E-Safety Policy



Trinity Rings new


Adopted by:  Trinity Catholic College & Sixth Form

Date: February 2016

“An inclusive learning community living out Gospel values”





This policy applies to all members of the Trinity Catholic College community (staff, students, volunteers, parents, governors, wider community) who have access to and use the College ICT facilities either onsite or as a remote user.

The Education and Inspections Act 2006 empowers Headteachers / Principals to such extent as is reasonable, to regulate the behaviour of students / pupils when they are off the school / academy  site and empowers members of staff to impose disciplinary penalties for inappropriate behaviour. This is pertinent to incidents of cyber-bullying, or other e-safety incidents covered by this policy, which may take place outside of the school / academy, but is linked to membership of the school / academy.  The 2011 Education Act increased these powers with regard to the searching for and of electronic devices and the deletion of data (see appendix for template policy). In the case of both acts, action can only be taken over issues covered by the published Behaviour Policy.


Roles and Responsibilities

Every adult member of the school community who has a responsibility towards the welfare of the students has a responsibility towards keeping the students safe in their use of ICT. This section outlines the different responsibilities of the different groups and individuals

Governing Body

The Governing body are responsible for the approval of the E-Safety policy and reviewing and monitoring the effectiveness of the policy. 


Head Teacher & Leadership Team

  • The Headteacher responsibility for ensuring the safety (including e-safety) of all members of the College community. The day to day responsibility will be delegated to the E-safety Officer.
  • The Headteacher and other designated members of the Leadership Team should be aware of the procedures to be followed in the event of a serious e-safety allegation being made against a member of staff
  • The Headteacher/Leadership Team are responsible for ensuring that the E-Safety Officer and other relevant members of staff receive suitable training to carry out their duties
  • The Headteacher/Leadership Team will ensure that there is a system for monitoring and supporting those in school who carry out internal e-safety monitoring. This is to provide a safety net and to support those who take on monitoring roles


E-Safety Officer

  • Day to day responsibility for e-safety issues and has a leading role in reviewing the e-safety policies and documents
  • Ensures that all staff are aware of the procedures that need to be followed in the event of an e-safety incident occurring
  • Provides training, advice and guidance for staff
  • Liaises with the Local Authority and other relevant bodies
  • Liaises with the ICT technical staff
  • Receives reports of and logs e-safety incidents to inform future policy developments
  • Meets with E-Safety Governor to discuss current issues, review incident logs and filtering
  • Reports regularly to Leadership Team


Network Manager / Technical Support Staff

The Network Manager and technical support team are responsible for ensuring:

  • That the network infrastructure is secure and is not open to malicious attacks
  • The School meets the required e-safety technical requirements
  • That users may only access the networks and devices through a properly enforced password protection policy in which passwords are secure
  • the filtering policies are applied and regularly updated
  • they keep up to date with e-safety technical information in order to effectively carry out their e-safety responsibility
  • that the use of the network, Internet, CC4 Anywhere remote access and Trinity Cloud is regularly monitored in order that any misuse or attempted misuse can be reported to the E-safety officer
  • that monitoring software and systems are implemented and updated


Teaching and Support Staff

Are responsible for ensuring that:

  • They have an up to date awareness of e-safety matters and of the current Trinity Catholic College e-safety policy and practices
  • They have read, understood and signed the Staff Acceptable Use Policy
  • They report any suspected misuse or problem to the E-safety Officer
  • All digital communication with students / parents / carers should be on a professional level and ONLY carried out using official school systems
  • E-safety issues are embedded in all aspects of the curriculum and other activities
  • Students understand and follow the e-safety and acceptable use policies
  • Students have a good understanding of research skills and need to avoid plagiarism and uphold copyright regulations
  • they monitor the use of digital technologies such as computers, mobile phones, cameras etc in lesson and other school activities where allowed.
  • In lessons where Internet use is pre-planned students should be guided to sites checked as suitable for their use and that processes are in place for dealing with any unsuitable material that may be found in Internet Searches


