Staff ICT and Internet Acceptable Use Policy
Updated June 2021 (JAL) Review date June 2022
Key staff involved in the policy
Mrs C Eulert
Mr J Allen
Mr A Burrows
Introduction and aims
ICT is an integral part of the way our school works, and is a critical resource for pupils, staff, governors, volunteers and visitors. It supports teaching and learning, pastoral and administrative functions of the school.
However, the ICT resources and facilities our school uses also pose risks to data protection, online safety and safeguarding.
This policy aims to:
- Set guidelines and rules on the use of school ICT resources for staff, pupils, parents and governors
- Establish clear expectations for the way all members of the school community engage with each other online
- Support the school’s policy on data protection, online safety and safeguarding
- Prevent disruption to the school through the misuse, or attempted misuse, of ICT systems
- Support the school in teaching pupils safe and effective Internet and ICT use
This policy covers all users of our school’s ICT facilities, including governors, staff, pupils, volunteers, contractors and visitors. Breaches of this policy may be dealt with under our staff code of conduct.
Relevant legislation and guidance
This policy refers to, and complies with, the following legislation and guidance:
- Data Protection Act 2018
- The General Data Protection Regulation
- Computer Misuse Act 1990
- Human Rights Act 1998
- The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
- Education Act 2011
- Freedom of Information Act 2000
- The Education and Inspections Act 2006
- “ICT facilities”: includes all facilities, systems and services including but not limited to network infrastructure, desktop computers, laptops, tablets, phones, music players or hardware, software, websites, web applications or services, and any device system or service which may become available in the future which is provided as part of the ICT service
- “Users”: anyone authorised by the school to use the ICT facilities, including governors, staff, pupils, volunteers, contractors and visitors
- “Personal use”: any use or activity not directly related to the users’ employment, study or purpose
- “Authorised personnel”: employees authorised by the school to perform systems administration and/or monitoring of the ICT facilities
- “Materials”: files and data created using the ICT facilities including but not limited to documents, photos, audio, video, printed output, web pages, social networking sites, and blogs
The following is considered unacceptable use of the school’s ICT facilities by any member of the school community. Any breach of this policy may result in disciplinary or behaviour proceedings.
Unacceptable use of the school’s ICT facilities includes:
- Using the school’s ICT facilities to breach intellectual property rights or copyright
- Using the school’s ICT facilities to bully or harass someone else, or to promote unlawful discrimination
- Breaching the school’s policies or procedures
- Any illegal conduct, or statements which are deemed to be advocating illegal activity
- Accessing, creating, storing, linking to or sending material that is pornographic, offensive, obscene or otherwise inappropriate
- Activity which defames or disparages the school, or risks bringing the school into disrepute
- Sharing confidential information about the school, its pupils, or other members of the school community
- Connecting any device to the school’s ICT network without approval from authorised personnel
- Setting up any software, applications or web services on the school’s network without approval by authorised personnel, or creating or using any program, tool or item of software designed to interfere with the functioning of the ICT facilities, accounts or data
- Gaining, or attempting to gain, access to restricted areas of the network, or to any password-protected information, without approval from authorised personnel
- Allowing, encouraging, or enabling others to gain (or attempt to gain) unauthorised access to the school’s ICT facilities
- Causing intentional damage to ICT facilities
- Removing, deleting or disposing of ICT equipment, systems, programs or information without permission by authorised personnel
- Causing a data breach by accessing, modifying, or sharing data (including personal data) to which a user is not supposed to have access, or without authorisation
- Using inappropriate or offensive language
- Promoting a private business, unless that business is directly related to the school
- Using websites or mechanisms to bypass the school’s filtering mechanisms
This is not an exhaustive list. The school reserves the right to amend this list at any time. The headteacher Mrs C Eulert will use professional judgement to determine whether any act or behaviour not on the list above is considered unacceptable use of the school’s ICT facilities.
