Internet safety Policy and Guidance Acceptable Use Policy for Staff and Pupils

Transcription

1 Internet safety Policy and Guidance Acceptable Use Policy for Staff and Pupils Refer to: Behaviour Policy Child Protection Policy Anti-Bullying Policy Computing Policy Review Annually or sooner. Next Full Review Autumn 2016

2 Policy Statement Policy Governance - Roles/responsibilities Technology Safe Use Governing Body Headteacher Internet safety Officer ICT Technical Support Staff All Staff All Students Parents and Carers Internet Filtering Filtering Encryption Passwords Anti-Virus Internet Photos and videos Social Networking Incidents Training and Curriculum Acceptable Use Policy (Staff) SMART Rules for EYFS, KS1 and KS 2 Guidance and other miscellaneous documents Why do we filter the Internet? Internet safety Incident Log Risk Assessment Log Inappropriate Use Flowchart Illegal Use Flowchart Written by Simon English (based on Alan Mackenzie -. Page 2 of 23

3 Policy Statement For clarity, the Internet safety policy uses the following terms unless otherwise stated: Users - refers to staff, governing body, school volunteers, students and any other person working in or on behalf of the school, including contractors. Parents any adult with a legal responsibility for the child/young person outside the school e.g. parent, guardian, carer. School any school business or activity conducted on or off the school site, e.g. visits, conferences, school trips etc. Wider school community students, all staff, governing body, parents NCPC Schools - refers to the following schools: Brinkley Grove Primary School, Friars Grove Primary School, Highwoods Community Primary School, Myland Primary School, Queen Boudica Primary School, St John s CofE Primary School and Willowbrook Primary School. Safeguarding is a serious matter; at the NCPC Schools we use technology and the Internet extensively across all areas of the curriculum. Online safeguarding, known as Internet safety is an area that is constantly evolving and as such this policy will be reviewed on an annual basis or in response to an Internet safety incident, whichever is sooner. The primary purpose of this policy is twofold: To ensure the requirement to empower the whole school community with the knowledge to stay safe and risk free is met. To ensure risks are identified, assessed and mitigated (where possible) in order to reduce any foreseeability of harm to the student or liability to the school. This policy is available for anybody to read on the NCPC schools websites; upon review all members of staff will sign as read and understood both the Internet safety policy and the Staff Acceptable Use Policy. Headteacher Name: Chair of Governors: Signed: Signed: Written by Simon English (based on Alan Mackenzie Page 3 of 23

4 Review Date: Next Review: Policy Governance (Roles & Responsibilities) Governing Body The governing body is accountable for ensuring that our school has effective policies and procedures in place; as such they will: Review this policy at least annually and in response to any Internet safety incident to ensure that the policy is up to date, covers all aspects of technology use within the school, to ensure Internet safety incidents were appropriately dealt with and ensure the policy was effective in managing those incidents. Appoint one governor to have overall responsibility for the governance of Internet safety at the school who will: o o Keep up to date with emerging risks and threats through technology use. Receive regular updates from the Headteacher in regards to training, identified risks and any incidents. Headteacher Reporting to the governing body, the Headteacher has overall responsibility for Internet safety within our school. The day-to-day management of this will be delegated to a member of staff, the Internet safety Officer (or more than one), as indicated below. The Headteacher will ensure that: Internet safety training throughout the school is planned and up to date and appropriate to the recipient, i.e. students, all staff, senior leadership team and governing body, parents. The designated Internet safety Officer(s) has had appropriate CPD in order to undertake the day to day duties. All Internet safety incidents are dealt with promptly and appropriately. Internet safety Officer The day-to-day duty of Internet safety Officer is devolved to Nick Hutchings. The Internet safety Officer will: Keep up to date with the latest risks to children whilst using technology; familiarize him/herself with the latest research and available resources for school and home use. Written by Simon English (based on Alan Mackenzie -. Page 4 of 23