Child Protection Officer

Should be trained in e-safety issues and be aware of the potential for serious child protection / safeguarding issues to arise from:

  • Sharing of personal data
  • Access to illegal / inappropriate materials
  • inappropriate online communication with adults / strangers
  • potential or actual incidents of grooming
  • cyber-bullying



  • Students are responsible or using the digital technology in accordance with the Student Acceptable Use Policy
  • Have a good understanding of research skills and need to avoid plagiarism and uphold copyright regulations
  • Need to know the importance of reporting abuse, misuse or access to inappropriate materials and know how to do so
  • Will be expected to know and understand policies on the use of mobile devices. They should also know and understand policies on the taking of and use of images and on cyber-bullying
  • Should understand the importance of adopting good e-safety practices when using digital technologies out of school and realise that their actions out of school, if related to their membership of the school, are still covered by the e-safety policy.


Parents / Carers

Parents / carers play a vital role in ensuring that their children understand the need to use digital technology and the Internet in a safe and responsible way. Trinity Catholic College will take every opportunity to help parents understand these issues through parents’ evenings, letters, website and information about national / local e-safety campaigns / literature.

Parents and carers will be encouraged to support Trinity Catholic College in promoting good e-safety practices and to follow guidelines on the appropriate use of

  • Digital video and images taken at school events
  • access to parents’ sections of the website and online student data
  • Their children’s personal devices (such as mobile phones) in the school where this is allowed.


Policy Statements


Education – Students

Whilst regulation and technical solutions are very important, their use must be balanced by educating students to take a responsible approach.  The education of students in e-safety is therefore an essential part of the school’s e-safety provision. Children and young people need the help and support of the school to recognise and avoid e-safety risks and build their resilience.

E-safety should be a focus in all areas of the curriculum and staff should reinforce e-safety messages across the curriculum. The e-safety curriculum should be broad, relevant and provide progression, with opportunities for creative activities and will be provided in the following ways: (statements will need to be adapted, depending on school / academy structure and the age of the students / pupils)

  • A planned e-safety curriculum should be provided as part of  Computing / PHSE / other lessons and should be regularly revisited
  • Key e-safety messages should be reinforced as part of a planned programme of assemblies and tutorial / pastoral activities
  • Students / pupils should be taught in all lessons to be critically aware of the materials / content they access on-line and be guided to validate the accuracy of information.
  • Students / pupils should be taught to acknowledge the source of information used and to respect copyright when using material accessed on the internet
  • Students / pupils should be helped to understand the need for the student / pupil Acceptable Use Agreement  and encouraged to adopt safe and responsible use both within and outside school
  • Staff should act as good role models in their use of digital technologies  the internet and mobile devices
  • in lessons where internet use is pre-planned, it is best practice that students should be guided to sites checked as suitable for their use and that processes are in place for dealing with any unsuitable material that is found in internet searches.
  • Where students are allowed to freely search the internet, staff should be vigilant in monitoring the content of the websites the young people visit.
  • It is accepted that from time to time, for good educational reasons, students may need to research topics (eg racism, drugs, discrimination) that would normally result in internet searches being blocked. In such a situation, staff can request that the Technical Staff (or other relevant designated person) can temporarily remove those sites from the filtered list  for the period of study. Any request to do so, should be auditable, with clear reasons for the need.


Education – Parents/carers

Many parents and carers have only a limited understanding of e-safety risks and issues, yet they play an essential role in the education of their children and in the monitoring / regulation of the children’s online behaviours. Parents may  underestimate how often children and young people come across potentially harmful and inappropriate material on the internet and may be unsure about how to respond.  

The school will therefore seek to provide information and awareness to parents and carers through:

  • Curriculum activities
  • Letters, newsletters, web site
  • Parents’ evenings
  • High profile events / campaigns eg Safer Internet Day


Education and Training – Staff and Volunteers

It is essential that all staff receive e-safety training and understand their responsibilities, as outlined in this policy. Training will be offered as follows:

  • A planned programme of formal e-safety training will be made available to staff. This will be regularly updated and reinforced. An audit of the e-safety training needs of all staff will be carried out regularly.  