Exceptions from unacceptable use
Where the use of school ICT facilities is required for a purpose that would otherwise be considered an unacceptable use, exemptions to the policy may be granted at the headteacher’s discretion.
Staff who engage in any of the unacceptable activity listed above may face disciplinary action in line with the school’s policies on staff code of conduct
Staff (including governors, volunteers, and contractors)
Access to school ICT facilities and materials
The school’s ICT Manager- Alex Burrows manages access to the school’s ICT facilities and materials for school staff. That includes, but is not limited to:
- Computers, tablets and other devices
- Access permissions for certain programmes or files
Staff will be provided with unique log-in Office 365 passwords that they must use when accessing the school’s ICT facilities.
Staff who have access to files they are not authorised to view or edit, or who need their access permissions updated or changed, should contact the ICT Manager Alex Burrows. If staff require access to files, please contact the ICT Manager Alex Burrows.
Use of phones and email
The school provides each member of staff with an email address. This email account should be used for work purposes only.
All work-related business should be conducted using the email address the school has provided.
Staff must not share their personal email addresses with parents and pupils, and must not send any work- related materials using their personal email account.
Staff must take care with the content of all email messages, as incorrect or improper statements can give rise to claims for discrimination, harassment, defamation, breach of confidentiality or breach of contract.
Email messages are required to be disclosed in legal proceedings or in response to requests from individuals under the Data Protection Act 2018 in the same way as paper documents. Deletion from a user’s inbox does not mean that an email cannot be recovered for the purposes of disclosure. All email messages should be treated as potentially retrievable.
Staff must take extra care when sending sensitive or confidential information by email. Any attachments containing sensitive or confidential information should be encrypted so that the information is only accessible by the intended recipient.
If staff receive an email in error, the sender should be informed and the email deleted. If the email contains sensitive or confidential information, the user must not make use of that information or disclose that information.
If staff send an email in error which contains the personal information of another person, they must inform the ICT Manager Alex Burrows immediately and follow our data breach procedure.
Staff must not give their personal phone numbers to parents or pupils. Staff must use phones provided by the school to conduct all work-related business. School phones must not be used for personal matters.
Staff are permitted to occasionally use school ICT facilities for personal use subject to certain conditions set out below. Personal use of ICT facilities must not be overused or abused. The ICT Manager Alex Burrows may withdraw permission for it at any time or restrict access at their discretion.
Personal use is permitted provided that such use:
- Does not take place during teaching hours.
- Does not constitute ‘unacceptable use’, as defined in section 4
- Takes place when no pupils are present
- Does not interfere with their jobs, or prevent other staff or pupils from using the facilities for work or educational purposes
Staff should be aware that use of the school’s ICT facilities for personal use may put personal communications within the scope of the school’s ICT monitoring activities (see section 5.5). Where breaches of this policy are found, disciplinary action may be taken.
Staff should be aware that personal use of ICT (even when not using school ICT facilities) can impact on their employment by, for instance putting personal details in the public domain, where pupils and parents could see them.
Staff should take care to follow the school’s guidelines on social media (see appendix 1) and use of email (see section 5.1.1) to protect themselves online and avoid compromising their professional integrity.
Personal social media accounts
Members of staff should ensure that their use of social media, either for work or personal purposes, is appropriate at all times.
The school has guidelines for staff on appropriate security settings for social media accounts (see appendix 1).
Off site access (cloud based systems, Office 365 etc.)
We allow staff to access the school’s ICT facilities and materials from outside school. The majority of Park High’s systems are now cloud based for example Office365, Bromcom and SMID.
Staff accessing the school’s ICT facilities and materials remotely must abide by the same rules as those accessing the facilities and materials on-site. Staff must be particularly vigilant if they use the school’s ICT facilities outside the school and take such precautions as the ICT Manager Alex Burrows may require from time to time against importing viruses or compromising system security.
Our ICT facilities contain information which is confidential and/or subject to data protection legislation. Such information must be treated with extreme care and in accordance with our data protection policy.