5 Review this policy regularly and bring any matters to the attention of the Headteacher. Advise the Headteacher, governing body on all Internet safety matters. Engage with parents and the school community on Internet safety matters at school and/or at home. Liaise with the local authority, IT technical support and other agencies as required. Retain responsibility for the Internet safety incident log; ensure staff know what to report and ensure the appropriate audit trail. Ensure any technical Internet safety measures in school (e.g. Internet filtering software, behaviour management software) are fit for purpose through liaison with the local authority and/or IT Technical Support. Make him/herself aware of any reporting function with technical Internet safety measures, i.e. internet filtering reporting function; liaise with the Headteacher and responsible governor to decide on what reports may be appropriate for viewing. Computing Technical Support Staff Technical support staff are responsible for ensuring that: The IT technical infrastructure is secure; this will include at a minimum: o Anti-virus is fit-for-purpose, up to date and applied to all capable devices. o Windows (or other operating system) updates are regularly monitored and devices updated as appropriate. o Any Internet safety technical solutions such as Internet filtering are operating correctly. o Filtering levels are applied appropriately and according to the age of the user; that categories of use are discussed and agreed with the Internet safety officer and Headteacher. o Passwords are applied correctly to all users regardless of age (Note: this will require discussion as to when passwords should be changed.) Passwords for staff will be a minimum of 8 characters and not relate to family members or pets. o The IT System Administrator password is to be changed on a monthly (30 day) basis. All Staff/Users Staff/Users/Governors are to ensure that: All details within this policy are understood. If anything is not understood it should be brought to the attention of the Headteacher. Any Internet safety incident is reported to the Internet safety Officer (and an Internet safety Incident report is made), or in his/her absence to the Headteacher. If you are unsure the matter is to be raised with the Internet safety Officer or the Headteacher to make a decision. The reporting flowcharts contained within this Internet safety policy are fully understood. Written by Simon English (based on Alan Mackenzie Page 5 of 23

6 All Students The boundaries of use of computing equipment and services in this school are given in the student Acceptable Use Policy; any deviation or misuse of computing equipment or services will be dealt with in accordance with the behaviour policy. Internet safety is embedded into our curriculum; students will be given the appropriate advice and guidance by staff. Similarly all students will be fully aware how they can report areas of concern whilst at school or outside of school. Parents and Carers Parents play the most important role in the development of their children; as such the school will ensure that parents have the skills and knowledge they need to ensure the safety of children outside the school environment. Through parents evenings, school newsletters and the website the school will keep parents up to date with new and emerging Internet safety risks, and will involve parents in strategies to ensure that students are empowered. Parents must also understand the school needs to have rules and safeguarding procedures in place to ensure that their child can be properly safeguarded. As such, parents will sign the student Acceptable Use Policy as part of the admissions process before any access can be granted to school computing equipment or services. Internet safety Committee Chaired by the Governor responsible for Internet safety, the Internet safety Committee is responsible: to advise on changes to the Internet safety policy. to establish the effectiveness (or not) of Internet safety training and awareness in the school. to recommend further initiatives for Internet safety training and awareness at the school. Established from volunteer students, parents, Internet safety Officer, responsible Governor and others as required, the Internet safety Committee will meet on a termly basis. Written by Simon English (based on Alan Mackenzie -. Page 6 of 23

