Hi Sophos / Community,
Please can someone confirm that Sophos Firewall Web Fitlering is compliant with the UK Government's Keeping Children Safe In Education standards? I'm unable to provide a direct link to the UK GOV website where this inforamtion is shown as this forum automatically flags it as spam, and the post removed by the automod.
You can readily find these standards by searching for the aforementioned, but in particualr I would like to know if the Sophos Firewall Web Filtering is capable of the following (excerpt):
Technical requirements to meet the standard
Make sure your filtering provider is:
a member of Internet Watch Foundation (IWF)
signed up to Counter-Terrorism Internet Referral Unit list (CTIRU)
blocking access to illegal content including child sexual abuse material (CSAM)
If the filtering provision is procured with a broadband service, make sure it meets the needs of your school or college.
Your filtering system should be operational, up to date and applied to all:
users, including guest accounts
school owned devices
devices using the school broadband connection
Your filtering system should:
filter all internet feeds, including any backup connections
be age and ability appropriate for the users, and be suitable for educational settings
handle multilingual web content, images, common misspellings and abbreviations
identify technologies and techniques that allow users to get around the filtering such as VPNs and proxy services and block them
provide alerts when any web content has been blocked
Mobile and app content is often presented in a different way to web browser content. If your users access content in this way, you should get confirmation from your provider as to whether they can provide filtering on mobile or app technologies. A technical monitoring system should be applied to devices using mobile or app content to reduce the risk of harm.
It is important to be able to identify individuals who might be trying to access unsuitable or illegal material so they can be supported by appropriate staff, such as the senior leadership team or the designated safeguarding lead.
Your filtering systems should allow you to identify:
device name or ID, IP address, and where possible, the individual
the time and date of attempted access
the search term or content being blocked
Schools and colleges will need to conduct their own data protection impact assessment (DPIA) and review the privacy notices of third party providers. A DPIA template is available from the ICO.
The DfE data protection toolkit includes guidance on privacy notices and DPIAs.
The UK Safer Internet Centre has guidance on establishing appropriate filtering.
Your senior leadership team may decide to enforce Safe Search, or a child friendly search engine or tools, to provide an additional level of protection for your users on top of the filtering service.
All staff need to be aware of reporting mechanisms for safeguarding and technical concerns. They should report if:
they witness or suspect unsuitable material has been accessed
they can access unsuitable material
they are teaching topics which could create unusual activity on the filtering logs
there is failure in the software or abuse of the system
there are perceived unreasonable restrictions that affect teaching and learning or administrative tasks
they notice abbreviations or misspellings that allow access to restricted material
If possible / more appropriate, can someone tell me where I may find an authority from Sophos who can verify the above?
[edited by: emmosophos at 6:32 PM (GMT -7) on 5 Sep 2023]