Filtering and monitoring standards for schools and colleges

Find out what standards your school or college should meet on filtering and monitoring.

Schools and colleges have a statutory responsibility to keep children and young people safe online as well as offline. Governing bodies and proprietors should make sure their school or college has appropriate filtering and monitoring systems in place, as detailed in the statutory guidance, Keeping children safe in education.

Filtering is preventative. It refers to solutions that protect users from accessing illegal, inappropriate and potentially harmful content online. It does this by identifying and blocking specific web links and web content in the form of text, images, audio and video.

Monitoring is reactive. It refers to solutions that monitor what users are doing on devices and, in some cases, records this activity. Monitoring can be manual, for example, teachers viewing screens as they walk around a classroom. Technical monitoring solutions rely on software applied to a device that views a user’s activity. Reports or alerts are generated based on illegal, inappropriate, or potentially harmful activities, including bullying. Monitoring solutions do not block users from seeing or doing anything.

The job titles in these standards may not fit your educational setting, but the responsibilities described should be applied to the most relevant person.

These standards help school and college leaders, designated safeguarding leads and IT support understand how to work together to make sure they can effectively safeguard their students and staff.

Identify and assign roles and responsibilities to manage your filtering and monitoring systems

Why this standard is important

Schools and colleges should provide a safe environment to learn and work, including when online. Filtering and monitoring are both important parts of safeguarding students and staff from illegal, inappropriate and potentially harmful online material. 

Clear roles, responsibilities and strategies are vital for delivering and maintaining effective filtering and monitoring systems. It’s important that your designated safeguarding lead (DSL) and IT support work together, using their professional expertise to make informed decisions. Governors and your senior leadership team (SLT) should provide support as required.

How to meet the standard

Governing bodies and proprietors have overall strategic responsibility for filtering and monitoring and need assurance that the standards are being met. 

To do this, they should identify and assign: 

  • a member of the SLT and a governor, to be responsible for ensuring these standards are met
  • the roles and responsibilities of staff and third parties, for example, in-house or third-party IT support

There may not be full-time staff for each of these roles. Some responsibilities may lie as part of a wider role within the school, college, or trust. However, it must be clear who is responsible and it must be possible to make prompt changes to your provision.

Technical requirements to meet the standard  

The SLT is responsible for:

  • buying filtering and monitoring systems
  • documenting decisions on what is blocked or allowed and why
  • reviewing the effectiveness of your provision
  • overseeing reports

They are also responsible for making sure that all staff: 

  • understand their role
  • are appropriately trained
  • follow policies, processes and procedures
  • act on reports and concerns

Senior leaders should work closely with governors or proprietors, the DSL and IT support in all aspects of filtering and monitoring. Your IT support may be in-house or a third-party service provider.

Day-to-day management of filtering and monitoring systems requires the specialist knowledge of both safeguarding and IT support to be effective.

Your DSL should lead on safeguarding and online safety as detailed in the Keeping children safe in education statutory guidance. This should include, among other duties:

  • checking relevant reports 
  • responding to safeguarding concerns identified by filtering and monitoring
  • providing governors with assurance that filtering and monitoring systems are working effectively and reviewed regularly

Your DSL should take any necessary action in line with Keeping children safe in education and your existing safeguarding policies. Make sure all users, parents and carers are aware of your policy.

Your in-house or third-party IT support have technical responsibility for:

  • maintaining filtering and monitoring systems
  • providing filtering and monitoring reports
  • completing actions following concerns or system checks

Your in-house or third-party IT support should work with your SLT and DSL to:

  • help buy systems
  • identify risk
  • carry out reviews
  • carry out checks

When to meet the standard 

You should already be meeting this standard. 

Review your filtering and monitoring provision at least annually

Why this standard is important

For filtering and monitoring to be effective it should meet the needs of your students and staff. It should reflect your specific use of technology while minimising potential harms. 

To understand and evaluate the changing needs and potential risks of your school or college, you should review your filtering and monitoring provision at least once every academic year. 

