KCSIE-aligned school website audit: the 2026 checklist
Keeping Children Safe in Education — KCSIE — is the statutory safeguarding guidance every school, college, and registered childcare provider in England must follow. The Department for Education publishes it annually (the current edition is read by every Designated Safeguarding Lead at the start of the school year). It is not a “recommendation” — it is statutory guidance under section 175 of the Education Act 2002, and schools that don’t follow it without good reason are challenged at the next Ofsted inspection.
Eight of KCSIE’s requirements name the school’s website as the place certain information must be published. The Department for Education’s separate guidance What maintained schools must publish online (and the equivalent for academies) repeats and extends the list. Ofsted inspectors check each one before they arrive — the pre-inspection desk research is partly a website audit, and a school whose site is non-compliant starts the inspection in a defensive posture.
This is the eight-point website audit checklist for 2026. Each requirement is named, the audit-pass marker is named, and the concrete fix is named.
What KCSIE actually expects the website to do
The website is not the safeguarding policy. The website is the public projection of the safeguarding policy — the channel through which a parent, a child, a former pupil, a contracted-supplier safeguarding lead, or an inspector verifies that the school has the named documents, the named contacts, and the named procedures in place. KCSIE expects each of those projections to be present, current, and findable within two clicks of the homepage.
The eight requirements below are drawn from the current KCSIE text and the DfE’s What schools must publish online guidance. The order follows the typical inspector-walkthrough.
1. Safeguarding policy and named contacts
The KCSIE requirement
KCSIE Part 1 paragraph 13 and Part 2 paragraph 76 require schools to have a written child protection policy that is reviewed at least annually and made available publicly, either via the school website or by other means. The Designated Safeguarding Lead (DSL) must be named.
Audit-pass marker
A /safeguarding page (or /policies/safeguarding) linked from the global navigation, last reviewed within the last twelve months, with the DSL named (first name, surname, job title, school email) and a deputy DSL named alongside. The policy itself published as HTML (preferred) or a tagged-PDF download with an lastUpdated date.
The fix
<article>
<h1>Safeguarding and child protection</h1>
<p class="meta">Policy last reviewed: 1 September 2025 ·
Next review: 1 September 2026</p>
<section>
<h2>Designated Safeguarding Lead</h2>
<p><strong>Ms Jane Practitioner</strong>, Deputy Headteacher<br>
<a href="mailto:dsl@example-school.org.uk">dsl@example-school.org.uk</a><br>
Direct line: 0113 000 0000 (in school hours)</p>
</section>
<section>
<h2>Deputy Designated Safeguarding Lead</h2>
<p><strong>Mr Adam Practitioner</strong>, Head of Year 7<br>
<a href="mailto:deputy-dsl@example-school.org.uk">deputy-dsl@example-school.org.uk</a></p>
</section>
<section>
<h2>Out of hours and urgent concerns</h2>
<p>Outside school hours, contact Local Authority Children's Social Care
on 0113 000 0000. In an emergency call 999.</p>
</section>
</article>2. The Prevent duty
The KCSIE requirement
KCSIE Part 1 paragraphs 159–164 cover the Prevent duty (the duty under section 26 of the Counter-Terrorism and Security Act 2015). Schools must have due regard to the need to prevent people being drawn into terrorism. The DfE expects the school’s Prevent arrangements to be published and the Prevent lead named.
Audit-pass marker
A /prevent page (or a Prevent section in the safeguarding policy) naming the Prevent lead, summarising the school’s Prevent risk assessment in plain English, and linking the Prevent referral channels (local Channel panel, Counter-Terrorism Police).
The fix
A dedicated section under /safeguarding/prevent with the Prevent lead’s name and contact details, a 200-word summary of the risk assessment outcome (“our current assessment identifies these risks for our school community: … — our mitigations are …”), and links to the published Channel duty guidance and Prevent duty guidance for England and Wales.
3. Behaviour policy and exclusions
The KCSIE requirement
KCSIE Part 1 paragraph 142 and the separate Behaviour in schools guidance (DfE 2024) require a written behaviour policy published on the website. Where the school uses suspensions or permanent exclusions, the policy must align with the Suspension and permanent exclusion guidance (DfE 2024) and be referenced from the website.
Audit-pass marker
A /policies/behaviour page with the current behaviour policy, an /policies/exclusions page (or a section within behaviour) covering the school’s approach to suspensions and permanent exclusions, and a clear statement that parents have a right to make representations to the governing board against a permanent exclusion.
