EResponsibility

From RSCWMWiki

Contents 1 Introduction 2 Glossary Terms 3 P.I.E.S 4 Policy & Procedure 5 Infrastructure & Technology 6 Education & Training 7 Standards and Inspection 8 Supplementary resources 9 See also 10 RSC contacts

Introduction

With an increasing demand for responsive delivery and the increasing use of personal mobile devices, together with tutors employing web 2.0 tools to reach and engage learners the management and monitoring of safe access to content has become central to Teaching & Learning delivery.

e-Safety – the safe and responsible use of technology – is sometimes presented as primarily a child protection issue. While children, young people and vulnerable adults do need support to keep themselves safe online (see Safeguarding), the risks associated with the use of technology are not confined to them. e-Safety issues may also affect adults – for example, the mismanagement of personal data, and risks of financial scams, identity theft and cyberbullying. This will be particularly relevant for those adults who are new to using technology.

The WorkSmart Not Safe For Work? website from the TUC includes offers an online safety toolkit, which includes video tutorials and quizzes on malicious software, identity theft, using IT equipment in the workplace and safeguarding your privacy online The Information Commissioner's Office also has some very good resources to support online personal safety.

The key to e-safety lies in enabling staff to develop their skills and knowledge, and to encourage learners to become Informed Users who can identify risks and act to protect themselves online.

This article will examine the issues surrounding eSafety and provide useful sources of information to help you to become better informed. To accomplish this, the following article has been broken down into four distinct areas: Policy & Procedure, Infrastructure & Technology, Education & Training, finally Standards and Inspection.

The resources included in this article are not a definitive collection and can be used in isolation or in conjunction with other resources.

Glossary Terms

Glossary of Terms

P.I.E.S

Becta's PIES model is an effective framework for approaching safeguarding strategy across learning provision. It offers a simple way of mitigating against risks through a combination of effective policies and practice, a robust and secure technology infrastructure, and education and training for learners and employees alike, underpinned by standards and inspection.

The model helps organisations develop a safeguarding strategy, to ensure that they are:

• Providing a safe environment for all learners and employees
• Equipping learners and employees with the skills needed to mitigate against risks, understand dangers and respond appropriately to incidents
• Adhering to legal responsibilities and protecting their reputation as a provider
• Ensuring that technologies are used responsibly in order to support innovative and effective learning and teaching.

Policy & Procedure

Learning Providers should take a strategic approach to their e-safety provision, ensuring that there is cross-campus awareness, that responsibilities, policies and procedures are in place, and that responsibility and reporting methods are established and communicated to all relevant stakeholders.

As highlighted by Sir Andrew Foster in the Realising the Potential (2005) document (PDF, 2.58MB) learner involvement is the key to improvement of organisations' performance and learners' outcomes. Evidence from various research projects and direct feedback from learner groups (such as the National Learner Panel) show that our learners are more motivated and committed when they are engaged.

Learners should be fully engaged in the policy development process. This is particularly crucial for policy related to technology, such as e-safety. Our learners are on the cutting edge of technological development; by inviting them to participate and shape the policy, we can better understand their concerns, cater for their learning and social needs, and maximise the benefit technology can offer. Learners will then feel respected and more likely welcome the policy.

This not only can facilitate the planning and quality improvement of your organisation, but also enhance your relationship with the learners and the long term reputation of your organisation. A key element of policy and planning is the acceptable use policy, or AUP. It is important that this guidance is produced by and agreed to by the whole learning community, and that the provider ensures it is adhered to. The AUP should be clearly displayed in a prominent place and should be reviewed and updated at regular intervals to reflect changes in policy, technology and changes in learning and social needs.

The Excellence Gateway Advice on AUPs looks at involving learners in the creation of effective organisation-wide AUPs. Further Advice on AUPS is also available via JANET UK and UKOLN.

Becta have also recently published AUPs in context: Establishing safe and responsible online behaviours, which provides a number of prompts and action points to help learning providers develop effective AUPs within a local context and framework of wider e-safety measures.

Employees additionally have legal obligations to protect their employees under a range of employment legislation and under the raft of UK discrimination laws. JISC Legal services have published guidelines on employee health and safety issues, as well as discriminatory treatment that employees may be subject too, and are particularly pertinent to distress caused by cyberbullying.

eSafety Policy

The eSafety policy should explain the ways in which ICT and all the related technologies should be accessed and used by all members of the school community.