7 Technology The NCPC Schools use a range of devices including PC s, laptops, Apple Mac and ipads. In order to safeguard the student and in order to prevent loss of personal data we employ the following assistive technology: Internet Filtering we use Essex County Council proxy filtering that prevents unauthorized access to illegal websites. It also prevents access to inappropriate websites; appropriate and inappropriate is determined by the age of the user and will be reviewed in line with this policy or in response to an incident, whichever is sooner. The Computing Coordinator, Internet safety Officer and IT Support are responsible for ensuring that the filtering is appropriate and that any issues are brought to the attention of the Headteacher. Any items that are deemed inappropriate are to be reported to Essex Broadband Team. Filtering we use McAfee anti-virus software and Malwares software that prevents any infected to be sent from the school, or to be received by the school. Our system is Microsoft Office 365, which has been set up and endorsed by Essex County Council. Infected is defined as: an that contains a virus or script (i.e. malware) that could be damaging or destructive to data; spam such as a phishing message. Encryption All school devices that hold personal data (as defined by the Data Protection Act 1998) are encrypted. No data is to leave the school on an un-encrypted device; all devices that are kept on school property and which may contain personal data are encrypted. Any breach (i.e. loss/theft of device such as laptop or USB flashdrives/memory sticks) is to be brought to the attention of the Headteacher immediately. The Headteacher will liaise with the local authority to ascertain whether a report needs to be made to the Information Commissioner s Office. (Note: Encryption does not mean password protected.) Passwords all staff will be unable to access any device without a unique username and password. Staff passwords will change on a termly basis or if there has been a compromise, whichever is sooner. The Computing Coordinator and IT Support will be responsible for ensuring that passwords are changed. Anti-Virus All capable devices will have anti-virus software. This software will be updated at least weekly for new virus definitions. IT Support will be responsible for ensuring this task is carried out, and will report to the Headteacher if there are any concerns. All USB peripherals such as Flashdrives/Memory Sticks are to be scanned for viruses before use. Written by Simon English (based on Alan Mackenzie Page 7 of 23

8 Safe Use Internet Use of the Internet in school is a privilege, not a right. Internet use will be granted: to staff upon signing this Internet safety and the staff Acceptable Use Policy; students upon signing and returning their acceptance of the Acceptable Use Policy. All users/staff are reminded that s are subject to Freedom of Information requests, and as such the service is to be used for professional work-based s only. s of a personal nature are not permitted. Similarly use of personal addresses for work purposes is not permitted. All Users (Office, Teaching Staff including Teaching Assistants and Learning Support Assistants, Governors and the PTA) will be given their own address, solely for the purpose of business communication. Students are permitted to use the school VLE, and as such will be given their own address which will be for internal school environment only. Photos and videos Digital media such as photos and videos are covered in the schools Photographic Policy, and is re-iterated here for clarity. All parents must sign a photo/video release slip as part of the admission form; non-return of the permission slip will not be assumed as acceptance. The children that do not have permission will be asked at the beginning of the academic year if they wish to be included on the permission form. This will also ascertain if parents give permission for newspaper publication. The format for both newspaper publication and website will only include the child s first name. It will not give the child s last name. Social Networking there are many social networking services available; The NCPC Schools do not endorse or engage with parents and the wider school community through social networks. The following social media services are not permitted for use within the NCPC Schools during the hours of 8:30am and 3:30pm; should staff wish to use other social media, permission must first be sought via the Internet safety Officer who will advise the Headteacher for a decision to be made. Any new service will be risk assessed before use is permitted. Blogging used by staff and students in school via the Learn Anywhere Virtual Learning Environment. A broadcast service, such as Twitter or Facebook, is a one-way communication method in order to share school information with the wider school community. No persons will be followed or friended on these services and as such no two-way communication will take place. Written by Simon English (based on Alan Mackenzie -. Page 8 of 23