The review process should identify additional filtering and monitoring checks that are needed. This will give governing bodies and proprietors assurance that systems are working effectively and meeting safeguarding obligations.

How to meet the standard

Governing bodies and proprietors have overall strategic responsibility for meeting this standard. They should make sure that filtering and monitoring provision is reviewed at least once every academic year. This can be part of a wider online safety review. 

The review should be conducted by members of the senior leadership team, the designated safeguarding lead, and IT support. It should also involve the responsible governor. You should record the results of the online safety review and make it available to anyone who is entitled to inspect that information.

Technical requirements to meet the standard  

A review of filtering and monitoring should be carried out to identify your current provision, any gaps, and your students’ and staff’s specific needs. 

You need to understand:

  • how your students’ risk profile could inform your approach to filtering and monitoring, considering things such as their age, if they have any special education needs and disabilities (SEND) and whether they have English as an additional language (EAL)
  • what your filtering system currently blocks or allows
  • technical limitations, for example, whether your solution can filter real time content
  • any outside safeguarding influences, such as county lines
  • any relevant safeguarding reports or serious incidents
  • the digital resilience of your students
  • teaching requirements, for example, your relationships, sex and health education (RHSE) and personal, social, health and economic (PSHE) curriculum
  • how your school or college uses technology, including bring your own device (BYOD) for students and staff, and generative AI tools
  • what related safeguarding or technology policies are in place
  • what checks are currently taking place and how resulting actions are handled
  • any technical set-up recommendations to make sure the system works effectively

To make your filtering and monitoring provision effective, your review should inform:

  • related safeguarding or technology policies and procedures
  • roles and responsibilities
  • staff training
  • curriculum and learning opportunities
  • how often and what is checked
  • monitoring strategies
  • procurement decisions

Following system or equipment changes, you should seek assurance that all filtering and monitoring solutions will continue to work on all school-managed devices.

The review should take place, as a minimum, once every academic year or when: 

  • a safeguarding risk is identified
  • there is a change in working practice, like remote access or BYOD
  • new technology is introduced, such as new devices
  • major software updates occur
  • there are changes to the technical configuration of the network and devices

If your review identifies any risks or issues with filtering and monitoring on devices, you will need to investigate. Try to resolve the issue by reviewing your filtering and monitoring provision or adjusting your device settings. Always consider your student risk profile when deciding whether to continue using the devices in question.

There are links and advice to further guidance in the reviewing online safety section of Keeping children safe in education.  

Checks to your filtering provision need to be completed and recorded as part of your filtering and monitoring review process. How often the checks take place should be based on your school or college context, the risks highlighted in your filtering and monitoring review, and any other risk assessments. Checks should be made from both a safeguarding and IT perspective.

When checking filtering and monitoring systems you should make sure that the system setup has not changed or been deactivated. This should include checking:

  • school or college owned devices and services – these are all internet connected devices managed by the school or college, even if they are taken home, and include laptops, tablets and audiovisual equipment
  • locations and different sites if there are buildings, schools or colleges on different premises
  • that user group accounts are filtering the correct content for students, staff and guests

You should keep a log of your checks so they can be reviewed. You should record:

  • when the check took place
  • who did the check
  • what they tested or checked
  • resulting actions

You should make sure that:

  • all staff know how to report and record concerns
  • filtering and monitoring systems work on new devices and services before distributing them
  • inappropriate content that you choose to block is reviewed and updated in line with changes to guidance and safeguarding risks

You can use South West Grid for Learning’s (SWGfL) testing tool to check that, as a minimum, your filtering system is blocking access to: 

  • illegal child abuse material
  • unlawful terrorist content
  • adult content

When to meet the standard 

You should already be meeting this standard. 

Filtering systems should block harmful and inappropriate content, without unreasonably impacting teaching and learning

Why this standard is important 

An active and well-managed filtering system is an important part of providing a safe environment for students to learn. 