School social media accounts
The school has an official Twitter page, managed by Ann Homes. Staff members who have not been authorised to manage, or post to, the account, must not access, or attempt to access the account.
The school has guidelines for what can and cannot be posted on its social media accounts. Those who are authorised to manage the account must ensure they abide by these guidelines at all times.
Monitoring of school network and use of ICT facilities
The school reserves the right to monitor the use of its ICT facilities and network. This includes, but is not limited to, monitoring of:
- Internet sites visited
- Bandwidth usage
- Email accounts
- Telephone calls
- User activity/access logs
- Any other electronic communications
Only authorised ICT staff may inspect, monitor, intercept, assess, record and disclose the above, to the extent permitted by law.
The school monitors ICT use in order to:
- Obtain information related to school business
- Investigate compliance with school policies, procedures and standards
- Ensure effective school and ICT operation
- Conduct training or quality control exercises
- Prevent or detect crime
- Comply with a subject access request, Freedom of Information Act request, or any other legal obligation
The school takes steps to protect the security of its computing resources, data and user accounts. However, the school cannot guarantee security. Staff, pupils, parents and others who use the school’s ICT facilities should use safe computing practices at all times.
All users of the school’s ICT facilities should set strong passwords for their accounts and keep these passwords secure.
Users are responsible for the security of their passwords and accounts, and for setting permissions for accounts and files they control.
Members of staff or pupils who disclose account or password information may face disciplinary action.
Software updates, firewalls, and anti-virus software
All of the school’s ICT devices that support software updates, security updates, and anti-virus products will be configured to perform such updates regularly or automatically.
Users must not circumvent or make any attempt to circumvent the administrative, physical and technical safeguards we implement and maintain to protect personal data and the school’s ICT facilities.
Any personal devices using the school’s network must all be configured in this way.
All personal data must be processed and stored in line with data protection regulations and the school’s data protection policy.
Access to facilities and materials
All users of the school’s ICT facilities will have clearly defined access rights to school systems, files and devices. These access rights are managed by ICT Manager Alex Burrows.
Users should not access, or attempt to access, systems, files or devices to which they have not been granted access. If access is provided in error, or if something a user should not have access to is shared with them, they should alert ICT Manager Alex Burrows immediately.
Users should always log out of systems and lock their equipment when they are not in use to avoid any unauthorised access. Equipment and systems should always be logged out of and closed down completely at the end of each working day.
The school ensures that its devices and systems have an appropriate level of encryption.
School staff may only use personal devices to access school data, work remotely, or take personal data (such as pupil information) out of school if they have been specifically authorised to do so by the headteacher.
Use of such personal devices will only be authorised if the devices have appropriate levels of security and encryption, as defined by the ICT Manager Alex Burrows.
Online Parents Evening (School Cloud)
Staff must abide by the online protocols included in the Park High School Remote Learning Policy when they are conducting online Parents Evenings through SchoolCloud.
The school wireless internet connection is secured. The school has a filtering system. Staff must report inappropriate sites that the filter hasn’t identified (or appropriate sites that have been filtered in error) to the ICT Manager Alex Burrows.
Staff must not give the wifi password to anyone who is not authorised to have it. Doing so could result in disciplinary action.
Monitoring and review
The headteacher Mrs C Eulert and ICT Manager Alex Burrows monitor the implementation of this policy, including ensuring that it is updated to reflect the needs and circumstances of the school.
This policy will be reviewed every academic year.
The governing board is responsible for approving this policy.
