Online Safety Policy

ONLINE SAFETY POLICY

Approved by President: yes

Owner: Heads of School

Reviewers: Senior Leadership Team

Date approved: August 2024

Next review due by: August 2025

1. POLICY STATEMENT

At the British School of Bucharest, we use technology and the internet extensively across all areas of the curriculum. Although the advantages are clear, technology brings with it new and evolving risks, which need to be identified, assessed and mitigated where possible. Online safety, also referred to as e-safety, is an area of safeguarding that is having to adapt frequently and constantly, and as such this policy will be reviewed on an annual basis or in response to an online incident, whichever is sooner.

This policy and the Staff’s Acceptable Use Policy is available for anybody to read on the British School of Bucharest website. These policies will also be made available with the Staff Handbook, and upon review all members of staff will sign to acknowledge that they have read and understood them. A copy of the Online Safety Policy and the Students’ Acceptable Use Policy will be made available on the parental portal, along with the means to acknowledge agreement and permission. Upon receiving this acceptance of the terms and conditions, students will be permitted access to school technology including the internet.

This policy is compliant with Law 221/2019 which is against psychological violence and bullying in spaces intended for education.

2. AIMS

Our school aims to:

• have robust processes in place to ensure the online safety of pupils, staff and volunteers;

• deliver an effective approach to online safety, which empowers us to protect and educate the whole school community in its use of technology;

• establish clear mechanisms to identify, intervene and address incidents appropriately.

3. TERMINOLOGY

For clarity, the Online Safety Policy uses the following terms unless otherwise stated: Users – refers to staff, school volunteers, students and any other person working in or on behalf of the school, including contractors

Parents – any adult with a legal responsibility for the child/young person outside the school e.g. parent, guardian, carer School Community – students, all staff, parents

DSL – Designated Safeguarding Lead

SLT – Senior Leadership Team

IT or ICT – Information Technology or Information Communication Technology

BYOD – Bring your own device

4. SCOPE

The expectations identified in this policy apply to all members of the school community.

5. RESPONSIBILITIES

The following responsibilities identified below are delegated to ensure thorough policy governance.

Heads of School

Reporting to the School Proprietor, the Heads of School have overall responsibility for online safety within our school in conjunction with the DSL. The day-to-day management of this will be delegated to the Online Safety Team as indicated below.

The Heads of School will ensure that:

• online safety training throughout the school is planned and up to date and appropriate to the recipient, i.e., students, all staff, senior leadership team and parents;

• the designated Online Safety Team have had appropriate CPD in order to undertake the day-to-day duties;

• all online safety incidents are dealt with promptly and appropriately.

Online Safety Team

The Online Safety Team includes: the DSL and the Safeguarding Team, the Head of IT, as well as the Head of Computer Science (Secondary) and Computing Coordinator (Primary).

The Online Safety Team will:

• keep up to date with the latest risks to children whilst using technology;

• familiarise him/herself with the latest research and available resources to support safe use of technology at school and at home;

• advise the Heads of School and Senior Leadership Team on all online safety matters;

• ensure all staff are suitably trained in relevant online safety issues;

• engage with parents and the wider school community on online safety matters at school and/or at home;

• liaise with the Head of IT and other agencies as required;

• retain responsibility for reporting and recording online safety incidents;

• ensure that the school community knows how to report an online safety incident (see section 6 and appendix 5);

• ensure that there is an appropriate audit trail when an online safety incident is reported;

• ensure any technical online safety measures in school (e.g. internet filtering software and tools) are fit for purpose through liaison with IT Technical Support and other agencies;

• ensure that all filtering and monitoring procedures are effectively implemented and regularly evaluated bythe Head of IT;

• ensure that relevant staff are suitably trained the use of the filtering and monitoring software (e.g. Securly) where appropriate;

• oversee the online safety curriculum and ensure that its coverage is thorough, age-appropriate, up-to-date and relevant;

• lead in the planning of the annual Safer Internet Day;

• review this policy regularly and bring any matters to the attention of the Heads of School or a member of SLT.

Head of IT & IT Technical Support

The Head of IT is responsible for ensuring that the IT technical infrastructure is secure; this will include at a minimum:

• anti-virus is fit-for-purpose, up to date and applied to all capable devices;

• operating system updates are regularly monitored, and devices updated as appropriate;

• any online safety technical solutions, such as internet filtering, are operating correctly and in accordance with any GDPR regulations or legislation;

• filtering levels/settings are applied appropriately;

• passwords are applied correctly to all users regardless of age;

• passwords for staff will be a minimum of 8 characters and should be alphanumeric;

• the deployment of a 2-step verification protocol for all staff Microsoft and Google accounts;

• all account passwords, including the IT System Administrator password, are to be changed every 90 days, or earlier if a password’s security is suspected of being compromised in any way;

• a record of all online safety security breaches and technical concerns is kept and maintained, identifying who and/or what was involved, when and what actions were taken to resolve the matter.

All Staff

All staff, including contracted staff and volunteers who use technology in school, are to ensure that:

• all details within this policy are understood. If anything is not understood it should be brought to the attention of a member of the Online Safety Team

• any online safety incident is reported to a member of the Online Safety Team

• any student online misbehaviour, failings to comply with the Acceptable Use Policy or safeguarding incidents, including cyber-bullying, is reported on CPOMS;

• any online safety concerns where our existing systems fail to protect and fall short of expectations, e.g. viruses, spam and other breaches of security, must be reported immediately to the Head of IT (helpdesk@britishschool.ro);

• concerns involving a member of staff’s inappropriate use of technology should be reported to a senior member of staff (see low-level concerns procedures in the Safeguarding & Child Protection Policy or Whistleblowing Policy);

• the reporting flowcharts contained within this Online Safety Policy are fully understood (see appendix).