No filtering system can be 100% effective. You need to understand:

  • your filtering system’s coverage
  • any limitations

You should mitigate against these limitations to minimise harm and meet your statutory duties in the filtering and monitoring section of Keeping children safe in education and the Prevent duty guidance: England and Wales (2023)

An effective filtering system needs to block internet access to harmful sites and inappropriate content. It should not: 

  • unreasonably impact teaching and learning or school or college administration
  • restrict students from learning how to assess and manage risk themselves

How to meet the standard  

Governing bodies and proprietors need to support the senior leadership team (SLT) to procure and set up systems which meet this standard and satisfy your school or college risk profile. This may need to be different for different user types, year groups and subjects.

Your filtering system should not have a blanket filtering profile for all users. As a minimum, student and staff profiles should be in place to provide differing levels of access to online content.

Filtering system management requires specialist knowledge from both safeguarding and IT support to be effective. You may need to ask your filtering provider for system specific training and support.

Technical requirements to meet the standard  

The Internet Watch Foundation (IWF) and Counter-Terrorism Internet Referral Unit (CTIRU) provide lists of illegal websites that filtering providers can block as part of their service, known as blocklists. Schools and colleges must make sure these blocklists are included with their filtering solutions. Your school or college should not be able to disable these blocklists or remove items from them.

Also make sure that your filtering provider is: 

  • a member of IWF
  • signed up to CTIRU
  • regularly updating blocklists based on information from IWF and CTIRU

Some schools and colleges may want to block additional, inappropriate content that their filtering system does not automatically block. Your system should allow you to add this content locally. Any additions should not disrupt or affect teaching and learning.

Your filtering system should be active, up to date and applied to all: 

  • school or college-managed devices, including those taken off-site 
  • unmanaged devices under a bring your own device (BYOD) scheme  
  • guests who have access to the school internet

Devices that are not school or college-managed, should  be on a separate virtual network. Check with your provider to find out whether your filtering system:

  • identifies and appropriately filters all internet feeds, including any backup connections and portable wifi devices
  • is appropriate for the age and ability of the users
  • is suitable for educational settings
  • identifies multilingual web content, images, common misspellings and abbreviations
  • provides alerts when web content of concern has been blocked
  • blocks technologies and techniques that allow users to get around the filtering, such as VPNs, proxy services and end-to-end encryption methods

If you are unsure about how to do this, ask your IT support or filtering provider to block these technologies at a system level. Also ask them to make sure that networks and clients are appropriately configured, this covers everything from firewalls and browsers to operating systems and software.

Mobile and app content is often presented in a different way to web browser content. If your users access content in this way, you should get confirmation from your provider as to whether they can provide filtering on mobile or app technologies. A technical monitoring system should be applied to devices using mobile or app content to reduce the risk of harm.

It is important to be able to identify individuals who might be trying to access unsuitable or illegal material so they can be supported by appropriate staff, such as the SLT or the designated safeguarding lead. 

Your filtering systems should allow you to identify, as a minimum: 

  • device name or ID, IP address, and where possible, the individual
  • the time and date of attempted access
  • the search term or content being blocked

Schools and colleges will need to conduct their own data protection impact assessments (DPIA) and review the privacy notices of third-party providers. DPIA template is available from the Information Commissioner’s Office (ICO). 

The DfE data protection toolkit includes guidance on privacy notices and DPIAs.

Search engines used should have safe search enabled by default, or use a child-friendly search engine, to provide an additional level of protection for your users in addition to the filtering service. Make sure that:

  • your safe search engine is locked into your chosen browser and cannot be changed
  • users cannot download additional browsers or unauthorised plugins

If the filtering provision is procured with a broadband service, ask your broadband provider how it meets these requirements.

All staff need to be aware of reporting mechanisms for safeguarding and technical concerns. They should report if:  

  • they witness or suspect unsuitable material has been accessed
  • they can access unsuitable material
  • they are teaching topics which could create unusual activity on the filtering logs
  • there is failure in the software or abuse of the system
  • there are perceived unreasonable restrictions that affect teaching and learning or administrative tasks
  • they notice abbreviations or misspellings that allow access to restricted material

The UK Safer Internet Centre has guidance on establishing appropriate filtering.

