{{org_field_logo}}

{{org_field_name}}

Registration Number: {{org_field_registration_no}}

---

Online Safety Policy

1. Purpose

The purpose of this policy is to ensure the online safety of the people we support, staff, and visitors within {{org_field_name}}. This policy provides a clear framework for managing online risks, safeguarding individuals from potential harm, and promoting responsible and safe internet use. The digital world offers vast opportunities for communication, education, and social interaction; however, it also presents risks such as cyberbullying, scams, grooming, identity theft, and exposure to harmful content.

This policy aligns with Regulation 9 (Person-Centred Care), Regulation 10 (Dignity and Respect), Regulation 13 (Safeguarding Service Users from Abuse and Improper Treatment), and Regulation 17 (Good Governance) of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014. It also takes into account the Data Protection Act 2018, UK General Data Protection Regulation (UK GDPR), Equality Act 2010, and Keeping Children Safe in Education (KCSIE) 2023 where applicable.

2. Scope

This policy applies to all employees, agency staff, volunteers, people we support, visitors, and third-party contractors who use or have access to the internet, IT systems, or electronic communication devices within {{org_field_name}}. It covers:

• Internet usage (Wi-Fi access, browsing, and social media)
• Use of digital devices (smartphones, tablets, laptops, and assistive technology)
• Email and online communication (messaging apps, video calls, and forums)
• Online safeguarding and reporting concerns
• Cybersecurity measures and staff responsibilities

3. Related Policies

This policy should be read alongside the following:

• SL13 – Safeguarding Adults from Abuse and Improper Treatment Policy
• SL16 – Data Protection and Confidentiality Policy
• SL27 – Staff Supervision, Training, and Development Policy
• SL28 – Staff Conduct and Code of Ethics Policy
• SL42 – Communication and Engagement with People We Support and Families Policy
• SL45 – Complaints and Whistleblowing Policy

4. Principles of Online Safety Management

The following principles underpin {{org_field_name}}‘s commitment to online safety:

• Empowerment – People we support have the right to access the internet safely while being supported to understand and manage online risks.
• Protection – Safeguarding individuals from harm, exploitation, and online abuse is paramount.
• Privacy and Dignity – Online activity should respect personal privacy while maintaining security.
• Education and Awareness – Staff and the people we support should receive appropriate training and guidance on online safety.
• Prevention and Risk Management – Identifying and mitigating risks related to online interactions and cybersecurity threats.

5. Safe Internet and Device Usage

5.1 Internet Access and Wi-Fi Use

• Internet access must be monitored and controlled to prevent exposure to harmful content.
• Staff must support individuals in accessing safe and age-appropriate content.
• Filtering and monitoring software should be in place on all shared devices.
• Wi-Fi usage agreements must be signed by all users to ensure responsible usage.

5.2 Use of Digital Devices

• People we support have the right to use digital devices but should be guided on safe usage.
• Organisation-owned devices must have security software and controlled access settings.
• Personal devices used in the workplace must comply with data protection regulations.
• Devices should not be left unattended, and access should be password-protected.

5.3 Social Media and Online Communication

• People we support must be educated on the risks of sharing personal information online.
• Staff must promote positive and respectful communication on social media.
• Cyberbullying, harassment, and inappropriate online behaviour must be reported and addressed immediately.
• The use of dating websites and apps should be risk-assessed based on individual capacity and vulnerability.

6. Safeguarding Against Online Risks

6.1 Identifying Online Abuse and Exploitation

• Staff must be trained to recognise signs of online grooming, financial exploitation, radicalisation, and coercion.
• Any suspicious online activity should be reported through safeguarding procedures.
• Regular check-ins should be conducted to review internet interactions of vulnerable individuals.

6.2 Reporting and Managing Online Safety Concerns

• Concerns related to online safety must be reported to the Safeguarding Lead.
• Staff must follow internal reporting procedures for cybersecurity threats or breaches.
• If a crime has occurred (e.g., fraud, grooming, harassment), law enforcement must be contacted.
• A zero-tolerance policy must be upheld for any form of online abuse.

6.3 Preventing Financial Exploitation

• Staff should educate the people we support about scams, fraud, and identity theft.
• Online transactions must be conducted securely, and personal information should never be shared recklessly.
• Individuals who require support with finances should have appropriate safeguarding measures in place.

7. Cybersecurity and Data Protection

7.1 Password Management and Account Security

• Strong, unique passwords must be used for all organisation-related accounts.
• Multi-factor authentication (MFA) should be implemented where possible.
• Staff must never share login credentials or access information.

7.2 Data Protection and Confidentiality

• Personal data must be handled in accordance with the UK GDPR and Data Protection Act 2018.
• Sensitive information should not be shared via unencrypted emails or unsecured platforms.
• Access to digital records should be restricted to authorised personnel only.

7.3 Secure Use of Emails and Online Messaging

• Emails containing sensitive information should be encrypted where required.
• Staff should be aware of phishing scams and avoid clicking on suspicious links.
• Instant messaging apps used for communication with individuals must comply with confidentiality policies.

8. Training and Staff Responsibilities

8.1 Staff Training on Online Safety

• All staff must undergo mandatory online safety training during induction and annual refresher courses.
• Training must cover cybersecurity awareness, safeguarding against online abuse, recognising scams, and secure handling of personal data.

8.2 Staff Responsibilities

• Promote safe and responsible internet use for the people we support.
• Monitor and report any online safety concerns promptly.
• Ensure personal and organisational devices comply with security guidelines.
• Educate individuals on online risks and digital literacy skills.
• Uphold professional boundaries when using online communication tools.

9. Monitoring and Compliance

9.1 Internal Audits and Risk Assessments

• Regular risk assessments must be conducted to identify vulnerabilities in online safety measures.
• Internet usage monitoring tools should be reviewed periodically for effectiveness.
• Staff compliance with online safety protocols will be assessed through supervisions and audits.

9.2 CQC Compliance

• CQC inspectors may review online safety procedures, training records, and incident reports.
• Evidence of safeguarding individuals from online harm must be documented and available for review.

10. Policy Review

This policy will be reviewed annually or earlier if required due to technological advancements, legislative updates, or identified risks. Any changes will be communicated to all staff and the people we support.

---

Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next Review Date: {{next_review_date}}
Copyright © {{current_year}} – {{org_field_name}}. All rights reserved.