Appropriate Filtering for Education Settings

Based on proposed reforms to legislation, in March 2016, the UK Safer Internet Centre issued advice on what constitutes appropriate filtering for the Education sector. The revised statutory Keeping Children Safe in Education guidance from the Department for Education came into effect on September 5th 2016, and references the UK Safer Internet Centre's advice.

Both the advice and the statutory guidance outline the safeguarding duties that schools and colleges should carry out to promote the welfare of the children within their care. We are committed to supporting schools in carrying out their safeguarding duties, and have outlined below how we meet these standards. Our official certification for the UK Safer Internet Centre is also available for download.

It is important to recognise that no filtering systems can be 100% effective and need to be supported with good teaching and learning practice and effective supervision.

Illegal Online Content

Our Web Gateway and UTM online safety systems ensure that access to illegal content is blocked. The UK Safer Internet Centre advises that providers:

Aspect Rating Explanation
Are IWF Members Pass We are IWF members.
and block access to illegal Child Abuse Images (by actively implementing the IWF CAIC list). Pass The IWF CAIC list is integrated into the Child Abuse Images filtering category and we have successfully completed the IWF's certification process.
Integrate the ‘the police assessed list of unlawful terrorist content, produced on behalf of the Home Office’. Pass The police assessed list of unlawful terrorist content, produced on behalf of the Home Office is integrated into the Radicalisation filtering category.

Inappropriate Online Content

Recognising that no filter can guarantee to be 100% effective, the following table confirms and describes how Opendium Web Gateway and Opendium UTM manage the following content:

Content Description Rating Explanation
Discrimination Promotion of the unjust or prejudicial treatment of people on the grounds of race, religion, age, or sex. Pass We provide a Discrimination category which covers content that promotes the unjust or prejudicial treatment of people on the grounds of race, religion, age, or sex.
We also provide a Hate category which covers content promoting religious or racial hate.
Drugs / Substance abuse Promotion of the illegal use of drugs or substances. Pass We provide a Drugs category which covers content that promotes or facilitates recreational drug use, including "legal highs". This category does not include educational material about recreational drugs and information about medicinal drugs.
Extremism Promotion of terrorism and terrorist ideologies, violence or intolerance Pass We provide a Radicalisation category which covers radicalisation, extremism and terrorism. This includes the police assessed list of unlawful terrorist content, produced on behalf of the Home Office.
Malware / Hacking Promotion of the compromising of systems including anonymous browsing and other filter bypass tools as well as sites hosting malicious content. Pass We provide a Cracking category which covers information about how to gain illicit entry to computer systems.
Pornography Sexual acts or explicit images. Pass We provide a Pornography category which covers pornographic content. This does not include non-sexualised images (e.g. medical information).
Piracy and copyright theft Illegal provision of copyrighted material. Pass We provide a Copyright Infringement category which covers content that promotes and facilitates illegal downloading of copyrighted content, such as sofware, music, movies, etc.
Self Harm Promotion or display of deliberate self harm (including suicide and eating disorders). Pass We provide a Self Harm category which covers content that promotes self harm and suicide.
Violence Promotion or display of the use of physical force intended to hurt or kill. Pass We provide a Violence category which covers content that promotes violent acts.

This list is not exhaustive. We maintain a selection of predefined categories, and updates to the categorisation criteria are downloaded every hour. Websites and web searches are categorised using a variety of methods, including through a database of known web addresses and by real time content analysis. By analysing content on the fly, the system can effectively filter new content and websites that tailor dynamic content to the individual user, such as social networking sites. School system administrators can add filtering criteria to the categories to either augment or override the predefined criteria. School administrators can also add their own custom categories.

Opendium Web Gateway and Opendium UTM allow school administrators a lot of scope for tuning the system to meet their needs. The sensitivity of the filters can be adjusted and administrators can decide whether or not repeat offenders should have their web access automatically disabled. Miscategorised websites can be manually recategorised instantly, or the filters completely disabled for educational websites. Users can be given the option to override the filters afer being shown a warning, and users can report miscategorised pages directly to us for recategorisation. Comprehensive reports can be generated on an automatic or ad-hoc basis to ensure that staff can spot and follow up on concerning behaviour. Location based filtering is also included, which can be used to relax filters in supervised parts of the school.