Dependencies to the standard 

Check that you meet:

When to meet the standard 

You should already be meeting this standard. 

Have effective monitoring strategies that meet the safeguarding needs of your school or college

Why this standard is important

Monitoring user activity on school and college devices is an important part of providing a safe environment for students and staff. Unlike filtering, it does not stop users from accessing material through internet searches or software. 

Monitoring allows you to review user activity on school and college devices. There are both technical and manual solutions. Which solution your school or college uses will depend on your educational setting, including:

  • student age
  • student risk profile
  • whether screens are easy to see
  • number of devices in use
  • whether devices are used off-site, for example, at home

For monitoring to be effective it must pick up incidents that are of concern urgently, usually through alerts or observations, allowing you to take prompt action and record the outcome.                                            

How to meet the standard  

All staff should conduct a level of in-person monitoring if they are in a room with students on devices, as part of wider classroom supervision. Some schools and colleges may decide to have additional technical monitoring solutions in place to reduce any risks identified during the review.

The designated safeguarding lead (DSL) is responsible for any safeguarding and child protection matters that are identified through monitoring. 

The management of technical monitoring systems requires the specialist knowledge of both safeguarding and IT support to be effective. Training should be provided to make sure their knowledge is current. You may need to ask your technical monitoring system provider for system-specific training and support.

Technical requirements to meet the standard  

Your monitoring plan should include how you will monitor students when using school-managed devices connected to the internet. This could include:

  • device monitoring using device management software
  • in-person monitoring in the classroom
  • network monitoring using log files of internet traffic and web access

As a minimum, your monitoring plan should include weekly monitoring reports highlighting incidents. It should also include immediate reports when an incident is classed as high-risk, for example, those of a malicious, technical or safeguarding nature.

Make sure that everyone using your school’s network knows that filtering and monitoring processes are in place. Technical monitoring systems should also notify users that the device is being monitored. This could be a message each time they log in.

Your monitoring plan should include how you communicate with staff about accepted ways of responding to incidents, including:

  • how to deal with incidents
  • who should lead on any actions
  • when incidents should be acted on, in line with your school’s policy – read the first standard about filtering and monitoring roles and responsibilities to help with this

There should be a documented process for recording incidents that includes what action was taken and the outcomes. This will help you to understand the effectiveness of your filtering and monitoring plan.

The UK Safer Internet Centre has guidance for schools and colleges on establishing appropriate monitoring.

Device monitoring can be managed by in-house or third-party IT support, who need to: 

  • make sure monitoring systems are working as expected both on-site and off-site
  • provide reporting on student device activity
  • receive safeguarding training including online safety
  • record and report safeguarding concerns to the DSL

Make sure that:

  • monitoring data is received in a format that your staff can understand
  • users are identifiable to the school or college, so concerns can be traced back to an individual, including guest accounts where possible

If mobile or app technologies are used then you should apply a technical monitoring system to the devices, as your filtering system might not pick up mobile or app content. 

In the online safety section of Keeping children safe in education there is guidance on the 4 areas of risk that users may experience when online. Your monitoring provision should identify and alert you to behaviours associated with them. 

Technical monitoring systems do not stop unsafe activities on a device or online. Staff should:

  • provide effective supervision
  • take steps to maintain awareness of how devices are being used by students
  • report any safeguarding concerns to the DSL

School and college monitoring procedures need to be reflected in your acceptable use policy (AUP). Add them to relevant online safety, safeguarding and organisational policies, such as privacy notices.

Schools and colleges that have a technical monitoring system will need to conduct their own data protection impact assessment (DPIA) and review the privacy notices of third-party providers. Visit the Information Commissioners Office website to download a DPIA template

The DfE data protection toolkit includes guidance on privacy notices and DPIAs.

Dependencies to the standard  

Check that you meet:

When to meet the standard 

You should already be meeting this standard.