9 Staff Members are strongly advised that being friends with other staff is high risk. Staff members that are also parents are very strongly advised not to be friends with parents and staff. In addition, the following is to be strictly adhered to: Permission slips (via the school photographic policy) must be consulted before any image or video of any child is uploaded. There is to be no identification of students using first name and surname; first name only is to be used. Where services are comment enabled, comments are to be set to moderated. All posted data must conform to copyright law; images, videos and other resources that are not originated by the school are not allowed unless the owner s permission has been granted or there is a license which allows for such use (i.e. creative commons). Notice and take down policy should it come to the schools attention that there is a resource which has been inadvertently uploaded, and the school does not have copyright permission to use that resource, it will be removed within one working day. Incidents - Any Internet safety incident is to be brought to the immediate attention of the Internet safety Officer, or in his/her absence the Headteacher. The Internet safety Officer will assist you in taking the appropriate action to deal with the incident and to fill out an incident log. Training and Curriculum - It is important that the wider school community is sufficiently empowered with the knowledge to stay as risk free as possible whilst using digital technology; this includes updated awareness of new and emerging issues. As such, the NCPC Schools will have an annual programme of training which is suitable to the audience. Internet safety for students is embedded into the curriculum; whenever Computing is used in the school, staff will ensure that there are positive messages about the safe use of technology and risks as part of the student s learning. This will take place over the whole academic year using the Computing Curriculum that is suitable for the new National Curriculum As well as the programme of training we will establish further training or lessons as necessary in response to any incidents. Safer Internet Day will be highlighted as part of an assembly and posters will be placed around the school. The Internet safety Officer is responsible for recommending a programme of training and awareness for the school year to the Headteacher and responsible Governor for consideration and planning. Should any member of staff feel they have had inadequate or insufficient training generally or in any particular area this must be brought to the attention of the Headteacher for further CPD. The Internet safety Training Programme can be found in the School Improvement Plan. Written by Simon English (based on Alan Mackenzie Page 9 of 23

10 Staff ICT Acceptable Use Policy As a professional organisation with responsibility for children s safeguarding it is important that all staff take all possible and necessary measures to protect data and information systems from infection, unauthorised access, damage, loss, abuse and theft. All members of staff have a responsibility to use the school s computer system in a professional, lawful, and ethical manner. To ensure that members of staff are fully aware of their professional responsibilities when using Information Communication Technology and the school systems, they are asked to read, along side the DfE Teacher Standards, and then sign this Acceptable Use Policy. This is not an exhaustive list and all members of staff are reminded that ICT use should be consistent with the school ethos, other appropriate policies and the Law. I understand that Information Systems and ICT include networks, data and data storage, online and offline communication technologies and access devices. Examples include mobile phones, PDAs, digital cameras, and social media sites. School owned information systems must be used appropriately. I understand that the Computer Misuse Act 1990 makes the following criminal offences: to gain unauthorised access to computer material; to gain unauthorised access to computer material with intent to commit or facilitate commission of further offences or to modify computer material without authorisation. I understand that any hardware and software provided by my workplace for staff use can only be used by members of staff and only for educational use. To prevent unauthorised access to systems or personal data, I will not leave any information system unattended without first logging out or locking my login as appropriate. In accordance with the Internet safety Policy, I will ask for consent to use personal Computing equipment from the Head Teacher who will set the boundaries of personal use. I will respect system security and I will not disclose any password or security information. I will change my password on a regular basis and make sure that it is Strong (containing numbers and letters not relating to family members, pets or the like). I will not attempt to install any purchased or downloaded software, including browser toolbars, or hardware without permission from the system manager. I will ensure that any personal data of pupils, staff or parents/carers is kept in accordance with the Data Protection Act This means that all personal data will be obtained and processed fairly and lawfully, only kept for specific purposes, held no longer than necessary and will be kept private and secure with appropriate security measures in place, whether used in the workplace, hosted online (only within countries or sites with suitable data protection controls) or accessed remotely. Any data which is being removed from the school site (such as via or on memory sticks, portable hard drives or CDs) will be encrypted by a method Written by Simon English (based on Alan Mackenzie -. Page 10 of 23