The eSafety policy can either perceived as a standalone policy or as one element with the organisations AUP or eLearning policy. It is important that this guidance is produced by and agreed to by the whole learning community, and that the provider ensures it is adhered to. It should be clearly displayed in a prominent place and should be reviewed and updated at regular intervals to reflect changes in policy, technology and changes in learning and social needs.

Within your eSafety Policy you could include:

Introduction

An introductory policy statement which clearly defines your learning providers approach to eSafety within the context of Education. It is important to ensure the term (technology) is included rather than simply (the internet) or (online), this will ensure mobile communication devices are also included. Where possible refer to other existing polices which your eSafety operates in conjunction with. For example “This eSafety policy should be read in conjunction with other relevant polices e.g. Safeguarding, Acceptable Use, e-Security, Web 2.0, Anti Bullying, Disciplinary and Child Protection.

Creating Monitoring and Review

It is useful, not only to indicate who is responsible for writing the policy itself, but also to clarify how and when that document will be monitored and reviewed. Ideally this should be performed by an eSafety committee comprising of a cross section stakeholders with the institution.

Policy Scope

It is vital that all stakeholders are aware of who the eSafety policy applies to where and when. Key elements from your institutions AUP will also be reflected here.

Roles and Responsibilities

All members of the college community should know who is responsible for e-safety. It should be clear to whom they can report concerns or gain further information.

To make things very clear to all parties, your learning provider may choose to list all those persons who have responsibility for e-safety and detail their role. This will be specific to your college depending on staff employed and the specific duties they undertake.

Appropriate examples of roles and responsibilities that may be relevant to a learning provider found on page 5 of the JISC Legal eSafety policy template.

Security

When describing security measures that the college has, or is intending to put in place, it is essential that the appropriate college technical staff are consulted. They will be able to offer expertise and awareness of any technical issues in implementing the strategy. It is also important to consider the views of teaching staff and the learning and social needs of the learner.

Risk Assessment

Learning Providers must have risk assessment procedures in place whenever new technologies are being considered or where learning is taking place in a different or unfamiliar environment. To promote transparency and encourage stakeholder acceptance the risk assessment should carried out by a by an eSafety working group which represents a cross-section within the organisation. Where strict controls are implemented to manage risk and justification statement should made within the risk assessment model.

Useful resources to help reduce risk might include:

JISC Legal Web 2.0 Tutors Legal Issues Checklist.

JISC Legal eSafety of Top Ten Tips.

JISC InfoNet - Project Management InfoKit.

Behaviour

Online communication can take many forms, whether it is by email, text, video conferencing or instant chat. It is essential that all learners and staff are aware of existing learning provider policies that refer to acceptable behaviours when communicating online. All stakeholders should also be reminded of appropriate reporting and disciplinary procedures.

Communications

There are a variety of technologies now available with which individuals can communicate with one another. Learning Providers need to discuss their approaches and decide whether particular technologies are permitted and when and how these technologies may be used. The policy will require to be updated in line with the evolving nature of ICT. The Learning Provider may consider adding a template grid to its policy that lists all types of communication technology e.g. email, mobile phones, chat rooms, social networking, blogs, games consoles, PDAs, cameras etc. stating when their use may be permitted and by whom. A further reference may be added to this section referring to existing polices for example: Disciplinary or Acceptable User policies.

Use of Images and Video

Images can be particularly difficult to manage and should be part of your institution’s policy. The wording of this section will depend on the Learning Providers approach to risk. Images may be downloaded arbitrarily from the internet or they may belong to learners and/or staff. Safeguarding implications should be considered carefully in all cases. Further considerations for this section must also consider potential infringements of Intellectual Property Rights (IPR) and Copyright.

Personal Information

Any processing of personal information needs to be done in compliance with the Data Protection Act 1998. The statement included by the college with the eSafety policy will depend on the internal data protection policy adopted by the institution.

Education and training

Having an e-safety policy and rules in place is one thing. However, without raising awareness of the content with learners and staff through training and education, the college is unlikely to meet its wider duty of care. A statement should therefore be contained in the policy explaining how this awareness raising programme will be implemented.

Incident and Response

It is important that colleges have in place a clear and consistent procedure when responding to an esafety incident. All members of the college community should know what this procedure is and how and when it will apply. A statement to this effect should be included in the eSafety policy.