All Students

The boundaries of use of ICT equipment and services in this school are given in the Students’ Acceptable Use Policy (each agerelated version); any deviation or misuse of ICT equipment or services will be dealt with in accordance with the Behaviour Policy.

Online safety is embedded into our curriculum; students will be given the appropriate advice and guidance by staff. Similarly, all students will be made aware how they can report areas of concern whilst at school or outside of school. A copy of the Acceptable Use Policy is displayed in each classroom.

Parents and Carers

Parents play the most important role in the development of their children; as such the school will offer current information, support and training to parents relating to online safety matters, helping them with the skills and knowledge they need to ensure the safety of children outside the school environment. Through parent workshops and school newsletters, the school will keep parents up to date with new and emerging online safety risks and will involve parents in strategies to ensure that students are empowered. The school will also provide clear guidance as to how they can seek further online safety advice or report an online safety concern or incident.

Parents should understand that the school needs to have rules in place to ensure that their child can be properly safeguarded. As such, parents will be required to sign the student Acceptable Use Policy before any access can be granted to school ICT equipment or services. Parents of Secondary children also need to sign the Secondary Student 1:1 Device Agreement. Finally, parents are asked to notify a member of staff of any school-related online safety concerns they may have or queries regarding this policy.

Parents can seek further guidance on keeping children safe online from the following organisations and websites:

• UK Safer Internet Centre

• Childnet International

• Salvați Copii - Siguranța pe internet

6. PROCEDURE

Technology

British School of Bucharest uses a range of devices, including PCs, laptops, Apple Macs, Chromebooks, iPads and Samsung Flip screens. There is also a Bring Your Own Device scheme in operation across Years 12 and 13. In order to safeguard students and in order to prevent loss of personal data, we employ the following assistive technology:

Internet Filtering – we use the product DNS Filter to restrict access to any inappropriate content on all devices connected to the campus network. BSB also uses Securly as a filtering and monitoring tool for all student activity whilst they are logged into their BSB Online accounts. For further information regarding filtering and monitoring, see ‘Filtering and Monitoring’ section below.

Email Filtering – we use Office365 in the Cloud that prevents any infected email to be sent from the school, or to be received by the school. Infected is defined as: an email that contains a virus or script (i.e. malware) that could be damaging or destructive to data; spam email, such as a phishing message.

Monitoring - All staff, students and parents of students will be informed that internet activity and emails may be monitored in order to ensure, as much as possible, that users are not exposed to, or seek to access, illegal or inappropriate websites. Whilst using their BSB Online accounts, student activity can be monitored using the web tool Securly. The importance of monitoring, how and why the process is carried out, is openly discussed with staff and students at least once a year. A cover note will also accompany the Students’ Acceptable Use Policy to inform parents, openly inviting any questions regarding the matter. For further information regarding filtering and monitoring, see ‘Filtering and Monitoring’ section below.

School Sensitive Information – if staff have established access to school accounts via their personal devices, e.g. email and cloud accounts, the school reserves the right to delete all information within these accounts in the case of an emergency, whereby sensitive data is no longer secure. This may include the staff member’s personal data and content, if this has been stored within the school account. With all data, BSB complies with GDPR expectations.

Passwords – all staff and students will be unable to access their personal school account without a unique username and password. Staff and student passwords will change every 90 days or if there has been a compromise, whichever is sooner. The Head of IT is responsible for ensuring that passwords are changed.

Some devices in school do have shared access, such as the iPads. Nevertheless, all staff and students are required to log in to their school server account or BSB Online account in order to store their work. All staff and students must also ensure that they log out of their accounts when finished.

Two-Step Verification – the management of individual passwords is also protected securely using a two-step verification system, either via text message to a designated phone number provided by each user or via email using an alternative email address. Two-step verification will be required when logging into a BSB Online Google account and Microsoft 365.

Anti-Virus – all capable devices will have anti-virus software. This software will be updated at least weekly for new virus definitions. The Head of IT will be responsible for ensuring this task is carried out and will report to the Heads of School if there are any concerns. All peripherals such as USB key-drives are to be scanned for viruses before use.

Onboarding – BSB operates an onboarding style network. Onboarding is the process by which a new device gains access to the wired or wireless network for the first time. The onboarding system has been introduced to:

• improve network security;

• improve network performance;

• reduce the IT department workload relating to network access;

• allow users to connect quickly and securely to our network services.

School provided devices will be registered automatically with the network before being issued to students and staff. All students who have chosen the BYOD (Bring Your Own Device) option must first register his or her device with the IT department in order to access our school network and internet provision. Software updates for all devices should be maintained to prevent any network connection disruption.

Safe Use

Internet – use of the internet in school is a privilege, not a right. Internet use will be granted to staff upon their acknowledgment and agreement to the terms of the Staff Acceptable Use Policy (AUP). This will be done by signing the Staff Handbook, which contains the Staff AUP. Internet use will be granted to students once they have agreed to the terms of the relevant Student Acceptable Use Policy. The acknowledgment of the agreement will be recorded in an appropriate manner, depending upon the student’s age. Parents also need to agree to the AUP as part of the BSB Secondary Student 1:1 Device Agreement, via the Parent Portal, once the student has reached Year 7.

Email – all staff are reminded that emails are subject to freedom of information requests, and as such the email service is to be used for professional work-based emails only. Emails of a personal nature should be avoided using the school account. Students have their own BSB Online account (Google) and as such will be given their own email address. The email addresses are activated at the start of each academic year and all students are re-issued with a personal password which they are asked to change immediately and not disclose to anyone else. The students’ email addresses are comprised of the student’s first name as shown on iSAMS, followed by a ‘dot’ and their graduation year, for example: thomas.2028@bsbonline.net. If there is more than one student with the same first name in a year group, these students will have an additional number before the @ sign, starting with 1. This approach to creating student email addresses allows individuals to be recognisable online to school staff without disclosing their full name in case the email address is used externally (e.g. creating accounts within third-party educational websites).