11 approved by the school. Any images or videos of pupils will only be used as stated in the school image use policy and will always take into account parental consent. I will not keep professional documents which contain school-related sensitive or personal information (including images, files, videos etc.) on any personal devices (such as laptops, digital cameras, mobile phones), unless they are secured and encrypted. I will protect the devices in my care from unapproved access or theft. I will not store any personal information on the school computer system that is unrelated to school activities, such as personal photographs, files or financial information. I will respect copyright and intellectual property rights. I have read and understood the school Internet safety policy which covers the requirements for safe ICT use, including using appropriate devices, safe use of social media websites and the supervision of pupils within the classroom and other working spaces. o The recommendation is that users of Social Media should not bring the School into disrepute or undermine the ethos of the school or any of it s staff; I am reminded that being friends or following parents or pupils, past or present, is high risk and should be treated with the utmost caution. Any incident that may bring the school and/or it s staff into disrepute will be taken very seriously. I will report all incidents of concern regarding children s online safety to the Designated Child Protection Coordinator and/or the Internet safety Coordinator as soon as possible. I will report any accidental access, receipt of inappropriate materials, filtering breaches or unsuitable websites to the Head and/or the Internet safety Coordinator who will contact the designated lead for filtering as soon as possible. I will not attempt to bypass any filtering and/or security systems put in place by the school. If I suspect a computer or system has been damaged or affected by a virus or other malware or if I have lost any school related documents or files, then I will report this to the Computing Subject Leader as soon as possible. My electronic communications with pupils, parents/carers and other professionals will only take place via work approved communication channels e.g. via a school provided address or telephone number. My use of ICT and information systems will always be compatible with my professional role, whether using school or personal systems. This includes the use of , text, social media, social networking, gaming, web publications and any other devices or websites. My use of ICT will not interfere with my work duties and will be in accordance with the school AUP and the Law. I will not create, transmit, display, publish or forward any material that is likely to harass, cause offence, inconvenience or needless anxiety to any other person, or anything which could bring my professional role or the school into disrepute. Written by Simon English (based on Alan Mackenzie Page 11 of 23

12 I will promote Internet safety with the pupils in my care and will help them to develop a responsible attitude to safety online, system use and to the content they access or create. If I have any queries or questions regarding safe and professional practise online either in school or off site, then I will raise them with the Internet safety Coordinator or the Head Teacher. I understand that my use of the information systems, Internet and may be monitored and recorded to ensure policy compliance. I understand that I require consent from all parties if I wish to upload a photograph or video to any form of social media, internet site or service images (e.g Facebook, Instagram, Twitter et al) The School may exercise its right to monitor the use of information systems, including Internet access and the interception of s in order to monitor compliance with this Acceptable Use Policy and the School s Data Security Policy. Where it believes unauthorised and/or inappropriate use of the service s information system or unacceptable or inappropriate behaviour may be taking place, the School will invoke its disciplinary procedure. If the School suspects that the system may be being used for criminal purposes or for storing unlawful text, imagery or sound, the matter will be brought to the attention of the relevant law enforcement organisation. I have read and understood and agree to comply with the Staff ICT Acceptable Use Policy. Signed: Print Name: Date: Accepted by: Print Name: Written by Simon English (based on Alan Mackenzie -. Page 12 of 23

13 Children s SMART Rules for Internet Use EYFS and Key Stage 1 Written by Simon English (based on Alan Mackenzie Page 13 of 23

14 KS 2 SMART Rules Why we Filter the Internet Introduction Whilst sometimes seen as one of the more frustrating IT services in schools, Internet filtering is one item in the Internet safety toolbox that is of particular importance. When talking about an Internet filter there are two important aspects: Very broadly speaking Filtering - this is a pro-active measure to ensure (as much as possible) or prevent users from accessing illegal or inappropriate (by age) websites. Monitoring - this is a reactive measure and for the most part means searching, browsing or interrogating filter logs (known as the cache) for Internet misuse. Written by Simon English (based on Alan Mackenzie -. Page 14 of 23