This policy should be read alongside the school’s policies on:
- Student ICT Policy
- Child Protection and Safeguarding
- Staff discipline
- Data protection
Appendix 1: Facebook cheat sheet for staff
Don’t accept friend requests from pupils on social media
10 rules for school staff on Facebook
- Change your display name – use your first and middle name, use a maiden name, or put your surname backwards instead
- Change your profile picture to something unidentifiable, or if not, ensure that the image is professional
- Check your privacy settings regularly
- Be careful about tagging other staff members in images or posts
- Don’t share anything publicly that you wouldn’t be just as happy showing your pupils
- Don’t use social media sites during school hours
- Don’t make comments about your job, your colleagues, our school or your pupils online – once it’s out there, it’s out there
- Don’t associate yourself with the school on your profile (e.g. by setting it as your workplace, or by ‘checking in’ at a school event)
- Don’t link your work email address to your social media accounts. Anyone who has this address (or your personal email address/mobile number) is able to find you using this information
- Consider uninstalling the Facebook app from your phone. The app recognises wifi connections and makes friend suggestions based on who else uses the same wifi connection (such as parents or pupils)
Check your privacy settings
- Change the visibility of your posts and photos to ‘Friends only’, rather than ‘Friends of friends’. Otherwise, pupils and their families may still be able to read your posts, see things you’ve shared and look at your pictures if they’re friends with anybody on your contacts list
- Don’t forget to check your old posts and photos – go to bit.ly/2MdQXMN to find out how to limit the visibility of previous posts
- The public may still be able to see posts you’ve ‘liked’, even if your profile settings are private, because this depends on the privacy settings of the original poster
- Google your name to see what information about you is visible to the public
- Prevent search engines from indexing your profile so that people can’t search for you by name – go to bit.ly/2zMdVht to find out how to do this
- Remember that some information is always public; your display name, profile picture, cover photo, user ID (in the URL for your profile), country, age range and gender
What do to if…
A pupil adds you on social media
- In the first instance, ignore and delete the request. Block the pupil from viewing your profile
- Check your privacy settings again, and consider changing your display name or profile picture
- If the pupil asks you about the friend request in person, tell them that you’re not allowed to accept friend requests from pupils and that if they persist, you’ll have to notify senior leadership and/or their parents. If the pupil persists, take a screenshot of their request and any accompanying messages
- Notify the senior leadership team or the headteacher about what’s happening
A parent adds you on social media
It is at your discretion whether to respond. Bear in mind that:
- Responding to one parent’s friend request or message might set an unwelcome precedent for both you and other teachers at the school
- Pupils may then have indirect access through their parent’s account to anything you post, share, comment on or are tagged in.
If you wish to decline the offer or ignore the message, consider drafting a stock response to let the parent know that you’re doing so
You’re being harassed on social media, or somebody is spreading something offensive about you
- Do not retaliate or respond in any way
- Save evidence of any abuse by taking screenshots and recording the time and date it occurred
- Report the material to Facebook or the relevant social network and ask them to remove it
- If the perpetrator is a current pupil or staff member, our mediation and disciplinary procedures are usually sufficient to deal with online incidents
- If the perpetrator is a parent or other external adult, a senior member of staff should invite them to a meeting to address any reasonable concerns or complaints and/or request they remove the offending comments or material
- If the comments are racist, sexist, of a sexual nature or constitute a hate crime, you or a senior leader should consider contacting the police
Appendix 2: Acceptable use agreement for staff, governors, volunteers and visitors
Acceptable use of the school’s ICT facilities and the Internet: agreement for staff, governors, volunteers and visitors
Name of staff member/governor/volunteer/visitor:
When using the school’s ICT facilities and accessing the Internet in school, or outside school on a work device, I will not:
I understand that the school will monitor the websites I visit and my use of the school’s ICT facilities and systems.
I will take all reasonable steps to ensure that work devices are secure and password-protected when using them outside school, and keep all data securely stored in accordance with this policy and the school’s data protection policy.
I will let the designated safeguarding lead (DSL) and ICT manager know if a pupil informs me they have found any material which might upset, distress or harm them or others, and will also do so if I encounter any such material.
I will always use the school’s ICT systems and Internet responsibly, and ensure that pupils in my care do so too.
Signed (staff member/governor/volunteer/visitor):