    SWGfL BOOST includes unlimited online webinar training for all, or nominated, staff (http://www.swgfl.org.uk/Staying-Safe/E-Safety-BOOST/Boost-landing-page/Boost-Hub/Professional-Development)

     It is expected that some staff will identify e-safety as a training need within the performance management process.

  • All new staff should receive e-safety training as part of their induction programme, ensuring that they fully understand the school e-safety policy and Acceptable Use Agreements.

    SWGfL BOOST includes an array of presentations and resources that can be presented to new staff (http://www.swgfl.org.uk/Staying-Safe/E-Safety-BOOST/Boost-landing-page/Boost-Hub/Resources)

  • The E-Safety Coordinator / Officer (or other nominated person) will receive regular updates through attendance at external training events and by reviewing guidance documents released by relevant organisations.
  • This E-Safety policy and its updates will be presented to and discussed by staff in staff / team meetings / INSET days.
  • The E-Safety Officer (or other nominated person) will provide advice / guidance / training to individuals as required.  

    SWGfL BOOST includes an array of presentation resources that the e-Safety coordinator can access to deliver to staff (http://www.swgfl.org.uk/Staying-Safe/E-Safety-BOOST/Boost-landing-page/Boost-Hub/Resources)It includes presenter notes to make it easy to confidently cascade to all staff


Training – Governors

Governors should take part in e-safety training / awareness sessions, with particular importance for those who are members of any sub committee / group involved in technology / e-safety / health and safety / child protection. This may be offered in a number of ways:

  • Attendance at training provided by the Local Authority / National Governors Association  / or other relevant organisation
  • Participation in school training / information sessions for staff or parents (this may include attendance at assemblies / lessons).


Technical – Infrastructure, Equipment, Filtering, Monitoring

The school will be responsible for ensuring that the school infrastructure / network is as safe and secure as is reasonably possible and that policies and procedures approved within this policy are implemented.  It will also need to ensure that the relevant people named in the above sections will be effective in carrying out their e-safety responsibilities:

A more detailed Technical Security Template Policy can be found in the appendix.

  • School technical systems will be managed in ways that ensure that the school meets recommended technical requirements
  • There will be regular reviews and audits of the safety and security of school academy  technical systems
  • Servers, wireless systems and cabling must be securely located and physical access restricted
  • All users will have clearly defined access rights to school technical systems and devices.
  • All users will be provided with a username and secure password by the technical team who will keep an up to date record of users and their usernames. Users are responsible for the security of their username and password and will be required to change their password every academic year.
  • The “administrator” passwords for the school / academy ICT system, used by the Network Manager (or other person) must also be available to the Headteacher / Principal or other nominated senior leader and kept in a secure place (eg school safe)
  • The network manager is responsible for ensuring that software licence logs are accurate and up to date and that regular checks are made to reconcile the number of licences purchased against the number of software installations (Inadequate licensing could cause the school to breach the Copyright Act which could result in fines or unexpected licensing costs)
  • Internet access is filtered for all users. Illegal content (child sexual abuse images) is filtered by the broadband or filtering provider by actively employing the Internet Watch Foundation CAIC list.  Content lists are regularly updated and internet use is logged and regularly monitored. (the school / academy will need to decide on the merits of external / internal provision of the filtering service – see appendix). There is a clear process in place to deal with requests for filtering changes (see appendix for more details)
  • The school has provided enhanced / differentiated user-level filtering (allowing different filtering levels for different ages / stages and different groups of users – staff / pupils / students etc)
  • School / academy technical staff regularly monitor and record the activity of users on the school technical systems and users are made aware of this in the Acceptable Use Agreement.
  • An appropriate system is in place (to be described) for users to report any actual / potential technical incident / security breach  to the relevant person, as agreed).
  • Appropriate security measures are in place  to protect the servers, firewalls, routers, wireless systems,  work stations, mobile devices etc from accidental or malicious attempts which might threaten the security of the school systems and data. These are tested regularly. The school infrastructure and individual workstations are protected by up to date virus software.
  • An agreed policy is in place (to be described) for the provision of temporary access of “guests” (eg trainee teachers, supply teachers, visitors) onto the school systems.
  • An agreed policy is in place (to be described) regarding the extent of personal use that users (staff / students / pupils / community users) and their family members are allowed on school devices that may be used out of school.
  • An agreed policy is in place (to be described) that allows staff to / forbids staff from downloading executable files and  installing programmes on school devices.
  • An agreed policy is in place (to be described) regarding the use of removable media (eg memory sticks / CDs / DVDs) by users on school  devices. Personal data cannot be sent over the internet or taken off the school site unless safely encrypted or otherwise secured. (see School Personal Data Policy Template in the appendix for further detail)


