Health & Safety
DAIS-POL-007
Risk Assessment and Health and Safety Policy
Data and AI School of London, NCFE Approved Centre
Policy Owner: Head of Centre / IT Lead
Version: 1.0 | Date: April 2026 | Review: April 2027
NCFE Risk Level: High
Mode of Delivery: Fully Online
7.1 Purpose and Scope
The Data and AI School of London is committed to the health, safety, and wellbeing of all learners, staff, and associates. As the school operates entirely online, this policy addresses risks associated with remote study, home working, digital environments, and cybersecurity. It complies with the Health and Safety at Work Act 1974, the Management of Health and Safety at Work Regulations 1999, and the Display Screen Equipment (DSE) Regulations 1992.
7.2 Responsibilities
| Role | Responsibility |
|---|---|
| Head of Centre | Overall responsibility for H&S policy and compliance |
| IT/Platform Lead | Cybersecurity risk, platform security, and technical incident response |
| Tutors and Assessors | Own home working safety and reporting learner online safety concerns |
| Learners | Setting up a safe home study environment and following online safety guidance |
7.3 Remote Working Risk Assessment (Staff)
All tutors and assessors complete a Home Working Risk Assessment covering:
Display screen equipment, monitor height, keyboard positioning, lighting
Seating and posture
Lighting and glare
Electrical safety
Internet connectivity and VPN security
Lone working, regular check-ins and emergency contact procedures
7.4 Learner Home Study Guidance
All learners receive a Home Study Safety Guide at induction covering ergonomic study setup, screen break guidance (5 minutes per hour), eye health, and electrical safety. This is published on the VLE.
7.5 Cybersecurity Risk Management
| Risk | Control Measure |
|---|---|
| Unauthorised access to learner data | MFA enforced on all systems; role-based access controls |
| Phishing and social engineering | Annual staff awareness training; email filtering |
| Ransomware or malware | Regular cloud backups; endpoint security software |
| Platform failure or outage | Contingency plan (Policy 2); backup communication channels |
| Data breach via third-party platforms | DPIAs completed; DPAs in place; annual vendor review |
7.6 Mental Health and Wellbeing
The school recognises that remote online study can increase the risk of isolation, anxiety, and burnout. Controls include regular tutor-to-learner engagement through the VLE, proactive wellbeing check-ins (Policy 9), staff encouraged to disconnect outside working hours, and signposting to mental health resources on the VLE for learners.
7.7 Public Liability Insurance
The Data and AI School of London maintains Public Liability Insurance covering online and digital delivery activities. Evidence of current insurance is held by the Head of Centre and is available to NCFE upon request.
7.8 Incident Reporting
All accidents, near misses, and cybersecurity incidents must be reported to the Head of Centre within 24 hours using the Incident Report Form on the staff portal. RIDDOR-reportable incidents will be reported to the HSE as required.
This policy is reviewed annually. Next review: April 2027. Approved by: Head of Centre. © Data and AI School of London, April 2026. NCFE Approved Centre.