Feedback and Further Information

All stakeholder should be fully engaged in the policy development process. This is particularly crucial for policy related to technology, such as e-safety. Our learners are on the cutting edge of technological development; by inviting them to participate and shape the policy, we can better understand their concerns, cater for their learning and social needs, and maximise the benefit technology can offer. Learners will then feel respected and more likely welcome the policy.

JISC Legal have produced a very useful eSafety policy template which is intended as a guide to help colleges write an effective e-safety policy that reflects their unique college community and context. There are headings, statements and content that a college may select or adapt to suit their own needs. It is assumed that colleges have carried out an e-safety audit of existing measures and have updated other relevant policies. It is available in Word and PDF formats.

Other useful links are available on the Links tab on JISC Legal’s e-safety page.

Infrastructure & Technology

Today’s IT support teams are faced with a difficult balancing act. On one side safe, fast, reliable and flexible services are required to support innovative practice whilst on the other side they are expected to maintain a secure, fast and reliable network.

As attractive as it might seem in order to avoid risk to the reputation of the organisation, locking down the network cannot be the answer. Technology has a lot to offer learners, eLearning; its flexibility, availability, portability contributes to the personalisation of their learning and support their engagement and acheivement. It also has a lot to offer the organisation in terms of meeting their obligations to deliver learning equitably and to exacting standards within ever more challenging financial constraints.

From an infrastructure standpoint eSafety is closely related to aspects of network security, such as:

• protecting the network from external threats and malware
• preventing access to inappropriate content
• ensuring integrity and confidentiality of data
• monitoring activity to detect inappropriate behaviour

The following sections will discuss these aspects in more detail and describe some of the hardware and software tools available.

Protecting the Network

Unauthorised communication with the Internet is a potential threat to security and eSafety. To protect the network from such threats, a firewall and/or a proxy server is placed between the internal network and the Internet. Although firewalls and proxy servers can be separate devices, their functions are usually incorporated into a single hardware or software firewall. A firewall protects the network in the following ways:

• Blocking Internet Communication

A firewall can permit or deny communication with the Internet based on certain criteria. Generally, a firewall is used to block all but very specific access from the Internet to the internal network, but can also be used to restrict access by internal users to external sites either globally or on a per-user basis by requiring users to provide network credentials in order to gain Internet access.

• Network Address Translation

Every computer on a network has an address, and knowing the address is necessary to establish communication. Network address translation makes all communication from the internal network appear to come from the firewall address.

Another potential threat is the introduction of malware, such as viruses, from portable USB disks or laptop computers. The first line of defence is the maintenance of up-to-date anti-virus software on every computer, including servers, connected to the internal network. Firewalls can also be configured to scan incoming Internet communications for viruses.

It is also important to apply operating system security patches when they are made available by the manufacturer. If feasible, it is also possible to block access to USB disks connected to computers on the internal network.

In some environments, users are allowed to connect their personal laptops, smartphones etc. to the internal wired or wireless network. These portable devices can introduce viruses into the network if they do not have up-to-date anti-virus software or operating system security patches. A Network Access Control device or NAC will inspect any foreign device connected to the internal network and block its communications if the anti-virus and operating system security do not meet certain criteria.

Blocking Inappropriate Content

A web filter inspects Internet communication and permits or blocks it based on a set of customisable rules. In addition to content, the rules can be based on such criteria as time of day; whether the user is a student; age of user etc. A web filter can:

• block access to particular Internet sites;
• prevent downloads of specific file types;
• prevent certain applications, for example peer-to-peer file sharing software, from connecting to the Internet from within the internal network.

Web filtering can be performed by a firewall, by a standalone hardware device, or by software running on a server.

It may be necessary to allow access to sites that are usually blocked, for instance if needed for coursework. Blocking and unblocking site access can be controlled by teachers, rather than the IT department, if the web filter supports that capability. However clear and transparent procedures need to be implemented to ensure the consistent, responsible and accountable use of such a function.

Even when it is necessary for students to access the Internet during a class, the teacher may need to monitor what the student is doing or prevent the student from using the Internet until he/she is told to do so. Classroom management software allows teachers to view students' computer screens on their computer and, if necessary, take control of their computers to stop students using social networking sites, running chat programs, playing games etc.