BYOD / 6th Form Mobile Device Scheme

The educational opportunities offered by mobile technologies are being expanded as a wide range of devices, software and online services become available for teaching and learning, within and beyond the classroom.  Currently at Trinity BYOD extends only to staff and students of the 6th form College. See the appendix for the Mobile Device Scheme Acceptable Use Policy. For a BYOD scheme to work, the following principles are in place:

  • The school has a set of clear expectations and responsibilities for all users
  • The school adheres to the Data Protection Act principles
  • All users are provided with and accept the Acceptable Use Policy
  • All network systems are secure and access for users is differentiated
  • Where possible these devices will be covered by the school’s normal filtering systems, while being used on the premises
  • All users will use their username and password and keep this safe
  • Mandatory training is undertaken for all staff
  • Students receive training and guidance on the use of personal devices
  • Regular audits and monitoring of usage will take place to ensure compliance
  • Any device loss, theft, change of ownership of the device will be reported as in the BYOD policy
  • Any user leaving the school will follow the process outlined within the BYOD policy


Use of Digital Video and Images

The development of digital imaging technologies has created significant benefits to learning, allowing staff and students instant use of images that they have recorded themselves or downloaded from the internet. However, staff, parents / carers and students need to be aware of the risks associated with publishing digital images on the internet. Such images may provide avenues for cyberbullying to take place. Digital images may remain available on the internet forever and may cause harm or embarrassment to individuals in the short or longer term. It is common for employers to carry out internet searches for information about potential and existing employees. The school will inform and educate users about these risks and will implement policies to reduce the likelihood of the potential for harm:

  • When using digital images, staff should inform and educate students / pupils about the risks associated with the taking, use, sharing, publication and distribution of images. In particular they should recognise the risks attached to publishing their own images on the internet eg on social networking sites.
  • In accordance with guidance from the Information Commissioner’s Office, parents / carers are welcome to take videos and digital images of their children at school events for their own personal use (as such use in not covered by the Data Protection Act). To respect everyone’s privacy and in some cases protection, these images should not be published / made publicly available on social networking sites, nor should parents / carers comment on any activities involving other students / pupils in the digital / video images.
  • Staff and volunteers are allowed to take digital / video images to support educational aims, but must follow school policies concerning the sharing, distribution and publication of those images. Those  images should only be taken on school equipment, the personal equipment of staff should not be used for such purposes.
  • Care should be taken when taking digital / video images that students are appropriately dressed and are not participating in activities that might bring the individuals or the school into disrepute.
  • Students must not take, use, share, publish or distribute images of others without their permission
  • Photographs published on the website, or elsewhere that include students will be selected carefully and will comply with good practice guidance on the use of such images.
  • Students’ full names will not be used anywhere on a website or blog, particularly in association with photographs.
  • Written permission from parents or carers will be obtained before photographs of students are published on the school website
  • Student’s work can only be published with the permission of the student and parents or carers.