Photos and videos – parental permission to take photographs and videos of students is requested each year within the annual registration files.

Any images or videos taken for school use should be uploaded, sent or transferred to the relevant school system (e.g., school social media account, assessment database, secure cloud system) as soon as possible and then deleted from the device.

When taking photographs and videos for school purposes we:

• seek further parental/carer consent as appropriate for photographs and videos to be published (for example, on our website or in newspapers or publications);

• do not identify a student by name when his or her image appears on the school website or on social media, unless specific permission has been granted by the parents/carers;

• ensure pupils and staff are appropriately dressed;

• ensure pupils are undertaking an official BSB activity only.

We will follow the General Data Protection Regulation and Data Protection Act 2018 when taking and storing photos and recordings for use in the school.

Staff will not take photographs or videos of pupils on their personal phones or cameras. Staff will be provided with suitable devices to take pictures and recordings – these may include school phones allocated to certain school leaders.

Students are not permitted to use a portrait photograph of themselves as their ‘login image’ for internet accounts, such as BSB Online, as their email address will contain their name. Students are also not allowed to take or share photographs or videos of other students and staff without permission.

Social Networking – there are many social networking services available; the British School of Bucharest is fully supportive of social networking as a tool to engage and collaborate with learners, and to engage with parents and the wider school community. The following social media services are permitted for use within the British School of Bucharest and have been appropriately risk assessed: LinkedIn, Facebook, X, Instagram and YouTube. ClassDojo is also used for teachers and school leaders to communicate with parents (individually, to class groups or to the whole school community), as well as to share evidence of learning through photographs and videos. Parents can write messages to teachers, but not other parents.

Should staff wish to use other social media, permission must first be sought via a member of the Online Safety Team who will advise the Heads of School for a decision to be made. Any new service will be risk assessed before use is permitted. All social media services that the British School of Bucharest use are employed as a broadcasting service. A broadcast service is generally used as a one-way communication method in order to share school information with the wider school community. The Friends of BSB Classlist App does allow for two-way communication, however, access and all comments are moderated. In addition, the following is to be strictly adhered to:

• images and videos of children must not be used if parents have indicated this in their registration files;

• there is to be no identification of students using first name and surname; first name only is to be used;

• where services are ‘comment enabled’, comments are to be set to ‘moderated’;

• all posted data must conform to copyright law; images, videos and other resources that are not originated by the school are not allowed unless the owner’s permission has been granted or there is a licence which allows for such use (i.e. creative commons).

Other online services are also used to share curriculum content and allow students to interact and contribute to online discussions and collaborative learning tasks, therefore opening opportunity for two-way communication. These include services such as Google Classroom.

It is a privilege for students to use these online school services and tools and all posts and uploads to them are monitored.

Notice and takedown policy – should it come to the school’s attention that there is a resource which has been inadvertently uploaded, and the school does not have copyright permission to use that resource, it will be removed within one working day.

Any deviation or misuse of these services or tools will be dealt with in accordance with the Behaviour Policy

Safe Searching – students will be required to use search engines frequently to support their learning throughout the school. Although internet searching is a very powerful and beneficial skill for students to learn, the school also understands that this is an activity whereby the risk that children may be exposed to offensive content is increased, due to the open-ended nature of the process. Consequently, moderated age-appropriate search engines are used where possible. Nevertheless, the quality of the search results can be limited when using search engines which are not as powerful as tools, such as Google. Therefore, students are taught how to search safely and how to respond suitably when exposed to inappropriate or offensive content.

Artificial intelligence(AI) – any use of online artificial intelligence tools, for students and staff, must first be agreed by the Online Safety Team and the Data Protection Officer (DPO), when using school devices and/or for school purposes. Furthermore, the school will always abide by the age-recommendations of the software and seek parental permission, where necessary. Students receive education and guidance on the use of AI, especially in terms of academic integrity and the potential serious consequences of its misuse in coursework or exam-related tasks. Further details can be found in tgeh relevant policy statements by the Exam Boards, Edexcel and CIE.

Filtering and Monitoring

An effective filtering system needs to block internet access to harmful sites and inappropriate content. The level of filtering could be differentiated for different user groups (e.g., student ages). An effective filtering system should not unreasonably impact teaching, learning and school administration, nor should it restrict students from learning how to access or manage risk themselves.

Monitoring user activity on school devices is an important part of providing a safe environment for students and staff. For monitoring to be effective, it should identify concerns promptly, usually through alerts or observations, allowing staff to take effective action and record the outcome.

Settings and Notifications

DNS Filter uses a technology that helps manage and control internet access by filtering and blocking unwanted or malicious content at the Domain Name System (DNS) level. It works by redirecting users’ web requests through a filtering system that checks the requested domain names against a database of categorised websites. DNS Filter works on all devices which connect to the school’s internet, through ethernet or wirelessly.

Securly also filters and blocks unwanted or malicious content, and works when students are logged into their BSB Online accounts. Automated reports are generated regularly, listing when users attempt to visit ‘blocked’ sites, intentionally or unintentionally. These blocked sites fall under categories, such as drugs, gambling, pornography, hate, etc. If a blocked site is flagged, the user’s full online activity during this period will be monitored carefully using the software, so as to attain whether the attempt to visit the blocked site was deliberate or accidental. Records of blocked site activity are checked regularly by the Safeguarding Team (e.g. DSL and DDSLs).

Furthermore, Securly monitors student activity and alerts designated staff at two levels:

1. when there is an attempt to access blocked sites or search for restricted content – this automatically alerts the student’s Class Teacher or Form Tutor.

2. Securly flags any ‘concerning online activity’, even if typically known disturbing key words are not used – this automatically alerts the student’s Class Teacher or Form Tutor, as well as the Safeguarding Team.

