KCSIE alignment
How we map to Keeping Children Safe in Education.
KCSIE is the statutory guidance every school in England follows. Earn Your Stripes doesn’t replace any part of it — we sit inside it. This note explains how our product and operating model line up with the parts of KCSIE that touch a tool like ours. Last reviewed: May 2026.
Designated Safeguarding Lead — first-class role
KCSIE places the DSL at the centre of a school’s safeguarding response. Earn Your Stripes has a dedicated DSL role with its own surface: a queue of flagged submissions, read-only access to the evidence on a flagged item, an audit trail of every action, and a 24-hour SLA before unattended flags auto-escalate to the school site owner (typically the headteacher account).
Filtering and monitoring
KCSIE requires schools to have appropriate filtering and monitoring in place. Within Earn Your Stripes we provide automated content filtering on every image and text upload via Azure AI Content Safety (hate, sexual, violent, self-harm). Severity ≥ 4 is blocked outright; 2–3 lands in the DSL’s manual-review queue before publication. We don’t replace the school’s broader filtering and monitoring obligations on the wider network.
Online safety
In-app guidance steers parents and pupils towards activity-focused photos rather than face-focused ones, and reminds them not to capture other children. Third-party verifiers see only one submission via a single-use signed link, with no account and no session. There is no public profile, no discovery, no search.
Working with parents
For under-13s the parent is the primary account holder and signs every piece of evidence on the child’s behalf. The magic-link sign-in keeps the journey low-friction without passwords for a child to share. Parents can request a full export of their child’s record at any time.
Recording concerns
Any user can flag a submission via an in-app button. Flagging opens a short form (reason category + free-text comment), notifies the form teacher and DSL immediately, and writes an entry to the tamper-evident audit log. Every subsequent action on the flag — acknowledgement, escalation, resolution — is recorded with actor and time.
Information sharing
Information about a child is shared only with the people who need it: their parent, their form tutor, and (if flagged) the school’s DSL. School admins see no evidence artefacts; they see aggregate dashboards. There is no cross-school data path — per-school tenant isolation is enforced at the data layer.
Recruitment and oversight (for staff with content access)
Everyone on our side with operational access to school content is enhanced-DBS-checked. We commit to notifying schools by email of material changes to who at the platform has that access.
Responding to incidents
We commit to a same-day acknowledgement of any safeguarding concern raised to us at hello@stripesquest.com, with an action plan within one business day. For data incidents we follow UK GDPR notification timelines — to the ICO within 72 hours where the threshold is met, and to affected schools without undue delay.
What we don’t do
Honest limits.
KCSIE is broader than any single product. A few places where schools need to keep doing what they already do:
- We do not provide network-level filtering or monitoring across your wider school estate — that remains the school’s responsibility.
- We do not maintain the single central record of recruitment checks (SCR). We support schools by limiting our own access to enhanced-DBS-checked staff.
- We do not replace your safeguarding policy. We provide the operating surface; the policy and the people remain yours.