Data Protection

Personal data will be recorded, processed, transferred and made available according to the Data Protection Act 1998 which states that personal data must be:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate
  • Kept no longer than is necessary
  • Processed in accordance with the data subject’s rights
  • Secure
  • Only transferred to others with adequate protection.


Following a number of “high profile” losses of personal data by public organisations, schools are likely to be subject to greater scrutiny in their care and use of personal data. A School Personal Data template is available in the appendices to this document. (Schools / Academies should review and amend this appendix, if they wish to adopt it. Schools / Academies should also ensure that they take account of relevant policies and guidance provided by local authorities or other relevant bodies).

The school must ensure that:

  • It will hold the minimum personal data necessary to enable it to perform its function and it will not hold it for longer than necessary for the purposes it was collected for.
  • Every effort will be made to ensure that data held is accurate, up to date and that inaccuracies are corrected without unnecessary delay.
  • All personal data will be fairly obtained in accordance with the “Privacy Notice” and lawfully processed in accordance with the “Conditions for Processing”. (see Privacy Notice section in the appendix)
  • It has a Data Protection Policy (see appendix for template policy)
  • It is registered as a Data Controller for the purposes of the Data Protection Act (DPA)
  • Responsible persons are appointed / identified – Senior Information Risk Officer (SIRO) and Information Asset Owners (IAOs)
  • Risk assessments are carried out
  • It has clear and understood arrangements for the security, storage and transfer of personal data
  • Data subjects have rights of access and there are clear procedures for this to be obtained
  • There are clear and understood policies and routines for the deletion and disposal of data
  • There is a policy for reporting, logging, managing and recovering from information risk incidents
  • There are clear Data Protection clauses in all contracts where personal data may be passed to third parties
  • There are clear policies about the use of cloud storage / cloud computing which ensure that such data storage meets the requirements laid down by the Information Commissioner’s Office.

Staff must ensure that they:

  • At all times take care to ensure the safekeeping of personal data, minimising the risk of its loss or misuse.
  • Use personal data only on secure password protected computers and other devices, ensuring that they are properly “logged-off” at the end of any session in which they are using personal data.
  • Transfer data using encryption and secure password protected devices.

When  personal data is stored on any portable computer system, memory stick or any other removable media:

  • the data must be encrypted and password protected

  • the device must be password protected (many memory sticks / cards and other mobile devices cannot be password protected)

  • the device must offer approved virus and malware checking software

the data must be securely deleted from the device, in line with school policy (below) once it has been transferred or its use is complete.


Communication Technologies

A wide range of rapidly developing communications technologies has the potential to enhance learning. The following table shows how the school currently considers the benefit of using  these technologies for education outweighs their  risks / disadvantages:

Communication Technologies

When using communication technologies the school considers the following as good practice:

  • The official school email service may be regarded as safe and secure and is monitored. Users should be aware that email communications are monitored. Staff and students should therefore use only the school email service to communicate with others when in school, or on school   systems (eg by remote access).
  • Users must immediately report, to the nominated person – in accordance with the school policy, the receipt of any communication that makes them feel uncomfortable, is offensive, discriminatory, threatening or bullying in nature and must not respond to any such communication. (SWGfL BOOST includes an anonymous reporting app Whisper – http://www.swgfl.org.uk/Staying-Safe/E-Safety-BOOST/Boost-landing-page/Boost-Hub/SWGfL-Whisper)
  • Any digital communication between staff and students or parents / carers (email, chat, VLE etc) must be professional in tone and content. These communications may only take place on official (monitored) school systems. Personal email addresses, text messaging or social media must not be used for these communications.
  • Students should be taught about e-safety issues, such as the risks attached to the sharing of personal details. They should also be taught strategies to deal with inappropriate communications and be reminded of the need to communicate appropriately when using digital technologies.
  • Personal information should not be posted on the school website and only official email addresses should be used to identify members of staff.


