UK-GDPR Changes: No DPO, Reduced ROPA, SARs Approach, PMP Explained
With the joys of Brexit behind us the government is preparing to legislate on changes to the UK-GDPR. Their view, the EU-GDPR is too onerous and...
KCSIE has been updated in readiness for schools to digest and ensure they can evidence compliance from September 2022. There are a number of subtle changes related to technology which we thought useful to point out.
Filtering & monitoring
Paragraph 140 includes two additions. The first is that proprietors and governing bodies ‘review on a regular basis the effectiveness’ of filtering and monitoring. The second that ‘They should ensure that the leadership team and relevant staff have an awareness and understanding of the provisions in place and manage them [filtering and monitoring] effectively and know how to escalate concerns when identified’
We would suggest these additions are a consequence of many schools having filtering and monitoring solutions that are in place, but aren’t configured correctly so the reporting on what is actually happening is out of kilter. In one most notable 9ine case study, the schools monitoring was reporting no issues in user behaviour; however, once we had audited we found configuration issues that meant it wasn’t working correctly. Once fixed, it was identified a student with known problems had been searching for inappropriate images of children, among other serious safeguarding issues.
Consider the evidence that is presented to you, at your school that demonstrates your filtering and monitoring is working as it should. Much like a tablet or phone, with updates over time, the behaviour of features and functions changes, being different to how you initially set them up. If there isn’t any hard evidence then perhaps an audit of the configuration is required, and then undertaken on a regular basis and reported to leadership.
Any risks in relation to the set-up, management, operation and reporting of your filtering and monitoring should be noted in your prevent duty risk assessment. This is highlighted in paragraph 141 of KCSIE.
Information security & access management
For the first time KCSIE links having the appropriate security in place with guidance from the National Cyber Security Centre (NCSC) Cyber Security Training for School Staff. This is generally a nuanced change and fits with the general direction of statutory guidance in relation to Cyber and Data Protection as also seen this year within the Academy Trust Handbook. The positioning of Cyber as a requirement within KCSIE is therefore being seen as a contributing risk to overall safeguarding in schools and a topic in which schools are expected to demonstrate management of when being evaluated against compliance with KCISE.
Reviewing online safety
Whilst not new, in paragraph 134 KCSIE states: ‘It is essential that children are safeguarded from potentially harmful and inappropriate online material. An effective whole school and college approach to online safety empowers a school or college to protect and educate pupils, students, and staff in their use of technology and establishes mechanisms to identify, intervene in, and escalate any concerns where appropriate.’
Following the identification of harm from online content, contact, conduct commerce as detailed in paragraph 134, paragraph 144 expects an annual review of technology and the risks and harms related to it. Specifically as KCSIE acknowledges that technology changes as do risks of harm
9ine’s Vendor Assessment software is a powerful, low cost tool that allows you to evaluate all technology in your school for safeguarding risks of harm. With collaborative features, the DSL can identify and manage the risks of harm, reporting to leadership and annually assessing any changes to ensure an effective whole school approach.
Being KCISE Compliant with 9ine
Filtering & Monitoring - Our Security & Systems Audit evaluates the technical configuration of your firewall and filtering to demonstrate they are doing what they should be.
Information Security & Access Management - Our Cyber Vulnerability Assessment and Security & Systems Essentials provides a programme of work to cyber secure your school.
Reviewing online safety - Our cloud Vendor Assessment tool enables you to identify and manage online risks from the technology you are choosing to use. Low cost, easy to use, risk driven evidence based KCISE compliance. Schedule a free trial.
For more information on how we can help, get in touch with one of our team.
With the joys of Brexit behind us the government is preparing to legislate on changes to the UK-GDPR. Their view, the EU-GDPR is too onerous and...
The spiritual successor to Vine, the short form video creation app TikTok has skyrocketed in popularity in recent years. Arguably most popular with...
In this blog, we outline the most common cyber threats facing the education sector and explore key questions like who commits these crimes, what is...