The 360safeCymru award...

is intended to help schools in Wales review their online safety policy and practice. This review tool forms part of the guidance from Flintshire County Council on ensuring your school has identified its processes and areas for development.

 To achieve the online safety mark, schools need to achieve level 2 in all areas of the tracking tool. 

To achieve this, you will need to adopt and edit the policy template from 360safeCymru, and work through the aspects for your school. 

In each part of the 360safeCymru tool on Hwb, you will need to enter a commentary to describe your school's current position and the evidence you have to support this. There are bullet points on each to help clarify the evidence required to meet the set standard.

What you need to do...

1. Set up a Digital Committee in your school

• This should include representation of teaching staff, SLT, governors and learners

• Minutes of these meetings should be recorded

• Members of the group should have responsibilities

2. Develop policies and procedures for online safety

• Policies can be found in the policy template

• Ensure reporting procedures are in place 

• Implement and establish a school Social Media Policy and implement the practices identified in the Social Media aspect of the Technology section

• The guidance in the policy template on the use of digital images and videos is followed

3. Ensure online safety is being taught throughout the school

• All learners have the opportunity to meet the expectations of the DCF

• Learners have input into the school's online safety strategy and deliver online safety campaigns to support their peers.

4. Staff training for online safety

• Provide access to staff training for online safety issues affecting learners

• Provide support to Governors on the school's online safety offer

• Ensure parents and carers have support for online safety and have clear routes to report this

• Staff are aware of the accepted policies relating to the use and publication of images and videos

5. Safer Internet Day is a focus

• The school shares the work created for Safer Internet Day with the community

6. Be aware of the Online Safety Procedures which support your school's use of technology

• Below (support for step 6) are statements which can be used in the commentary section of the 360SafeCymru tool

• The headteacher and digital lead should review the statements and ensure they are accurate to the school's procedures. 

7. Publish content on your school's digital channels to support the sharing of the school's practices and online safety support

• Ensure all staff are aware of the school's support to the community through the sharing of online safety support

8. Employ data protection policies that are well-communicated, and the school has developed its Cyber Response Plan

• Create a school cyber response team 

• Perform an audit on the digital application which the school uses to hold data

• Develop a response to any breach of those applications and mitigate any potential weaknesses found

• Print off and keep a hard copy of the Cyber Response Plan

9. Evaluate the school's Online Safety policies and practices annually

• The school creates an online safety report based on the impact of online safety for learners

• Reports are shared with school leaders and governors

Support for step 6.

Technology Infrastructure - Summary - What your school needs to do...

Continue to complete the 360 Safe Cymru Online Safety Policy Template for Schools

This template's Technology pages run from pages 35 to 50. 

Filtering

1. Schools need to demonstrate an awareness of and understanding of their statutory duties. Here is a Link

2. Internet Filtering - Schools should have informed Flintshire County Council of who their Safeguarding Officer is. Schools could use the following passage:

'Through Smoothwall, Flintshire County Council monitors the school's internet usage. If issues arise with unacceptable use of the internet, an alert is sent to FCC's Traded Service and to the School's Safeguarding Officer (If this person's details have been passed on to FCC Traded Services). Following any breaches of the filtering policy, the school follows its disciplinary procedures. The reporting of inappropriate content is reported to the school's Designated Safeguarding Person, and reported to FCC using the TopDesk platform to allow this to be blocked for all schools. As a school, we also follow any safeguarding procedures we have if the situation requires.

Our school's filtering policy through FCC restricts Guest Users to the Filtering parameters used with our youngest learners. Filtering is restricted at varying age groups, with the highest restrictions on learners to age 7; additional use is enabled for learners up to age 11, and further access for those in secondary school.'

Monitoring

1. Schools have identified a member of staff with responsibility for managing and monitoring their digital strategy and processes. 

2. Schools could use the following passage: 

'Our school has a designated lead for the management and monitoring of our digital strategy and processes. Through the alerts from the Smoothwall filtering system, the school can identify the user who triggered the alert. 

Alerts triggered by the Smoothwall filtering system are reviewed immediately by the school's Designated Safeguarding Officer and assessed as to the course of action taken by the school. All actions are in alignment with the school's safeguarding policy and practice.'

Technical Security

1. Schools should be making use of multi-factor authentication (MFA) on their email accounts. If working through Hwb, this is automatically turned on and used when outside of a trusted network. 

2. If schools are working outside of the Hwb platform, MFA should also be applied to the school's Learning Platform, Email and additional third-party applications

3. The school works with Flintshire County Council to ensure that they have a robust Cyber Response Plan if subject to an external breach or attack.

4. The school has adopted and adapted Flintshire's Cyber Incident Response Plan

5. Your school should follow the guidance available through this site on the school's use of AI in its pedagogy.

'All school computer systems are password-protected, and where Hwb is used, MFA is used when accessing accounts outside of a trusted network. Where sensitive data is shared outside of school systems, encryption is used. 

The school has developed and implemented a cybersecurity plan where data, which identifies the applications used and the data they hold. The plan also identifies the steps to be taken should any of these systems be breached. All hardware and software receive updates to their security protection as they become available and are 'pushed out' by the school's federated technicians. 

Where AI systems are used, they have been assessed by the school's Data Protection Officer (DPO) and have had a Data Protection Impact Assessment (DPIA) completed.

 Within Flintshire, schools make use of TopDesk to report issues within the school's digital ecosystem, which then alerts the school's federated technician to react. Where there is an issue with Hwb-based applications, the Welsh Government will alert both the school and the local authority to the remedies required. 

Reviews into the provision of technical support are regularly conducted by the local authority.'