The fix
Two indexed pages with explicit lastUpdated dates. Numbered headings inside each, matching the DfE template structure. A /parents/rights page (or section) summarising the appeal route — this is the bit Ofsted will check during their desk-research pass.
4. SEN information report
The KCSIE requirement
KCSIE Part 5 paragraph 198 references special-educational-needs duties. Separately, the Special Educational Needs and Disability Regulations 2014, Schedule 1, require schools to publish a SEN information report annually on the website covering 14 specified items (the kinds of SEN provided for, identification and assessment, support arrangements, training, equipment, complaints, transition arrangements, and more).
Audit-pass marker
A /sen-information-report page (or /send/information-report) with the 14 Schedule-1 items as numbered subheadings, dated within the last twelve months, with the SENCO named and contactable.
The fix
<article>
<h1>SEN information report 2025–2026</h1>
<p class="meta">Published: 1 September 2025 ·
Next review: 1 September 2026 ·
SENCO: <a href="mailto:senco@example-school.org.uk">Ms B. Practitioner</a></p>
<ol>
<li id="kinds-of-sen"><h2>The kinds of SEN provided for</h2><p>...</p></li>
<li id="identification"><h2>Identification and assessment</h2><p>...</p></li>
<li id="consultation"><h2>Consultation with parents and children</h2><p>...</p></li>
<!-- continues through all 14 schedule items -->
</ol>
</article>The SEN regulations name the 14 items in fixed order. The page should follow that order — the inspector or contracting authority sample-checks by counting headings.
5. Complaints procedure
The KCSIE requirement
KCSIE Part 1 paragraph 17 and the separate Best practice guidance for school complaints procedures 2020 require a published complaints procedure. For maintained schools, this is a statutory duty under section 29 of the Education Act 2002.
Audit-pass marker
A /complaints page linked from the global footer, naming the school’s stages (informal raised with class teacher / form tutor → stage 1 written to Headteacher → stage 2 to the Chair of Governors → escalation to the ESFA for academies or the Local Authority for maintained schools), with named contacts at each stage and indicative timescales (acknowledge within 5 school days, full response within 20 school days, escalation if unresolved within 30 days).
The fix
A complaints page that opens with a 60-word plain-English summary above the fold, followed by the stage-by-stage procedure as a numbered list, ending with the escalation path. Footer link uses the exact word “Complaints”.
6. Online safety policy
The KCSIE requirement
KCSIE Part 2 paragraphs 134–141 cover online safety. Schools must have an online-safety policy, which should reflect the school’s approach to filtering and monitoring (UK Safer Internet Centre’s Appropriate filtering and monitoring expectations apply). The policy and the underlying filtering/monitoring approach should be published.
Audit-pass marker
A /policies/online-safety page summarising the school’s approach to filtering, monitoring, AUP (acceptable-use policy), incident reporting, and parent communications. A linked AUP for pupils. A linked parent guide for online safety at home.
The fix
Three linked pages: /policies/online-safety (the umbrella policy), /policies/acceptable-use-pupils (the AUP), /parents/online-safety (the parent guide). All three with lastUpdated dates and an explicit reference to the school’s filtering supplier and monitoring approach. KCSIE 2024 added an explicit expectation that schools name the filtering supplier and review the approach annually — the website is the public projection of that review.
7. Child protection policy referenced separately from safeguarding
The KCSIE requirement
KCSIE Part 2 paragraph 76 (read with the separate Working Together to Safeguard Children 2023 guidance) treats child protection and safeguarding as overlapping but distinct policy areas. The DfE expects schools to publish a child protection policy as a discrete document, distinct from the broader safeguarding policy, even where the two are bound together in a single PDF in practice.
Audit-pass marker
A /policies/child-protection page or section that is reachable independently of the broader safeguarding page. Last reviewed within the last twelve months. Cross-referenced from the safeguarding page.
The fix
A discrete URL at /policies/child-protection with the child-protection content extracted from the broader safeguarding document. Cross-link from /safeguarding to /policies/child-protection and vice versa. Both pages carry the same lastUpdated date because they form a policy pair.
8. Prevent risk assessment
The KCSIE requirement
KCSIE Part 1 paragraph 161 requires schools to undertake a Prevent risk assessment. The Prevent duty guidance for England and Wales (Home Office 2023, updated) extends the expectation that schools publish a summary or evidence the risk assessment exists. Ofsted will ask to see the risk assessment during inspection; pre-inspection, the website is the surface they look at.
Audit-pass marker
A /safeguarding/prevent-risk-assessment page (or a clearly named section under the Prevent page) with a plain-English summary of the school’s current risk assessment outcome — the named risks, the named mitigations, the named review date. Not the full risk assessment document (that lives in the school’s safeguarding folder), but a public summary.