Roles and Responsibilities

The School Proprietor has overall strategic responsibility for the filtering and monitoring of internet content and activity within the school and when using a school device. The Advisory Board Member, the DSL and Head of IT are jointly responsible for ensuring that the expected standards for filtering and monitoring are met and evaluated regularly. It is the responsibility of the Head of IT to:

• advise the Proprietor and the Senior Leadership Team on technical matters relating to filtering and monitoring, including hardware and software specifications and performance, relevant updates, new risks, etc.

• procure effective filtering and monitoring systems which sufficiently meet the school’s needs and satisfies the expectations outlined by the Department for Education (UK) Meeting digital and technological standards in schools and colleges

• conduct the initial setup and ongoing maintenance of the filtering and monitoring systems (DNS Filter and Securly)

• manage system permissions agreed with Online Safety Team, including granting staff appropriate access within the monitoring software

• create and overseeing the filter ‘white- and black-lists’, to ensure the correct URLs are blocked, and access is given to those sites which have approval from SLT (different aged students may have different access permissions)

• set up filtering and monitoring systems to alert/notify specific staff when concerning online activity is identified, or there is attempted access to blocked sites

• conduct monthly checks of filtering system, using a range of different devices, user groups, and geographical locations (including off-site)

• contribute to the annual evaluation of the filtering and monitoring systems and procedures

• complete actions (e.g., amend filter and monitoring settings) following identified concerns, checks to the system or annual evaluation meetings

• maintain a record of all filtering and monitoring issues and incidents, the date they were communicated, as well as the resulting actions

It is the responsibility of the DSL to:

• (with the DDSL) regularly check the Securly ‘blocked sites’ report to look for trends, as well as specific students or online activity of concern.

• (with the Online Safety Team) review the effectiveness of the school’s filtering and monitoring provision, as part of the Termly Safeguarding Review Meetings, and document any decisions made as a result. This will include reviewing the latest filter ‘black- or white-lists’ and actions taken in response to the ongoing Securly ‘blocked sites’ report check. The Summer Term Safeguarding Review is conducted with the Advisory Board Member, who will then relay any decisions or amendments to procedure to the Proprietor, if this has not been done already. It is important to note that further reviews of practice would be conducted at anytime during the year if:

o a safeguarding risk is identified

o there is a significant change in working practice

o new technology is introduced

• ensure that teaching staff:

o are aware of the school’s filtering and monitoring expectations

o understand their responsibility to monitor online activity within their lessons, directly or via Securly

o are trained in accessing Securly to support them with the monitoring of student online activity

o know how to report and record any filtering or monitoring concerns they may have observed or to which they may have been alerted

o know how to request any amendments to the school filter’s ‘black- or white-lists’, where necessary

It is the responsibility of the teaching staff to:

• monitor student online activity within their classroom

• use Securly to monitor previous student online activity, if there are concerns

• respond to any Securly alerts by ensuring that the student has been met with and the concern has been discussed, at the earliest opportunity (this may require coordination, as alerts will typically go to more than one staff member)

• report any concerns on CPOMS, if there are any, and discuss with relevant Pastoral staff or Safeguarding Team member, where appropriate, including any examination breaches or suspected technology-related malpractice;

• ensure that the Behaviour policy or the Safeguarding & Child Protection policy procedures are followed, where relevant

• email helpdesk@britischool.ro if the school’s filter appears to be not working as expected on certain devices, accounts or locations. Also, contact Helpdesk if amendments need to be made to the school filter’s ‘black- or white-lists’ (e.g., inappropriate content accessible, required safe sites not accessible)

Incidents

Any online safety incident involving a student is to be brought to the immediate attention of a member of the Senior Leadership Team. They will then assist in taking the appropriate action to deal with the incident. All incidents involving student online misbehaviour, failings to comply with the Acceptable Use Policy or safeguarding incidents, including cyber-bullying, must be reported on CPOMS. Online safety concerns where our existing systems fail to protect and fall short of expectations, e.g. viruses, spam and other breaches of security, must be reported immediately to the IT Technical Manager (helpdesk@britishschool.ro).

Any concerns involving a member of staff’s inappropriate use of technology should be reported to the relevant Head of School, in line with the school’s Safeguarding & Child Protection Policy

Record keeping

Records of online safety incidents and concerns involving students and the resulting actions and outcomes are logged in detail on CPOMS. Records of online safety concerns where our existing systems fail to protect and fall short of expectations, e.g., viruses, spam and other breaches of security filters, as well as the resulting actions and outcomes, are logged in detail on the Helpdesk Ticket System.

Training

It is important that the wider school community is sufficiently empowered with the knowledge to stay as risk free as possible whilst using digital technology; this includes updated awareness of new and emerging issues. As such, the British School of Bucharest will hold an annual programme of training at the beginning of each new academic year, whereby they will be reminded of the Online Safety Policy, the Acceptable Use Policies and the Online Safety Reporting Procedures. Any staff member joining the school part way through the academic year will be given individual training.

All teaching staff, IT staff, as well as contracted staff and volunteers who work in regulated activity with technology, are expected to complete the latest Staying Safe Online for International Schools TES Develop EduCare course every two years. Parent workshops (age appropriate) will be held during the Autumn term, as early as possible, offering advice and support, as well as outlining the school’s expectations. Online safety guidance for parents will also regularly feature in letters home and newsletters.

As well as the programme of training, we may establish further training or lessons as necessary in response to any incidents. The Online Safety Team are responsible for recommending a programme of training and awareness for the school year to the Heads of Schools for consideration and planning. Should any member of staff feel they have had inadequate or insufficient training, generally or in any particular area, this must be brought to the attention of the Heads of Schools for further CPD.