Securing Data

The educational institution is responsible for ensuring that students' personal data which it holds is protected from unauthorised access. It is important therefore to ensure that:

• Computers storing student data are in a physically secured area;
• Proper access management is in place so that only authorised persons can view or change student data;
• Access to student data is logged so that unauthorised activity can be detected;
• Any student data that is stored on portable devices, such as laptops or USB disks, is encrypted;
• Hard disks are erased before disposal of computers.

There is also a risk that sensitive data is intercepted while being transmitted over the network. This can be avoided if data is encrypted, however encryption and decryption of data can have an impact on network and computer performance, so its implementation should be carefully considered. As the risk of interception is particularly high on wireless networks, all wireless communication should be protected by enabling WEP or WAP encryption on wireless routers.

Education & Training

Organisations should ensure that staff have the appropriate skills, knowledge and understanding required to both assess, and mitigate, against risks, and help learners develop those skills. All FE and skills sector organisations need to ensure that both staff, learners and other associated stakeholders understand e-safety risks their potential impact, and that staff are confident in working with stakegolders around e-safety issues. The Training and Development Agency (TDA) for schools has developed the http://www.ofcom.org.uk/advice/media_literacy/medlitpub/medlitpubrss/socialnetworking/ Know IT All resource. Although it aims to support teachers, trainee teachers and adults working with children to understand and address e-safety issues, it contains a great deal of material which is useful to organisations dealing with adult learning.

It is important to remember that there is no "one size fits all" solution to eSafety training instead a considered approach is required ensuring a consistent and appropriate level delivery of training is given which is regularly reviewed and updated with stakeholder feedback where appropriate. It is advisable to start staff and learner training during induction to the learning provider where possible and to continue this process by embedding eSafety within all curriculum areas.

It is also interesting to note in the Ofsted report Safe Use of new Technologies http://tinyurl.com/yg2j34c the report indicates for a learning providers to be effective in promoting eSafety awareness the key to success in stakeholder empowerment and a continual and consistent approach to educating all stakeholders on and off site.

One important ingredient to include here, that so far has been missed is making learning FUN. Videos, online assessment tools, online games and even roleplay can be used to educate learners.

here is one example

The JISC RSC East Midlands has produced a course on e-Learning and e-Safety for its Virtual Learning Environment, Moodle. Colleges are able to transfer this course to their own VLEs so that their staff can also use it.

Standards and Inspection

The advice and guidance offered is here to highlight a number of issues and to suggest a number of avenues to follow. This advice and guidance is not legal advice. If you require legal advice please contact a legal professional.

This area examines how Legalisation and Inspection affects English learning providers. Your duty of care as a learning provider is discussed and advice and guidance is offered to help you stay within the law and to help reduce the likelihood of receiving a limited inspection grade.

In response to the Lord Laming report entitled The Protection of Children in England, the new inspection framework for September 2009 will have a stronger focus on safeguarding. This will include a grading from 1 (outstanding) to 4 (inadequate) for learning providers’ arrangements.

When gathering evidence for an Ofsted inspection, colleges and other children’s services must actively monitor the impact of their e-safety policies as part of their wider safeguarding strategies. Current Ofsted arrangements for inspecting learning and skills providers states that:

All remits^ will be judged on the effectiveness of providers and services in ensuring that learners are safe and feel safe. In particular, providers working with children under 18 must meet legal requirements for safeguarding children.

• Where a judgement of inadequate is awarded for either of the two safeguarding judgements, it is most unlikely that the overall effectiveness of the provider will be better than satisfactory.

• Where a judgement of satisfactory is awarded for either of the two safeguarding judgements**, it is unlikely that the overall effectiveness of the provider will be better than good.

• Where safeguarding is judged inadequate, a partial re-inspection of this aspect will take place at the earliest opportunity, normally within eight months of the most recent full inspection. This is because of the high importance Ofsted attaches to assuring the safeguarding of learners. The re-inspection visit is likely to be unannounced.

• ^ e.g. colleges, work- based learning, adult and community learning etc
• ^^ from the common inspection framework, A3, How safe do learners feel?; and C3 How effectively does the provider promote the safeguarding of learners?

Ofsted guidance

An Ofsted briefing paper on safeguarding children aims to support inspectors in reviewing safeguarding arrangements. It focuses on safeguarding in the broadest sense, but identifies several areas where the importance of e-safety is clear. The guidance is useful for learning providers giving an overview of what is expected of them.

The briefing paper stresses the importance of safeguarding arrangements in the early years foundation stage and in sixth form. This demonstrates how e-safety education should be a constant and continuing feature of learner wellbeing from the earliest possible age.

