Are You Compliant? The Prevent Duty KCSIE

05/09/2016 09:51

Are You Compliant: The Prevent Duty KCSIE

Keeping children safe in education.

Safeguarding isn’t a new issue in the Education sectors quest to keep children safe however in May 2016 the Department of Education  revisited the statutory guidance ‘Keeping Children Safe in Education’ and have brought in new obligations that schools and colleges are required to follow.


From the 5th September these new revisions will be initiated and educational institution will be required to actively monitor, report and introduce appropriate filtering systems to protect young people online.

The prevent duty is focused on protecting younger generations from assessing harmful or inappropriate material on a school or college IT system.


These new provisions can be tricky to get your head around. The DoE want ‘appropriate restrictions’ but at the same time don’t want ‘over blocking’ that leads to unreasonable restrictions, effecting online teaching and education.

This is a complex time for techies within the educational sector. To help you we have outlined the main points of the Prevent Duty and more importantly, the solutions to best implement this new duty.

Not adhering to these guidelines will have serious effects on your establishments OFSTED rating and will ultimately lead to failed visits and negative impacts on the overall rating.

See below on how to comply:



Appropriate Filtering

The new changes to content filtering require the integration of specific databases as a minimum requirement. Many institutes already have some form of content filtering system in place however research shows the majority of them are inadequate.  This means most schools and colleges will now be needing to review and consider new or more appropriate options.

Is my content filtering adequate?

To comply, your monitoring provider needs to be an IWF (Internet Watch Foundation) Member which provides access to the child abuse image content (CAIC) list, as well integrating the home office police assessed list Counter Terrorism Internet Referral Unit (CTIRU). The CTIRU is a police assessed list which keeps track of unlawful terrorist content. This list needs to be fully integrated into your web filtering solution and categorised separately.



Inappropriate Online Content

At least 8 categories come under the inappropriate and illegal content bracket. Whilst this is not an exhaustive list, adhering to these topics will protect the young people on the network without over blocking leading to unreasonable restrictions.

What to filter:

harmful and illegal content



Encrypted web traffic: how to get through

A major speed bump many educational entities will face when becoming compliant is how to manage encrypted content.

Gartner has found that only 10% of firewall appliances have HTTPS filtering enabled. This is essential for inspecting encrypted data passing through the network. Current research shows 25%-40% of web traffic is now SSL encrypted, websites like Google and Facebook are all using this kind of encryption. Without deep packet inspection, you’re network is blind to any of this traffic passing through and your filtering policies will fail.

This is a big problem. Schools and colleges are now going to have to re-assess their firewall appliances and any that don’t offer Deep Packet Inspection (DPI-SSL) are no use and will need to be replaced.



Additional to filtering, the way the traffic is monitored will also need to meet requirements.

One of the main requirements under the monitoring arm is the ability to create policies and alerts based on site access and searches. Schools and colleges will need to have real-time alerts in place should users search for black-listed web content.

What is needed here is a programme to work with your firewall and network. You will need to have the capacity to set custom alerts upon attempted access to black-listed sites and specific search terms are used via sites such as Google, Yahoo and Bing.

As well as the list, the programme will also need to provide both historic and real-time reports.



The Solution

The information we have provided will hopefully help to give you a clearer view of what is required of your educationally institute and help you comply with the new Prevent Duty.

Dell SonicWALL

Even with all of this information, it can still be confusing as to what products/services to use to be fully compliant. Fortunately there is one solution to meet all the requirements under the Prevent Duty.

SonicWALL appliances provide a security service second to none. Fully recognised and trusted in the education industry (as well as offering a generous discount for education), 1000’s already rely on the appliance and service to keep their pupils and student safe online. These appliances tick all the boxes under the new Prevent Duty and is the simplest and most secure way to comply.

Under the Provider Checklist Responses issued by the UK Safer Internet Centre to help monitor how providers meet the ‘appropriate monitoring’ standards, the SonicWALL service fully meets every issue identified and colour the box green on every topic.


Comprehensive Database

Full IWF members with feeds to CAIC and CTIRU as well as Active Directory (AD) to make appropriate filters depending on individual users and user groups. Their technology has been developed over 20 years giving an extensive and comprehensive list of 50+ website categories including all appropriate to KCSIE.

FastVue Reporting

SonicWALL provides FastVue, a program designed to work specifically with the appliance. This tool provides visibility and monitoring with ease-of-use. FastVue provides real-time information on recent and historic searches and activities to give alerts and ensure policies are correctly applied.

Complete Visability

 A leader in the Gartner Magic Quadrant, SonicWALL provides and unbeatable Deep Packet Inspection (DPI-SSL) feature. The appliance can quickly and efficiently decrypt and inspect all traffic regardless of the port/protocol meaning your policies will be adhered to the highest level.


The best part of upgrading to SonicWALL is that Just Firewalls has a team of high skilled, in-house, SonicWALL trained experts who can tune up your new appliance to be fully compliance with the Prevent Duty.

 What do I need to be Compliant?

All SonicWALL model with Advanced Gateway Security Suite provide the features to appropriately filter and monitor your network in compliance with the prevent duties.

TZ500, TZ600, NSA 2600, NSA 3600, NSA 4600 have options that include AGSS.

Adding on FastVue for SonicWALL ensures all policies are correctly applied to achieve compliance with the new KCISE guidence. Easy to use, the software solution gives visability and monitoring with flexible deployment options- either physical or in the cloud.

Want to know more? Call us today on 0808 16 444 14 or email on

Check out our SonicWALL products here:

Click here for the budget friendly TZ Series

Click here for the high-class super secure NSA Series

Posted in News By Just Firewalls