Ofsted’s eight e-safety demands


E-safety continues to be a key priority for schools. Education technology expert Chris Pates offers advice to help achieve the eight key features of good and outstanding practice identified by Ofsted.

With more pupils than ever gaining access to technology, and at an ever earlier age, the new Ofsted framework for school inspection – introduced in September 2012 and updated in April 2014 – includes specific requirements for schools on e-safety to achieve good or outstanding grading.

Whole-school consistent approach

The first key feature called for is a whole-school approach to e-safety. This means ensuring that all teaching and non-teaching staff can recognise and are aware of e-safety issues, that the senior leadership and management team make it a priority across all areas of the school, and that there is a commitment to training, the development of policies, and a straightforward consistent approach when tackling an incident.

E-safety is not really about technology – it is about people and their actions. Technology provides new learning opportunities – online collaboration, anytime anywhere learning and communication – but at the same time can provide additional opportunities for students to access material they shouldn’t, or be treated by others inappropriately.

Schools must therefore engage and encourage the contribution of pupils, parents and the wider school community. This requires implementing clear channels of reporting of potential e-safety issues by both students and parents. 

These could take the form of regular in-school events to allow dialogue to take place between parents and teaching staff where advice and information could be offered regarding e-safety and safeguarding issues. 

In addition, the appointment of an e-safety co-ordinator or committee to provide a consistent point of contact on these issues has proven highly successful in many schools. 

Schools that are ready to demonstrate good practice in their e-safety policy and procedures should look to apply for the E-Safety Mark, a recognised standard that requires a visit from an assessor.

Robust and integrated reporting routines

Schools with good e-safety systems in place must have clearly understood online reporting procedures that are used by the whole school, with clear, signposted and respected routes to key members of staff. 

Schools do not exist in isolation – an e-safety incident can easily involve students from a number of schools. Make it easy for a representative from another school to reach the right person. 

Contact details should be published on the school website – in some local authorities a separate email address is used – for example esafety@school-mail-domain.sch.uk. This keeps sensitive e-safety – related emails separate from their normal work emails, and in larger schools the account can be managed by an e-safety committee or pastoral team.


As well developing the right reporting systems, it is important that all teaching and non-teaching staff receive regular and up-to-date training.

The first thing schools should do – as expected of good or outstanding schools – is ensure that at least one member of staff within the school has received accredited training, such as CEOP or EPICT. More broadly, schools should look into more comprehensive programmes of e-safety training available from recognised organisations such as Fantastict. These allow not only teachers, but other associated stakeholders, including support staff, governors and parents/carers, as well as youth groups and libraries, to have access to regular training.

There is also a wealth of resources online, including training videos, which schools should make the most of to encourage pupils to take their online behaviour seriously. An intranet or extranet e-safety site, hosting the school’s policy and a collection of articles and resources, can make the information easy to curate and so that everyone knows where to find it.


Inspectors are looking to make sure that schools have in place rigorous e-safety policies and procedures. These need to be clearly written and simple to understand, and involve contribution and regular updates from the whole school, from students to governors. For example, why not ask students for their views on the key policies that will affect them, such as web-filtering and Acceptable Use Policies? It should be clear where contributions from wider staff and students have been made to the development of the policies.

Revisit your other school policies, such as behaviour, safeguarding and anti-bullying, to make sure they are relevant in the digital world.


There are a number of factors to bear in mind when developing an e-safety curriculum that is age-appropriate, relevant and engages pupils’ interest, as Ofsted calls for.

Flexibility and adaptability is key – not all guidance is appropriate for all age groups, and lesson plans must take into account not only this, but the way in which trends in access to technology are consistently changing.

There must be a clear focus on safety and showing pupils how to protect themselves from harm, particularly with regards to cyber-bullying and dealing with strangers online. 


To achieve good or outstanding e-safety practice, schools must have quality, well-managed, IT infrastructure in place. The school’s infrastructure should include a “recognised internet service provider”, local authority or Regional Broadband Consortium.

The school must also have age-appropriate filtering in place, and ensure the filtering allows choice with regards to what staff and students can access, and when that access is allowed. As a minimum, any web-filtering solution must ensure the Internet Watch Foundation (IWF) lists are always blocked.

Alongside this, clear procedures for the re-categorisation or unfiltering of sites are important. Remember, no matter how good your filtering solution, sites will be missing and others will be mis-classified. The important thing is being able to address the errors quickly.

Monitoring and evaluation

Regardless of how sophisticated the systems you put in place there will be incidents. Ofsted is looking for schools to take risk-assessment seriously and use it to help promote e-safety.

Potential risks – such as inappropriate content, cyber-bullying or identity theft – should be identified and weighed up, and processes put in place to address the risks. The digital world is evolving at a remarkable rate, so like health and safety it is a case of risk-management and having the mechanisms to address new issues. Detailed, accurate logs after incidents can greatly aid in determining what happened and inform decision-making to manage that risk.

Schools should undertake regular evaluation of their e-safety systems to make sure they are working well. Where possible, this should be done formally – looking back at documented incidents and judging how well the procedures helped to handle the situation.

An added complication of dealing with an e-safety incident is the need for technical expertise to gather and interpret information. A senior member of the school ICT team needs to be part of the e-safety group, alongside appropriate teaching and pastoral staff.

Management of personal data

Finally, Ofsted requires good and outstanding schools to ensure personal data is managed securely and that all professional communications through technology between the school and students, their families or others, have clear professional boundaries and are transparent and open to scrutiny.

Email is well suited to this purpose; most parents have an email account. All emails are automatically retained in most email services, and where appropriate a member of the school’s ICT team can gather the emails into a comprehensive communication log. 

Where a discussion occurs in person or by phone it can be very effective to briefly summarise the discussion and list any actions or outcomes in an email to the other party, so all parties have a record and any difference in recollection can be resolved. 

  • Chris Pates is an education technology expert with Frog.


Please view our Terms and Conditions before leaving a comment.

Change the CAPTCHA codeSpeak the CAPTCHA code
Sign up SecEd Bulletin