Curriculum

Online safety is taught specifically through the Computing and the PSHE curriculum, from EYFS to Year 13. Our online safety curriculum follows guidance from the DFE ‘Teaching online safety in school’ publication, as well as the UKCCIS ‘Education for a Connected World’ document. Furthermore, staff will ensure that the safe use of technology is encouraged and expected whenever ICT is used in the school, with risks highlighted and discussed when relevant. As well as scheduled online safety

lessons, sessions will be planned and held in response to any current incident which may occur within a year group, e.g. cyberbullying. The school will also use assemblies to raise pupils’ awareness of the dangers that can be encountered online and may invite speakers to talk to pupils about this. Particular emphasis is also given to online safety awareness on ‘Safer Internet Day’ each February.

In EYFS, we ensure our youngest leaners are respectful when using technology, as well as know what to do and who to talk to when they have a concern.

In Key Stage 1, pupils will be taught to:

• use technology safely and respectfully, keeping personal information private;

• identify where to go for help and support when they have concerns about content or contact on the internet or other online technologies.

Pupils in Key Stage 2 will be taught to:

• use technology safely, respectfully and responsibly;

• recognise acceptable and unacceptable behaviour;

• identify a range of ways to report concerns about content and contact.

By the end of Primary school, pupils will know:

• that people sometimes behave differently online, including by pretending to be someone they are not;

• that the same principles apply to online relationships as to face-to-face relationships, including the importance of respect for others online including when we are anonymous;

• the rules and principles for keeping safe online, how to recognise risks, harmful content and contact, and how to report them;

• how to critically consider their online friendships and sources of information including awareness of the risks associated with people they have never met;

• how information and data is shared and used online;

• how to respond safely and appropriately to adults they may encounter (in all contexts, including online) whom they do not know.

In Key Stage 3, pupils will be taught to:

• understand a range of ways to use technology safely, respectfully, responsibly and securely, including protecting their online identity and privacy;

• recognise inappropriate content, contact and conduct, and know how to report concerns.

Pupils in Key Stage 4 will be taught:

• to understand how changes in technology affect safety, including new ways to protect their online privacy and identity;

• how to report a range of concerns.

By the end of Secondary school, they will know:

• their rights, responsibilities and opportunities online, including that the same expectations of behaviour apply in all contexts, including online;

• about online risks, including that any material someone provides to another has the potential to be shared online and the difficulty of removing potentially compromising material placed online;

• not to provide material to others that they would not want shared further and not to share personal material which is sent to them;

• what to do and where to get support to report material or manage issues online;

• the impact of viewing harmful content;

• that specifically sexually explicit material (e.g., pornography) presents a distorted picture of sexual behaviours, can damage the way people see themselves in relation to others and negatively affect how they behave towards sexual partners;

• that sharing and viewing indecent images of children (including those created by children) is a criminal offence which carries severe penalties including jail;

• how information and data is generated, collected, shared and used online;

• how to identify harmful behaviours online (including bullying, abuse or harassment) and how to report, or find support, if they have been affected by those behaviours;

• the positive use and dangers of AI.

The safe use of social media and the internet will also be covered in other subjects where relevant.

The expectations listed above are in line with the National Curriculum Computing Programmes of Study; Relationships education and health education (Primary); and Relationships and sex education and health education (Secondary).

The online safety curriculum will also be reviewed annually by the Online Safety Team and the Computing and PSHE Subject Leaders (Primary and Secondary), in order to ensure its content is relevant and up to date with current risks.

Pupils using a personal mobile device in school

Primary students are not allowed to bring personal devices into school, unless there has been an agreement with a member of staff to bring the device for a specific purpose. In this instance, the member of staff is responsible for storing it safely during the school day. Secondary students each have a 1:1 device (KS3 & KS4 Chromebooks, KS5 BYOD – must be at least 10” screen) which they are required to use within lessons. To be allowed a 1:1 device, they must abide by the expectations laid out in the BSB Secondary Student 1:1 Device Agreement. Furthermore, Secondary students are welcome to bring their own personal mobile devices to school, but they must ensure that they are kept stored in their bag or locker and they must not be used during the school day. BSB does not take responsibility for the loss or damage of a personal device which has

been brought into school, in accordance with the Behaviour Policy

Any breach of the expectations identified above, the BSB Secondary Student 1:1 Device Agreement or the relevant acceptable use agreement by a pupil may trigger disciplinary action in line with the Behaviour Policy

Cyber-bullying

Cyber-bullying takes place online, such as through social networking sites, messaging apps or gaming sites. Like other forms of bullying, it is the repetitive, intentional harming of one person or group by another person or group, where the relationship involves an imbalance of power (see also the Behaviour and Anti-Bullying Policies

Preventing and addressing cyber-bullying

To help prevent cyber-bullying, we will ensure that pupils understand what it is and what to do if they become aware of it happening to them or others. We will ensure that pupils know how they can report any incidents and are encouraged to do so, including where they are a witness rather than the victim.

The school will actively discuss cyber-bullying with pupils, explaining the reasons why it occurs, the forms it may take and what the consequences can be. Teaching staff will discuss cyber-bullying with their classes, and the issue will be addressed in assemblies.

Teaching staff are also encouraged to find opportunities to use aspects of the curriculum to cover cyber-bullying. This includes personal, social, health and economic (PSHE) education, and other subjects where appropriate.

All teaching staff receive training on cyber-bullying, its impact and ways to support pupils as part safeguarding training. The school also sends information on cyber-bullying to parents so that they are aware of the signs, how to report it and how they can support children who may be affected.

In relation to a specific incident of cyber-bullying, the school will follow the processes set out in the school Behaviour Policy. Where illegal, inappropriate or harmful material has been spread among pupils, the school will use all reasonable endeavours to ensure the incident is contained.

The DSL will consider whether the incident should be reported to the police if it involves illegal material, and will work with external services if it is deemed necessary to do so.

