Skip to main content
← Back to Resources

Web Filtering & Monitoring: Meeting Your Safeguarding Obligations

19 March 2026 · Hurst Technology

Filtering Monitoring Safeguarding KCSIE

Web filtering and monitoring are two of the most important — and most misunderstood — elements of school IT. They’re often talked about as though they’re the same thing, but they serve very different purposes. Getting both right is essential for meeting your safeguarding obligations under KCSIE and the DfE’s digital and technology standards.

Filtering and Monitoring Are Not the Same Thing

This is worth stating clearly, because the confusion causes real problems.

Filtering is preventative. It blocks access to harmful or inappropriate content before a user can reach it. Think of it as a locked gate — certain websites and categories of content simply can’t be accessed on your school network or devices.

Monitoring is detective. It watches for concerning online behaviour and raises alerts when something needs attention. It doesn’t block anything — it flags it. Think of it as a lookout, watching for warning signs that a pupil might be at risk.

You need both. Filtering without monitoring means you’re blocking known threats but missing the subtle signs that a child might be searching for something concerning. Monitoring without filtering means you’re watching pupils access harmful content rather than preventing it.

What the DfE and KCSIE Require

The requirements are clear. Keeping Children Safe in Education (KCSIE) states that schools must have appropriate filtering and monitoring systems in place. The DfE’s digital and technology standards go further, setting out specific expectations for what those systems should do.

Key requirements include:

  • Filtering must block harmful and inappropriate content for all users
  • Different filtering policies should apply to different user groups (younger pupils need stricter filtering than sixth formers or staff)
  • Monitoring must identify concerning behaviour and generate alerts
  • The Designated Safeguarding Lead (DSL) must have access to monitoring reports and alerts
  • Schools must review their filtering and monitoring provision at least annually
  • The systems must cover all school devices, including those used off-site

What Makes a Good Filtering Solution

Not all filtering systems are created equal. Here’s what to look for:

Granular category controls. You should be able to block categories of content (violence, adult material, extremism) rather than just individual URLs. The internet is too vast for a URL-by-URL approach.

User-group policies. A Year 2 pupil and a Year 12 student have very different needs. Your filtering should let you apply different policies to different groups — and staff should have a different policy again.

HTTPS inspection. Most web traffic is now encrypted. If your filter can’t inspect HTTPS traffic, it’s largely blind. Make sure your solution handles encrypted connections properly.

Coverage beyond the school network. If your school issues devices that go home with pupils, your filtering needs to follow them. Cloud-based filtering solutions handle this well; on-premise-only solutions often don’t.

Minimal disruption to learning. A filter that blocks a geography lesson on volcanoes or a PSHE resource on mental health isn’t doing its job properly. Good filtering is precise, not heavy-handed.

What DSLs Need from Monitoring

Your DSL is the person who needs to act on monitoring information, so the system must work for them. Here’s what matters:

Clear, prioritised alerts. A DSL who receives 200 low-priority alerts a day will quickly stop reading them. Good monitoring systems categorise alerts by severity so the serious ones stand out.

Enough context to act. An alert that says “blocked search term” isn’t helpful. The DSL needs to know who, what, when, and on which device — with enough context to decide whether it’s a safeguarding concern or a false positive.

Accessible reporting. The DSL shouldn’t need to be a technical expert to access reports. A clear web-based dashboard is far better than raw log files.

Regular summaries. As well as real-time alerts, DSLs benefit from weekly or monthly summary reports that they can share with senior leaders and governors.

Common Mistakes

Over-blocking educational content

When schools set their filters too aggressively, teachers find that legitimate resources are blocked. This leads to frustration, workarounds (like using personal hotspots), and ultimately a less safe environment. Review your filter categories regularly and create a simple process for staff to request unblocking.

Not reviewing monitoring alerts

Installing a monitoring system is only the first step. If nobody is reviewing the alerts, you might as well not have it. Agree who reviews alerts, how often, and what the escalation process looks like.

Treating it as a one-off project

Filtering and monitoring need ongoing attention. New threats emerge, the web changes, and pupil needs evolve. Build a review into your safeguarding calendar — termly is a sensible frequency.

Forgetting off-site devices

If your school has issued laptops or tablets that pupils take home, those devices need filtering and monitoring too. Many safeguarding incidents happen outside school hours. Make sure your solution covers devices wherever they’re used.

Getting It Right

The goal isn’t a locked-down environment where nothing works. It’s a proportionate, well-managed system that protects pupils while allowing them to learn effectively online.

Start by understanding what you currently have in place, talk to your DSL about whether it meets their needs, and review your setup against the DfE’s expectations.

You can learn more on our Web Filtering and Monitoring page and our Safeguarding and KCSIE page. If you’d like an independent review of your current setup, we’re here to help.

Want to discuss this with us?

Book a Consultation