The fix
A 300–500-word summary on /safeguarding/prevent-risk-assessment. Structured as:
<article>
<h1>Prevent risk assessment summary 2025–2026</h1>
<p class="meta">Last reviewed: 1 September 2025 ·
Next review: 1 September 2026 ·
Prevent lead: <a href="mailto:prevent@example-school.org.uk">Mr C. Practitioner</a></p>
<section>
<h2>Identified risks for our school community</h2>
<ul>
<li>Online radicalisation routes via gaming and social media platforms</li>
<li>Local extreme-right activity in [named area] requiring vigilance</li>
<!-- specific to the school's actual assessment -->
</ul>
</section>
<section>
<h2>Mitigations</h2>
<ol>
<li>Filtering and monitoring via [named supplier]</li>
<li>Annual staff training on Prevent indicators</li>
<li>Curriculum coverage in PSHE and Citizenship</li>
<li>Local-authority Prevent partnership engagement</li>
</ol>
</section>
</article>The published summary does not need to expose sensitive operational detail — it needs to demonstrate the risk assessment exists, has been reviewed in the last twelve months, and is governed.
Bonus — the things the DfE also expects on the website
The eight requirements above are the KCSIE-anchored ones. The separate DfE What maintained schools must publish online guidance adds: the school’s admissions arrangements, the equality information and objectives, the curriculum by subject and year, the pupil premium strategy statement, the school’s results and performance data, the values and ethos statement, the governors’ information and duties, the names of governors and their attendance, the school’s financial benchmarking, the careers programme (for secondary schools), and the trust governance information (for academies). Most school sites partially satisfy these and entirely miss the curriculum-by-subject-and-year requirement; the audit checks all of them as part of the same desk-research pass.
The fix engagement
A KCSIE-aligned site audit for a maintained school or academy on Foundation tier typically maps to a two-week engagement: week one rebuilds the policy-index architecture (the eight pages above plus the DfE publication-list bonus pages), week two reviews the policy content with the headteacher and DSL to make sure each page is current. We do not write policy on behalf of the school — that is a leadership exercise — we provide the templates, the markup, the IA, and the publication discipline. Annual review reminders run from the managed website service so the lastUpdated dates do not slip.
Talk to a builder
If your school’s website hasn’t been audited against the current KCSIE text — or if the last Ofsted inspection flagged a policy-publication gap — WhatsApp me. I’ll walk through the eight requirements above against your live site, mark each as pass / partial / fail, and give you the specific fix list.
The next step is the schools landing page for what a UK Web Marketing site does for a maintained school or academy, and the managed website service for the annual-review posture across the school year. Start with a free audit if you want to see the gaps before any conversation. The companion read is the KCSIE confidentiality post — same schools, same site, the residency-and-confidentiality layer this checklist sits on top of.
Sources & methodology
Checklist drawn from the current published KCSIE guidance, the DfE What schools must publish online statutory list, the Prevent and behaviour guidance, and audit notes from independent school and academy submissions across 2025–2026.
- Keeping Children Safe in Education (current edition) — Department for Education — https://www.gov.uk/government/publications/keeping-children-safe-in-education—2
- What maintained schools must publish online — Department for Education — https://www.gov.uk/guidance/what-maintained-schools-must-publish-online
- What academies, free schools and colleges must publish online — Department for Education — https://www.gov.uk/guidance/what-academies-free-schools-and-colleges-should-publish-online
- Working Together to Safeguard Children 2023 — HM Government — https://www.gov.uk/government/publications/working-together-to-safeguard-children—2
- Prevent duty guidance for England and Wales — Home Office — https://www.gov.uk/government/publications/prevent-duty-guidance
- Behaviour in schools — Department for Education — https://www.gov.uk/government/publications/behaviour-in-schools—2
- Suspension and permanent exclusion guidance — Department for Education — https://www.gov.uk/government/publications/school-exclusion
- SEND Regulations 2014, Schedule 1 — legislation.gov.uk — https://www.legislation.gov.uk/uksi/2014/1530/schedule/1/made
- Methodology: requirement-by-requirement review of UK maintained school and academy websites under pre-inspection desk-research conditions, 2025–2026. Last updated 3 June 2026.
Cite this article: Jordan Gilbert, “KCSIE-aligned school website audit: the 2026 checklist”, UK Web Marketing, 3 June 2026. https://ukwebmarketing.com/blog/kcsie-school-website-audit-checklist-2026