Examining electronic devices

At present, Romanian schools do not have the same powers granted to UK schools with regards to being able to search for and, if necessary, delete inappropriate images or files on pupils’ personal electronic devices (e.g., smartphones, tablets, laptops).

Nevertheless, if the device is a school loaned 1:1 iPad or Chromebook, the school reserves the right to erase the device’s hard drive remotely, or lock and withhold the device if parents or even police are to be contacted. The course of action taken will be determined by whether the school believes the image or file in question has been, or could be, used to:

• cause harm, and/or;

• disrupt teaching, and/or;

• break any of the school rules or break the law.

If the device is the student’s personal device, staff can ask the student to show and/or delete the image or file in question if necessary. If the student is not compliant, the school will need to determine whether the child’s parents and/or police should be contacted, depending on the severity of the concern. However, if the file is believed to be sexualised imagery of a minor, the image must not be viewed by any member of staff intentionally.

Youth-produced sexual imagery (sharing nudes and semi-nudes)

For guidance relating to sharing nudes and semi-nudes, please refer to the Safeguarding and Child Protection Policy

How the school will respond to issues of misuse

Where a student misuses the school’s ICT systems or internet and breaches the expectations identified in this policy, the relevant Acceptable Use Policies (AUPs) or the BSB Secondary Student 1:1 Device Agreement, we will follow the procedures set out in our Behaviour Policy, and disciplinary action may be taken. Any action taken will depend on the individual circumstances, nature and seriousness of the specific incident, and will be proportionate.

Where a staff member misuses the school’s ICT systems or the internet, or misuses a personal device where the action constitutes misconduct, the matter will be dealt with in accordance with our staff disciplinary procedures. The action taken will depend on the individual circumstances, nature and seriousness of the specific incident.

The school will consider whether incidents which involve illegal activity or content, or otherwise serious incidents, should be reported to the police.

Remote learning

Due to the global pandemic (COVID19) our teachers, students and parents have been required to adopt remote learning techniques since March 2020. At BSB, our preferred and primary remote teaching and learning tools are those provided by Google for Education (e.g. Google Meet, Google Classroom, Google Drive, etc), although other premium online software is also used to complement the Google products.

As well as ensuring that we have the best possible online resources, we are committed to providing effective and safe practice for remote learning. See appendix 6 for our Remote Learning Expectations.

7. REFERENCES

Related guidance and legislation

This policy is based on the Department for Education’s (DfE) statutory safeguarding guidance, Keeping Children Safe in Education, and its advice for schools on:

• Teaching online safety in schools

• Preventing and tackling bullying and cyber-bullying: advice for headteachers and school staff

• Relationships and sex education

• Searching, screening and confiscation

It also adheres to the Department’s guidance on protecting children from radicalisation It reflects existing legislation, including but not limited to the Education Act 1996 (as amended), the Education and Inspections Act 2006 and the Equality Act 2010. The policy also takes into account the National Curriculum Computing Programmes of Study.

Appendix 3 Using School Technology Safely and Appropriately

Acceptable Use Policy for KS2 & Secondary Students

Note: All online activity on school devices and accounts is subject to monitoring.

I will - only use the school-based ICT for schoolwork taht a teacher has asked me to do.

I will - be respectfull to everybody online and continue to abide by the school’s values.

I will - show respect for other people’s work presented online.

I will - inform a member of staff if anybody says or does anything to me that is hurtful or upsets me.

I will - let a member of staff know if anybody asks me for personal information online.

I will not - share personal information with anyone online.

I will not - look for or show other people things that may be upsetting or unsafe.

I will not - use other people’s work or pictures without permission to do so.

I will not - capture and/or share images or video of others without their permission.

I will not - damage school ICT purposely. If accidental damage is caused, I will inform a member of staff.

I will not - use other people’s usernames or passwords.

I will not - download anything onto a school-based device unless my teacher has asked me to.

I will not - use technology to cheat, misinform or create disinformation.

I understand - that some people on the internet are not who they say they are, and some people can be unkind. I will inform a member of staff if I am ever concerned in school, or my parents if I am at home.

I understand - if I do not follow these expectations there will likely be consequences for my actions, in accordance with the school’s behaviour policy.

School ICT - the computers, IPads, Chromebooks and other technology in school.

Appendix 4 BSB Secondary Student 1:1 Device Agreement

Secondary students at the British School of Bucharest are loaned a 1:1 device which they are expected to look after and use for learning at school and at home. Depending upon which year group the student is in, they will be assigned either an iPad or a Chromebook. This additional privilege brings with it further expectations and responsibilities on top of those outlined already in the school’s Acceptable Use Policy. Furthermore, this privilege is not transferable or extendable by students to people or groups outside school.

This agreement outlines the expectations associated with the responsible, ethical, safe and lawful use of school technology. If a student violates any of the expectations outlined in this agreement, privileges may be terminated.

1. Acceptable use

1.1 Student responsibilities

When using any school technology, students are always expected to abide by the school’s Acceptable Use Policy:

Using school technology safely and appropriately

Acceptable Use Policy for KS2 & Secondary students

Note: All online activity on school devices and accounts is subject to monitoring.

I will – only use the school-based* ICT for schoolwork that a teacher has asked me to do.

I will – be respectful to everybody online and continue to abide by the school’s values.

I will – show respect for other people’s work presented online.

I will – inform a member of staff if anybody says or does anything to me that is hurtful or upsets me.

I will – let a member of staff know if anybody asks me for personal information online.

I will not – share personal information with anyone online.

I will not – look for or show other people things that may be upsetting or unsafe.

I will not – use other people’s work or pictures without permission to do so.

I will not – capture and/or share images or video of others without their permission.

I will not – damage school ICT purposely. If accidental damage is caused, I will inform a member of staff.

I will not – share my password with anybody. If I forget my password, I will inform a member of staff.

I will not – use other people’s usernames or passwords.

