protection from cyber attacks

The school will:

  • Work with governors and the IT department (Focus networks) to make sure cyber security is given the time and resources it needs to make the school secure
  • Provide annual training for staff (and include this training in any induction for new starters, if they join outside of the school’s annual training window) on the basics of cyber security, including how to:
    • Check the sender address in an email
    • Respond to a request for bank details, personal information or login details
    • Verify requests for payments or changes to information
  • Make sure staff are aware of its procedures for reporting and responding to cyber security incidents
  • Investigate whether our IT software needs updating or replacing to be more secure
  • Not engage in ransom requests from ransomware attacks, as this would not guarantee recovery of data
  • Put controls in place that are:
    • ‘Proportionate’: the school will verify this using a third-party audit annually , to objectively test that what it has in place is up to scratch
    • Multi-layered: everyone will be clear on what to look out for to keep our systems safe
    • Up-to-date: with a system in place to monitor when the school needs to update its software
    • Regularly reviewed and tested: to make sure the systems are as up to scratch and secure as they can be
  • Back up critical data and store these backups on [cloud based backup systems/external hard drives that aren’t connected to the school network and which can be stored off the school premises]
  • Delegate specific responsibility for maintaining the security of our management information system (MIS) to Focus networks and GCC
  • Make sure staff:
    • Dial into our network using a virtual private network (VPN) when working from home
    • Enable multi-factor authentication where they can, on things like school email accounts
    • Store passwords securely using a password manager
  • Make sure ICT staff conduct regular access reviews to make sure each user in the school has the right level of permissions and admin rights
  • Have a firewall in place that is switched on
  • Check that its supply chain is secure, for example by asking suppliers about how secure their business practices are and seeing if they have the Cyber Essentials certification
  • Develop, review and test an incident response plan with the IT department, for example, including how the school will communicate with everyone if communications go down, who will be contacted when, and who will notify Action Fraud of the incident. This will be reviewed and tested annually and after a significant event has occurred, using the NCSC’s ‘Exercise in a Box’
  • Maintained schools and MATs, add: Work with our LA to see what it can offer the school regarding cyber security, such as advice on which service providers to use or assistance with procurement

Encryption

The school ensures that its devices and systems have an appropriate level of encryption.

School staff may only use personal devices (including computers and USB drives) to access school data, work remotely, or take personal data (such as pupil information) out of school if they have been specifically authorised to do so by the Headteacher.

Use of such personal devices will only be authorised if the devices have appropriate levels of security and encryption, as defined by the ICT service provider.

Data security

The school is responsible for making sure it has the appropriate level of security protection and procedures in place. It therefore takes steps to protect the security of its computing resources, data and user accounts. However, the school cannot guarantee security. Staff, pupils, parents and others who use the school’s ICT facilities should use safe computing practices at all times.

Passwords

All users of the school’s ICT facilities should set strong passwords for their accounts and keep these passwords secure.

Users are responsible for the security of their passwords and accounts, and for setting permissions for accounts and files they control.

Members of staff or pupils who disclose account or password information may face disciplinary action. Parents or volunteers who disclose account or password information may have their access rights revoked.

All staff will use a password manager to help them store their passwords securely. Teachers will generate passwords for pupils using a password manager/generator and keep these in a secure location in case pupils lose or forget their passwords.

Reserved rights of the School

The school may exercise its right by electronic means to monitor the use of the school’s computer systems, including the monitoring of websites, the interception of e-mail and the deletion of inappropriate materials in circumstances where it believes unauthorised use of the school’s computer system or may be taking place, or the system is or may be being used for criminal purposes or for storing text or imagery which is unauthorised or unlawful.

Equal Opportunities

The Acceptable Use Policy encourages the practice of inclusion for all.

Safeguarding

The school’s legal responsibility for safeguarding and the welfare of children goes beyond basic child protection procedures.

The duty is now to ensure that safeguarding permeates all activity and functions. This policy therefore complements and supports the safeguarding policy.

This policy should be read in conjunction with other school policies, particularly the safeguarding policy

Individual Staff agreement

I accept and agree to abide by the terms of the Acceptable Internet Use Policy Full name (print):

Signed:

Date:

Contact Us

Queen Margaret Primary Academy
York Road
Tewkesbury
Gloucestershire
GL20 5HU
Contact Us

Legal

Queen Margaret Primary Academy is proud to be part of the Cabot Learning Federation. 
Registered Company: Cabot Learning Federation
Company No: 06207590