15 These terms are important; mention to anyone that you are monitoring their Internet use and the immediate vision is of somebody sat at a computer screen watching every move and click; that is simply not the case. The fact that an Internet filter is in place to filter and monitor activity is of particular importance because you then have questions raised of morality such as, It s my human right to privacy, big brother is watching, and others. Consider CCTV at your school; everybody knows it is there because you can see it and there are (or should be) signs telling people that they are being monitored; everybody knows why it is there whether they agree with it or not...it is justified for the protection and safety of children and staff whilst in school, and also the protection of the building and its contents. But what about Internet filtering? How many of your parents know that the online activity of their child may be monitored? How many of your staff know? Importantly, do they know why? Whilst the answer should be yes to all, I know that isn t the case and normally with good reason; how do you know what you don t know? As with many things we do in life it is all about managing expectations, commonly known as justifying ourselves. But it is that justification that gives us precedence for doing something that others may deem controversial. Why do we Filter and Monitor? Schools filter Internet activity for two reasons: We filter to ensure (as much as possible) that children and young people (and to some extent adults) are not exposed to illegal or inappropriate websites. These sites are (or should be) restricted by category dependent on the age of the user. Exposure would include browsing to specifically look for such material, or as a consequence of a search that returns inappropriate results. (as much as possible) that the school has mitigated any risk to the children and young people, and thereby reduces any liability to the school by making reasonable endeavours to ensure the safety of those children and young people. We monitor for assurance (as much as possible) that no inappropriate or illegal activity has taken place. To add to any evidential trail for disciplinary action if necessary. Written by Simon English (based on Alan Mackenzie Page 15 of 23

16 A right to privacy? Everybody has a right to privacy, whether adult or child. But in certain circumstances there is a reduced expectation of privacy. In the context of this guide, that reduction is for security and safeguarding. This expectation is applicable whether it is school-owned equipment, or personally owned equipment used on the school network (and in some cases even if that personally owned equipment isn t used on the school network, but is used in school or for school business). Managing Expectations It is the expectations of the user that is particularly important; this will include school staff, students and parents/guardians of the students. Consent is not a requirement, however you are required by law (Data Protection Act 1998) to make all reasonable efforts to inform users that you are monitoring them. By making reasonable efforts you are working with the students and parents, not just merely telling them. In reality, very few schools actually monitor Internet activity, and neither do local authorities or RBC s (remember, monitor is different to filter). Whether that is right or not is out of scope for this paper, but the fact is you could; in fact Ofsted make clear that schools should be managing their own filter, and this would include monitoring for inappropriate activity, overly-restrictive filtering or otherwise. Of course, some will disagree with what you are doing, but that is their right and again consent is not a requirement. It is the understanding, not the consent that is important. Summary Filtering is different to monitoring. You do not require consent. But you must tell users if you do monitor, or if you have the facility to monitor. Set user expectations; explain under what circumstances it may be a requirement to monitor. Ensure you have a good statement in your Internet safety Policy. Ensure you have informed users that Internet use May be subject to monitoring in your Acceptable Use Policy. Ensure parents are informed, the reason why monitoring may take place, and they sign as read and understood. Written by Simon English (based on Alan Mackenzie -. Page 16 of 23

17 Number: Reported By: (name of staff member) Reported To: (e.g. Head, e-safety Officer) W h e n : When: Sample e-safety Incident Log Review Date: Result of Review: Signature (Headteacher) Date: Signature (esafety Officer) Date:

18 No. Activity Risk Likelihood Impact Score Control Measure Owner 1. Internet browsing Access to inappropriate/illegal content - staff Essex Broadband team e-saftey officer 1. Internet browsing Access to inappropriate/illegal content - students Internet safety Officer IT Support Essex Broadband team 2. Blogging/For um on VLE Inappropriate comments Monitoring system with VLE admins. Flagged Messages e- mailed to admin users. Internet safety Officer Computing Subject Leader 2. Blogging/For um on VLE Using copyright material Curriculum Internet safety Officer Computing Subject Leader 3. Staff laptops Staff taking laptops home access to inappropriate/illegal content at home Acceptable Use Policy All staff Head Internet safety Officer 4 Data Staff taking sensitive data home on unencrypted HDD/USB drives Staff issued with encrypted devices and/or password protection Internet safety Officer, Issue Password protection/encrypted drives to users 5 Cyber Bullying s on the VLE, digital communication from outside being brought into school Internet safety in the Curriculum All Staff in Internet safety lesson through curriculum 6 Photographs Transportation using unencrypted data storage Refer to AUP A l l Written by Simon English (based on Alan Mackenzie Page 18 of 23