I will not – download anything onto a school-based* device unless my teacher has asked me to.

I will not – use technology to cheat, misinform or create disinformation.

I understand – that some people on the internet are not who they say they are, and some people can be unkind. I will inform a member of staff if I am ever concerned in school, or my parents if I am at home.

I understand – if I do not follow these expectations there will likely be consequences for my actions, in accordance with the school’s Behaviour policy.

School ICT – the computers, iPads, Chromebooks and other technology in school.

*Note that the 1:1 student devices are not school-based and students have permission to use their devices for non-school purposes when appropriate. They also have permission to download information they may require to support their learning.

Further to the expectations outlined in the Acceptable Use Policy, students:

• must be proactive in reporting any damage to, fault with or loss of their 1:1 device (including any accessories) immediately to their Form Tutor or senior member of staff. Students may also be required to complete a written report explaining what the issue is and how it occurred.

• must not leave their 1:1 devices unattended in a public place, including school. All devices can be stored in lockers secured with an appropriate lock.

Students may be selected at random to provide their school device for inspection.

1.2 Prohibited activities

Although some of the expectations listed below have already been addressed in the Acceptable Use Policy (in 1.1), this section details specifically known prohibited activities:

• Accessing, uploading, downloading, or distributing material electronically, including text, imagery, audio and video, which is considered to be:

o illegal

o cheating

o offensive

o profane

o threatening

o obscene

o pornographic

o inappropriate for age of student

o discriminatory, including racist, xenophobic, sexist and homophobic

o inciting religious or political extremism, radicalisation and/or hatred

o inciting bullying

• Any communications, including text, imagery, audio and/or video, used with the intention of making fun of, harassing, insulting or attacking others and/or which could be considered as bullying.

• Using obscene language.

• Capturing, distributing or broadcasting photographic or video material of any member of the BSB school community, including visitors, without their permission.

• Spamming - sending mass or inappropriate emails or messages.

• Deliberately gaining and/or sharing access to another somebody else’s accounts, files, and/or data without authorisation.

• Vandalising school equipment, such as any malicious attempt to harm or destroy hardware, software, or data, including, but not limited to, the uploading or creation of computer viruses or malware that can infiltrate computer systems and/or damage software components.

• Bypassing the British School of Bucharest web filter through a web proxy or allowing a third party to carry out these changes.

• Violating copyright laws.

• Creating a fake internet profile or sharing false information for the purpose of deception, whether the intention is a joke or otherwise.

Entertainment Activities

Although not prohibited, entertainment activities, such as games, music and movies, should only take place at appropriate times of the day/week and should not interfere with the student’s education or wellbeing. Furthermore, the content of this media should be age appropriate and should not be accessed excessively. If the school believes the student is not using the device responsibly, restrictions could be applied to its settings.

1.3 Parent responsibilities

We would anticipate that parents model good practice and talk to their children about the values and standards that should be followed in the use of technology and the internet. This includes guidance with regards to appropriate online material, reliable news media information, communication technology and online entertainment. We would also anticipate that parents promote safe practice in the use of online technology, as well as encourage their child to balance his or her time in front of and away from their device.

1.4 School responsibilities

The school is responsible for providing all Secondary students with a suitable device in good working condition, along with its charging cable (and protective case if an iPad). The school is also responsible for ensuring that the device software, including operating system, is managed effectively and that sufficient filtering and monitoring systems, as well as other appropriate security settings are in place. Other educational or productivity software will also be purchased and deployed to support curriculum needs. Whilst on campus, the school will provide wireless internet access to its students and visitors with appropriate filtering capability. Parental guidance regarding online safety will also be provided regularly.

2. Receiving and returning your device

1:1 devices will be distributed at the beginning of the school year. Parents must acknowledge that they and their child both accept and agree with the terms outlined in this document before the device can be issued. This can be done digitally through My School Portal. Should parents of students in Years 12 and 13 wish for their child to participate in the Bring Your Own Device (BYOD) programme, the terms of the BYOD Policy Statement should also be acknowledged and agreed to. This can also be done through My School Portal.

Devices should be returned to school on a specified date at the end of the school year, or before a student leaves BSB if during the course of an academic year. The equipment will be checked by a member of BSB Helpdesk. If the device is damaged or there are any missing parts, appropriate follow-up action could be taken where appropriate. However, consideration is given to the fact that devices and their accessories do depreciate through everyday wear-and-tear.

3. Taking care of your 1:1 device

Students are responsible for the general care of the device and its accessories. Protective cases are provided for the iPads and should be used at all times. Nevertheless, even with a protective cover, special attention should be taken not to ‘bang’ the device or put pressure on the screen. Furthermore, the device is loaned and therefore should not be defaced in anyway, e.g. stickers added. Damage, loss or malfunction of the device should be reported to the Form Tutor or senior member of staff immediately. All devices have been labelled with a school crest and a unique serial number for easy identification and these must be left intact. As the devices are intended primarily for use in school, they should be brought to all lessons with sufficient battery power.

4. Repairing or replacing the 1:1 device - school insurance

The school has insurance which covers occasional accidental damage to the devices. Intentional damage or damage caused by poor care will not be covered and therefore students are urged to take care of these machines at all times, and respect them as they would any piece of school equipment. If damage is deemed not to be covered by the school insurance policy, parents will be liable for the replacement cost of the device or the cost of repairs.

In cases of fire, theft, vandalism, or other criminal acts, a report (e.g. police report) must be filed by the student or parent for the protection coverage to take place. A copy of the report must be provided to the school office. In the case of intentional damage or damage/loss due to poor care, the parents are responsible and will be requested to make a full payment for a new device to replace the lost/damaged one. The school insurance does not cover intentional damage of the devices.

5. Managing files & saving work

Ideally, students should be working within the BSB Online cloud. However, work can be saved onto the device’s hard drive, although it is highly recommended that there should at least be a backup. Device malfunctions are not an acceptable excuse for not submitting work.