The guidance defines the safeguarding outcomes for children and young people as follows:

• Young people are safe: the effectiveness of services in taking reasonable steps to ensure that young people are safe.

• Young people feel safe: the effectiveness of services in taking reasonable steps to ensure that young people feel safe.

For FE and skills settings, a Handbook for inspection of further education and skills from September 2009 clarifies the safeguarding grade characteristics.

Relevance for e-safety

In terms of e-safety, Ofsted guidance shows a clear requirement to keep learners safe when using technology in the organisational setting. For FE and skills learners this will also extend beyond the organisational setting, as many learners will receive their education through other learning settings or work-based training providers also. Ofsted will assess how well FE and skills providers work with employers to ensure that appropriate arrangements are in place for safeguarding learners up to age 18 and vulnerable adults (as defined in the Vetting and Barring Scheme) on employers’ premises.

The guidance also underlines the importance of equipping learners with the skills and knowledge to keep themselves safe whenever and wherever they go online. This, in turn, will help them to feel safe – something inspectors assess.

In learning providers, inspectors will ask:

• to what extent learners feel safe
• how safe learners feel in a learning provuder, including their understanding of issues relating to safety, such as bullying
• how far learners feel able to seek support from their learning provider should they feel unsafe
• learners own views about being safe and free from harassment.

In FE and skills settings, inspectors will evaluate the extent to which:

• learners are safeguarded and protected
• staff take action to identify and respond appropriately to users’ welfare concerns
• safeguarding is prioritised
• providers work together with agencies and professionals effectively to safeguard learners.

Useful resources

What can we do to avoid a limiting grade? Author Jason Curtis RSC WM

The following Ofsted articles and publications may also be useful in preparing evidence on e-safety approaches within a wider framework of safeguarding.

• Ofsted: Safeguarding FAQs

These frequently asked questions (FAQs) aim to dispel many of the myths surrounding the inspection of safeguarding within the new inspection framework for schools and colleges, and learning and skills providers.

• Ofsted: Self-evaluation and the SEF

This article outlines the new self-evaluation form (SEF) alongside the framework for inspection of schools.

• Ofsted: School self-evaluation: A response to the Byron review

This briefing note gives an overview of what schools say about e-safety in their self-evaluation forms.

• Ofsted: The safe use of technologies report

This report, launched February 2010, presents the findings from a small-scale e-safety survey of 35 maintained schools in England. It evaluates the extent to which the schools taught pupils to adopt safe and responsible practices in using new technologies.

Further information relating to safeguarding and inspection can be found on the LSIS Excellence Gateway

Supplementary resources

Links to external web sites.

• Loughborough College - E-Safety Policy
• The Sheffield College - ESafety Policy
• KTS Training - E-Safety Policy
• JANET - Acceptable Use Policy
• West Notts College - Data Protection Policy and Procedure
• West Notts College - Freedom of Information Policy
• Kings College London - Encryption Guidance
• Guidance on Personal Use of College IT Facilities.
• The Anti-Phishing Working Group (APWG).
• Child Exploitation and Online Protection.
• Childnet International, Digizen: Cyberbullying.
• Childnet International: Young People and Social Networking Services.
• http://www.excellencegateway.org.uk/page.aspx?o=197297#policies
• Excellence Gateway Policy on community cohesion in Further Education.
• Excellence Gateway: Warwickshire College: Social networking improves student retention.
• Excellence Gateway: Derwen College: Trialling new technologies – video conferencing and JANET Txt for teaching, learning and student support.
• Excellence Gateway: Weblog risks.
• Internet Watch Foundation: Protection Online.
• JISC RSC East Midlands course on e-Learning and e-Safety.
• Worksmart: social networking and work.
• JISC Legal e-Safety Policy Checklist (03/03/20100.
• Internet Watch Foundation.
• DirectGov-Staying Safe Online.
• Get Safe Online.

See also

eSafety Presentation RSC WM A&I Forum March 2011

http://wiki.rscwmsystems.org.uk/index.php/Equality_Act_and_Information

http://wiki.rscwmsystems.org.uk/index.php/Web_technologies

http://www.rsc-south-west.ac.uk/index.php?p=126

http://moodle-rsc.ukc.ac.uk/course/view.php?id=72

RSC contacts

jason.curtis@rsc-wm.ac.uk 01902 518986