19 7 Data protection - misuse Staff using personal ICT equipment AUP states to check with HT and/or Internet safety Officer H e a d Internet safety Officer 8 Personal Cameras/photo taking devices Refer to AUP Internet safety Officer Head 9 Parents taking pictures of other children At assemblies, School Sports Day, Christmas productions etc then posting on Social Media (not being aware of PPG/LAC/ Vulnerable groups Parents made aware they are able to take photos of only their own child, not to post on Social media, but able to to family etc. H e a d Designated Child Safety Officers Internet safety Officer 10 Safeguarding Safeguarding / LAC / Child Protection Staff aware of LACs (if applicable) and photographic permissions in school Des Chi Safety Officers Office Staff Internet safety Officer Photographic permissions Staff aware of Permissions - list in register boxes Des Chi Safety Officers Office Staff Internet safety Officer 11 Data Protection Unlocked computers with confidential information (SIMS admin users in front office, class teacher users of SIMS) Users to refer to AUP, if walking away from machine, lock. If not locked, then lock it. A l l u s e r s ICT Subject Leaders Internet safety Officer Page 19 of 23

20 Head Supply Teacher s having access to school server Permissions set to limit the access on the school server PEP Computer s Internet safety Officer Head 12 Staff uploading children s work to Social Media (e.g.pinterest) AUP - acceptable use A l l S t a f f 13 Children s Mobile Phones Theft while on site Parents inform the school in writing that their children will be bringing a mobile to school. It states in the school documentation that only Yr 6 should bring in a mobile phone because of walking home alone. H e a d Internet safety Officer 14 Children s Mobile Phones Photographs being taken of staff, pupils / uploaded to social media Curriculum Internet safety lesson reminding children that permission must be sought from the Photographee before taking the picture (privacy laws) PSHE Lessons on the effect of Cyber- Bullying Safer Internet Day ICT Subject Leaders Teaching Staff Curriculum Risk AssessmentLikelihood: How likely is it that the risk could happen (foreseeability). Impact: What would be the impact to the school (e.g. this could be in terms of legality, reputation, complaints from parents, reporting in press etc.) Likelihood and Impact are between 1 and 3, 1 being the lowest. Written by Simon English (based on Alan Mackenzie Page 20 of 23

21 Multiply Likelihood and Impact to achieve score. LEGEND/SCORE: 1 3 = Low Risk 4 6 = Medium Risk 7 9 = High Risk Owner: The person who will action the risk assessment and recommend the mitigation to Headteacher and Governing Body. Final decision rests with Headteacher and Governing Body Page 21 of 23

22 Inappropriate Activity Flow Chart A concern is raised Who is involved? Member of Staff Pupil Child Protection Issue? Child Protection Issue? No Yes No Yes Report to Headteacher Report to Headteache r and Child Protection Officer Consider: Inform parents Risk assess Counselling Discipline Referral Report to Headteache r and Child Protection Officer Consider: Risk assess Counselling Discipline Referral Report to: Safeguardin g Police Report to: Safeguardin g Police If you are in any doubt, consult the Headteacher, Child Protection Officer or Safeguarding Team Written by Simon English (based on Alan Mackenzie Page 22 of 23

23 Illegal Activity Flowchart A concern is raised Who is involved? Member of Staff Pupil Child Protection Issue? No Yes Report to: Police Safeguarding Inform Parents Refer to Police Inform Safeguarding Secure evidence in locked storage. Report to: Note: NEVER investigate NEVER show to others for your own assurance DO NOT let others handle evidence Police only Police Safeguarding Page 23 of 23