6. Applications

6.1 Originally installed applications

The applications originally installed by the British School of Bucharest must always remain on the iPad and be easily accessible. Gifted apps from the British School of Bucharest must be redeemed using the default ‘bsbonline’ iTunes account which comes with the iPad. Chromebooks come equipped with the standard G-Suite apps.

6.2

Additional applications

Students may download free or purchase appropriate apps that clearly help with their studies and learning (revision guides, flash cards, Maths, English, Science & language programmes). Educational games, such as Sudoku, Scrabble and Brain trainer, may be added if sanctioned by a member of BSB staff. Staff will conduct random device checks and ask the student to delete any inappropriate or unsanctioned apps. The school behaviour policy will be used to deal with students not complying with this.

6.3 Application

upgrades

Upgrade versions of licensed applications are available from time to time. Students may be required to check-in their devices for periodic updates and syncing. However, most apps will be updated wirelessly; therefore, students are expected to accept new updates when prompted.

7. Other mobile technology

Any personal mobile technology that is brought into school is done so at the student’s own risk and its care and security is the responsibility of the individual. Mobile phones should be switched off and out of sight during school hours and should not be used unless it is with the permission of a member of staff. If communication is necessary (e.g. the student needs to contact his or her parent, or vice-versa), this should be conducted via the school office. Failure to comply with the above will be handled in accordance with the BSB Behaviour Policy.

8. Student discipline

If a student violates any part of the BSB Secondary Student 1:1 Device Agreement, they will be subject to consequences in line with relevant school policies.

Appendix 6 BSB Remote Learning Expectations

For the purpose of this document, the term ‘remote learning’ refers to the use of video and audio-conferencing software, such as Google Meet, to communicate with students for teaching and learning.

Permission

• Before students participate in remote learning, the school must receive permission from the parents or guardians.

Expected practice

• Equipment must be tested before each session begins. Staff should:

o check that their camera and microphone is working properly;

o ensure that the camera is in the correct position for optimum teaching;

o make sure that they are working against a suitable background - a virtual or blurred background should be used if necessary;

o remove any distractions which may disturb a productive working environment.

Staff must:

• Ensure that sessions are conducted professionally as they would in the classroom, both in manner and in dress. Special consideration should be given to the fact that their image and voice is being broadcast into multiple homes.

• Ensure that BSB Online accounts are used only. Staff must not accept any requests to join the meeting from nonBSB Online accounts, even if they are a known BSB student or member of staff.

• Ensure that sessions are supervised and managed effectively and focused on the lesson or pastoral topic. Only members of staff can host online meetings and therefore control the security settings. Meetings should not begin without the host present and should finish when the host logs-out. The member of staff should be familiar with the different software features (muting, screen-sharing, etc.) and should be able to apply these effectively to ensure that the session remains focused and well-managed.

• Avoid one-to-one sessions as far as possible. If absolutely necessary, do so in the same manner you would at school - with the door open. Encourage the student to be in a public area within their home also.

• Ensure that sessions are clearly timetabled, and meeting codes are easily available.

• Only use known safe online resources. Any products which a staff member wishes to use outside of the packages approved by BSB (e.g. G-Suite) must be agreed first with a senior member of staff, and possibly the DPO if student data is to be uploaded. All videos and activities must be tested in full before being presented to the students.

• Be especially sensitive and empathetic when talking to individual students, in particular when offering academic support or addressing a pastoral matter. This communication is being broadcasted to multiple homes. If appropriate, ask the student to switch a separate, parallel online meeting so that you can communicate privately.

• Support students who are struggling technically. If required, discuss with a senior member of staff to arrange the loan of school equipment or Helpdesk support.

Student conduct

• Students are to be reminded that they also are required to ensure that their equipment and learning environment is suitably prepared and potential distractions are removed. Students should position themselves in a quiet appropriate room/space, away from other people if possible, unless they are being supported.

• Students should be wearing the appropriate school uniform, including their PE kit during PE lessons.

• Behaviour expectations online should reflect the expectations in the classroom. Any misbehaviour, disruptive of otherwise, will be dealt with in accordance with the Behaviour Policy. If a student continues to be disruptive, the teacher is to remove the student from the session and arrange for the parents to be contacted by a pastoral leader, e.g., Director of Key Stage.

• Students do not have the capability to record sessions using the Google Meet record function. Recording a session using another means (e.g. screen capture software) without permission is also strictly prohibited and contravenes the student Acceptable Use Policy

Student concerns

• Staff will continue to be vigilant to signs that a child may be suffering or at risk of suffering physically or emotionally, whether at home, within their local community or online.

• Designated sessions should be planned for which give students opportunity to discuss opinions and concerns on a regular basis. The member of staff should manage those sessions with the children’s needs in mind (e.g. group size, gender of group, individuals involved). If a one-to-one session is believed be required, staff should follow the school’s guidance on this. If it is believed that a student would benefit from talking to the School Counsellor, the DSL should be contacted or another member of the Safeguarding Team.

• Staff must ensure that all students are regularly reminded how they can contact a member of staff individually if they need to report any safeguarding and pastoral concerns (e.g. anxiety, online safety, bullying, domestic abuse, etc.). Students should know that they can request to talk to the teacher at the end of any session and the teacher will have time for them. Alternatively, it is recommended that students email the member of staff they wish to talk to via Google Classroom to let the teacher know that they have a concern, and they wish to talk. They can do this by clicking ‘People’ at the top of the Google Classroom and then clicking the email icon next to the teacher’s name.

• All safeguarding and pastoral concerns should be reported on CPOMS and the appropriate members of staff will be notified automatically. Nevertheless, if there is a safeguarding concern, it is important to contact the DSL as soon as possible, or another member of the Safeguarding Team.