Schools may decide that, for some categories, rather than risk overblocking it is better to allow access and to follow up concerning behaviour that is highlighted by the reporting system. A variety of reporting tools are provided to facilitate this, such as the unique Word Cloud report that flags up search phrases which fall into concerning categories. This provides an easy and understandable way for staff to drill down into the data.

Filtering System Features

The following table describes how Opendium Web Gateway and Opendium UTM meet the principles set out by the UK Safer Internet Centre:

Principle Rating Explanation
Age appropriate, differentiated filtering – includes the ability to vary filtering strength appropriate to age and role. Pass Opendium Web Gateway and Opendium UTM both integrate with the school's existing user directory and provide a hierarchical system to configure and refine filtering policies and filter sensitivity on a per-usergroup, per-network or per-user basis.
Control - has the ability and ease of use that allows schools to control the filter themselves to permit or deny access to specific content. Pass The web based user interface allows school administrators to adjust settings from anywhere in the school, with immediate effect. All of our customers have direct access to our experienced engineers, who endeavour to provide high quality telephone and email support.
Filtering Policy – a published rationale that details our approach to filtering with classification and categorisation as well as over blocking. Pass Our filtering rationale is described in our knowledgebase. A description for each category, outlining the categorisation criteria, is provided through the system's user interface.
Identification - the filtering system should have the ability to identify users. Pass Opendium Web Gateway and Opendium UTM both support a variety of user identification methods, such as Kerberos single sign on for workstations and RADIUS accounting, WISPr and captive portal for mobile devices / BYOD.
Mobile and App content – mobile and app content is ofen delivered in entirely different mechanisms from that delivered through a traditional web browser. To what extent does the filter system block inappropriate content via mobile and app technologies (beyond typical web browser delivered content) Pass By providing a comprehensive transparent proxy service with both passive and active HTTPS inspection and decryption, Opendium Web Gateway and Opendium UTM both allow the school to control apps that communicate using HTTP and HTTPS, and these comprise the vast majority of apps.
A minority of apps use entirely different delivery mechanisms, and Opendium Web Gateway provides a firewall that can control these on a per-network basis. Opendium UTM extends this capability to allow fine grained control over these apps by user group or individual user, in a similar way to web traffic.
Multiple language support – the ability for the system to manage relevant languages. Pass The use of a wide variety of categorisation methods makes the system largely language agnostic, filtering both English language and foreign language websites alike.
Network level - filtering should be applied at ‘network level’ i.e., not reliant on any software on user devices. Pass Opendium Web Gateway and Opendium UTM both provide network level filtering and do not require sofware to be installed on user devices. This is provided through a combination of deep packet inspection, transparent proxying and both active HTTPS interception and passive HTTPS inspection.
Reporting mechanism – the ability to report inappropriate content for access or blocking. Pass Where websites have been blocked due to built in filtering criteria, the user is given an option to report a miscategorisation of the website to us. We also take underblocking very seriously and welcome reports of such instances. We continually work with our customers to address any concerns and improve the accuracy of the filters.
Reports – the system offers clear historical information on the websites visited by your users. Pass Opendium Web Gateway and Opendium UTM keep historical logs and can generate a variety of reports to allow staff to drill down into the data.

Filtering systems are only ever a tool in helping to safeguard children when online and schools have an obligation to “consider how children may be taught about safeguarding, including online, through teaching and learning opportunities, as part of providing a broad and balanced curriculum”. Our products have always been developed hand-in-hand with schools. Schools are on the front line and in the best position to know what tools they need and we always try to listen and develop those tools.

We also provide training and advice to school ICT staff, and can offer consultancy services to improve schools' network infrastructure to cater for their ever changing requirements.

Self-Certification Declaration

In order that schools can be confident regarding the accuracy of the self-certification statements, we confirm:

  • that our self-certification responses have been fully and accurately completed by a person or persons who are competent in the relevant fields
  • that we will update our self-certification responses promptly when changes to the service or its terms and conditions would result in the existing compliance statement no longer being accurate or complete
  • that we will provide any additional information or clarification sought as part of the self-certification process
  • that if at any time, the UK Safer Internet Centre is of the view that any element or elements of our self-certification responses require independent verification, we will agree to that independent verification, supply all necessary clarification requested, meet the associated verification costs, or withdraw our self-certification submission.