Social Media

All schools, academies and local authorities have a duty of care to provide a safe learning environment for pupils and staff.  Schools/academies and local authorities could be held responsible, indirectly for acts of their employees in the course of their employment.  Staff members who harass, cyberbully, discriminate on the grounds of sex, race or disability or who defame a third party may render the school / academy or local authority liable to the injured party.

Reasonable steps to prevent predictable harm must be in place.

The school provides the following measures to ensure reasonable steps are in place to minimise risk of harm to pupils, staff and the school through limiting access to personal information:


School staff should ensure that:

  • No reference should be made in social media to students, parents / carers or school staff
  • They do not engage in online discussion on personal matters relating to members of the school community
  • Personal opinions should not be attributed to the school or local authority
  • Security settings on personal social media profiles are regularly checked to minimise risk of loss of personal information.


Staff use of  social media for educational purposes must comply with the social media policy


Unsuitable / inappropriate Activities

The school believes that the activities referred to in the following section would be inappropriate in a school context and that users, as defined below, should not engage in these activities in school or outside school when using school equipment or systems. The school policy restricts usage as follows:

User Actions


Responding to Incidents

This guidance is intended for use when staff need to manage incidents that involve the use of online services. It encourages a safe and secure approach to the management of the incident.  Incidents might involve illegal or inappropriate activities (see “User Actions” above).

SWGfL BOOST includes a comprehensive and interactive ‘Incident Management Tool’ that steps staff through how to respond, forms to complete and action to take when managing reported incidents (http://www.swgfl.org.uk/Staying-Safe/E-Safety-BOOST/Boost-landing-page/Boost-Hub/Incident-Response-Tool)


Illegal Incidents

If there is any suspicion that the web site(s) concerned may contain child abuse images, or if there is any other suspected illegal activity, refer to the right hand side of the Flowchart (below and appendix) for responding to online safety incidents and report immediately to the police.

Illegal Incident Proceduresa

Other Incidents

It is hoped that all members of the school community will be responsible users of digital technologies, who understand and follow school policy. However, there may be times when infringements of the policy could take place, through careless or irresponsible or, very rarely, through deliberate misuse.

In the event of suspicion, all steps in this procedure should be followed:

  • Have more than one senior member of staff / volunteer involved in this process. This is vital to protect individuals if accusations are subsequently reported.
  • Conduct the procedure using a designated computer that will not be used by young people and if necessary can be taken off site by the police should the need arise. Use the same computer for the duration of the procedure.
  • It is important to ensure that the relevant staff should have appropriate internet access to conduct the procedure, but also that the sites and content visited are closely monitored and recorded (to provide further protection).
  • Record the url of any site containing the alleged misuse and describe the nature of the content causing concern. It may also be necessary to record and store screenshots of the content on the machine being used for investigation. These may be printed, signed and attached to the form (except in the case of images of child sexual abuse – see below)
  • Once this has been completed and fully investigated the group will need to judge whether this concern has substance or not. If it does then appropriate action will be required and could include the following:
  • Internal response or discipline procedures
  • Involvement by Local Authority or national / local organisation (as relevant).
  • Police involvement and/or action
  • If content being reviewed includes images of Child abuse then the monitoring should be halted and referred to the Police immediately. Other instances to report to the police would include:
  • incidents of ‘grooming’ behaviour
  • the sending of obscene materials to a child
  • adult material which potentially breaches the Obscene Publications Act
  • criminally racist material
  • other criminal conduct, activity or materials
  • Isolate the computer in question as best you can. Any change to its state may hinder a later police investigation.

It is important that all of the above steps are taken as they will provide an evidence trail for the school and possibly the police and demonstrate that visits to these sites were carried out for child protection purposes. The completed form should be retained by the group for evidence and reference purposes.


School Actions and Sanctions

It is more likely that the school will need to deal with incidents that involve inappropriate rather than illegal misuse. It is important that any incidents are dealt with as soon as possible in a proportionate manner, and that members of the school community are aware that incidents have been dealt with. It is intended that incidents of misuse will be dealt with through normal behaviour / disciplinary procedures as follows:

Student Issues


Staff Issues