CIPA Compliance Checklist
If your school or library wants to take advantage of E-rate discounts for services other than telephony, you need to ensure that your organization is fully compliant with the Children’s Internet Protection Act or CIPA. While conforming to compliance guidelines can sometimes be daunting and confusing when it comes to some government regulatory measures, CIPA compliance is fairly simple and straightforward. Below we have created a simple checklist concerning the CIPA compliances that your school or library will be directly responsible for.
1) Maintain a technology protection measure that filters or blocks obscene or inappropriate images from computers with internet access
This is the most involved step as it requires the purchase, implementation, and maintenance of some type of web filtering solution. The type of measure can include any of the following solution architectures:
- Web filtering is incorporated within the service provided by your Internet Service Provider
- Web filtering is enabled on all networked devices through an on-premise appliance or hosted software application
- Web filtering is enforced on all networked devices through a Software-as-as-Service application provided by a third party vendor
- Web filtering is provided and enabled on an individual basis on the devices themselves through the use of a locally installed filter application
2) Access by minors to inappropriate content and matter on the Internet and World Wide Web will be blocked or filtered by the technology protection measure selected. The inappropriate matter is defined by CIPA as content and/or images that are:
- Child Pornography
- Appeals to a prurient interest in nudity, sex, or excretion when taken as a whole
- Depicts, describes, or represents an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts or the lewd exhibition of the genitals in a patently offensive way with respect to what is suitable for minors
- Taken as a whole lacks serious literary, artistic, political or scientific values as to minors
3) An Internet Safety Policy must be created and implemented. This may include an Acceptable Use Policy as well but is not required. The Internet Safety Policy as set out by CIPA must ensure that the required technology protection measure, as well as the management of it, fulfill the following requirements:
- Filtering will be provided for all Internet-enabled computers used by students, patrons, and staff.
- Filtering will be disabled only for bona fide research or other lawful purposes conducted by adults
- Minors will be educated, supervised, and monitored with regard to safe and appropriate online activities.
- Safe and secure access to electronic communication by minors including e-mail, chat rooms, and instant messaging will be enforced.
- Unauthorized online behavior such as “hacking” and other unlawful activities will be prohibited.
- Unauthorized disclosure, use, and dissemination of personal identification information regarding minors are prohibited.
4) A public hearing must be held to discuss and adopt the Internet Safety Policy and the technology protection measure. The school or library must:
- Provide reasonable public notice of the meeting. For school systems, the hearing can be a part of a regular school board meeting but a notice that the required topics must be announced.
- Allow the opportunity for comment by those in attendance of the meeting
- Provide acceptable proof that the meeting was announced and held. This proof may include a copy of a newspaper notice, flyer or screenshot of the organization’s website or calendar. All documentation must be retained for 10 years.
- A copy of the approved Internet Safety Policy that includes the date that it was formally adapted must be retained. In addition, copies of each revision to the Internet Safety Policy must be retained as well along with the dates the revisions were adapted. Once again, all documentation must be retained for 10 years.
Most school systems will choose to expand their Internet Safety Policy and filtering efforts beyond that required by CIPA in order to meet the expectations held by the parents and other interested parties. Those decisions are purely local. Further information on CIPA can be found HERE.