Safeguarding Policy

1. Introduction

1.1 NumeroPro Pty Ltd ATF The Kidsoft Unit Trust ABN 17 349 353 404 (“the Company”) recognises that trust and
confidence in the propriety of its activities is essential to its customers, the protection of
children supported by its services as well as its continuing success and growth. It also
provides support in a sector that has regulatory obligations which customers must
meet. In order to manage and develop the Company, it is important that the Company,
operates on a basis consistent with its customers safeguarding obligations and is operated
by individuals who behave, and are seen to behave, appropriately at all times and are
recognised as doing so.

1.2 This Safeguarding Policy aims to:
1.2.1 Ensure that children are properly protected;
1.2.2 Ensure that all staff in the Company understand and comply with their
obligations towards children and the Company’s customers;
1.2.3 Ensure that staff members meet appropriate fit and proper criteria for their
1.2.4 Ensure that the Company is able to provide assurance to its customers that it
can support them in their safeguarding responsibilities.

2. Safeguarding
2.1 Safeguarding is defined as:
2.1.1 Protecting children from maltreatment;
2.1.2 Preventing the impairment of children’s health or development;
2.1.3 Ensuring that children are growing up in circumstances consistent with the
provision of safe and effective care: and
2.1.4 Taking action to enable all children to have the best outcomes.
2.2 The Company does not directly interact with children and is not a body with statutory
responsibility for safeguarding, however the Company may be able to assist its Customers in
their safeguarding responsibilities and wants to ensure that its systems cannot be
inappropriately used.

3. Management Responsibilities
3.1 All areas of the Company’s business and activities shall be the responsibility of a
Director in the Company who is a member of the Company board. The board shall ensure
that the Company has a responsible Director for the purposes of safeguarding.
3.2 The Director responsible for safeguarding shall ensure that:
3.2.1 The Company reviews the safeguarding regulations at least once each year
and takes any actions required to ensure compliance (noting currently it does not
have any regulatory obligations itself);
3.2.2 It is clear who has the responsibility for any safeguarding activity required
under this policy;
3.2.3 The safeguarding actions and controls of the Company can be adequately
monitored and controlled;
3.2.4 The persons taking responsibility for matters involving or related to children
have the adequate skills or support to meet the requirements of customers and the
3.2.5 Each person is assessed appropriately.
3.3 The responsible Director has appointed the senior management team to assist in the
management of any function and shall ensure that the roles of the senior managers is
clear. Where any senior manager is appointed to assist in the management of safeguarding
the responsibility shall remain with the Director.

4. Fit and Proper Criteria
4.1 Before any person is appointed to a role in the Company (as a new employee or a
transfer internally) the role must be reviewed to ensure:
4.1.1 That it does not come into unsupervised contact with children (no roles in the
Company should have contact with children);
4.1.2 The level of interaction with information on children; and
4.1.3 The level of responsibility within the Company’s systems
4.2 Where any role allows access to children or to customer’s data or information, the
Company shall conduct a full disclosure and barring service check to ensure the person is fit
and proper.
4.3 The Company shall ensure that where staff attend a customer’s site or have access to
customer information, their attendance or use of customer information is subject to regular
reviews to ensure this meets the Safeguarding Policy requirements.
4.4 Any staff falling within 4.1 above shall be subject to a detailed reference process to
ensure their:
4.4.1 Honesty, integrity and reputation; and
4.4.2 Competence and capability.
4.5 The Company shall undertake periodic reviews to ensure that each individual remains
fit and proper.

5. Attending Customer Premises
5.1 Some staff may be required to attend customer premises. Where staff attend
customer premises, they shall ensure that they are not placed in direct contact with children
or if they are, that they are at all times accompanied by a member of the customer’s staff at
all times.
5.2 If at any time whilst attending a customer’s premises a member of staff is to be left
unaccompanied with children, they must remove themselves from the situation and inform
the customer that they must be accompanied.
5.3 Regular checks shall be made on staff members attending customer premises to
ensure that the customer is aware that staff should not be left unattended with children and
whether this has happened.
5.4 If a staff member is left unaccompanied with children on a customer’s premises, the
staff member shall report this to the customer’s senior manager in attendance at the
premises and to the Company’s responsible Director as soon as possible. Any such incident
shall be logged by the Company and reviewed at the quarterly safeguarding meeting.

6. Access to Customer Information
6.1 Any staff member having access to customer information must be subject to a current
disclosure and barring scheme check.
6.2 The Company shall ensure that all customer information it is responsible for is held by
third-party hosting providers who have up to date certified ISO27001 status. The Company
shall undertake due diligence on all hosting providers holding customer information to
confirm their ISO certification is up to date and regularly review this.
6.3 The access to customer information shall be limited and the Company shall ensure
that it is aware of all its staff who may access customer information and where possible is
able to review the information which any staff member has access.
6.4 Staff members shall only access customer information for the purposes of their role
and to the extent necessary for their role. Any staff member accessing customer information
outside their role or in a manner which is not necessary shall be subject to disciplinary
6.5 The Company shall ensure that access to customer information by staff is reviewed
on a regular basis to ensure that only appropriate action is taking place. Staff authorised to
access all customer information shall be subject to regular review by the senior manager.
6.6 If any material is found which is or may be inappropriate the Company Director shall
be notified and determine whether the customer may be notified or if the matter must be
referred to external authorities. Any action must ensure the protection of children.
6.7 The Company shall ensure that it provides systems and controls which allow
customers to control access to data. The Company shall notify the customer of the controls
available and provide access to training (which will be at a cost to the customer) where
requested. Customers shall be advised of risks in the access to data and any recommended
security protocols the customer should address, such as two-step authentication.
6.8 The use of technology in a Service is a matter for the Service to determine and it
should set appropriate safeguards when doing so.

7. Coding
7.1 The Company provides access to software which is used by Services involved in
childcare and which will contain information on children. The Company recognises that the
software could present a risk to the safeguarding of children and particular in relation to any
interaction of children with technology and in respect of information and images on the
systems developed.
7.2 All staff of the Company involved in coding shall be subject to a disclosure and
barring service check. Any third-party providers engaged in the provision of code shall be
subject to appropriate due diligence and have their code reviewed to ensure it is as required
by the Company.
7.3 Any development in coding which may concern customer information shall be
reviewed by the Company to confirm –
7.3.1 The development has appropriate security in place to protect customer
7.3.2 The development is reviewed to ensure that safeguarding requirements are
7.3.3 All code must be subject to a peer code review and independent annual web
applications security penetration testing to detect any possible vulnerabilities

8. Customer Safeguarding Information
8.1 It is the responsibility of a customer to protect their information and customers must
have their own safeguarding and information protection policies in place. The Company will
work with customers to provide details of this policy and the steps it takes to protect
customer information when required.
8.2 The Company’s systems shall allow customers to adopt controls to manage the
access of their staff to information involving the use of passwords and authentication
procedures. The Company shall ensure that it reviews the controls on a regular basis to
ensure they provide an appropriate level of security for customers.
8.3 The Company shall seek feedback from customers on the level of control and security
required and consider any enhancements which may be required by customers on this

9. Data Security
9.1 The Company shall ensure that its systems and controls are managed in accordance
with an ISO9001 compliant process.
9.2 The Company shall ensure that it holds any live customer data in a data storage
facility that is ISO27001 compliant.
9.3 The Company shall ensure that all staff have full data protection training and that staff
accessing customer data are aware of the requirements on Services to provide a safe
environment for children
9.4 The Company shall ensure that it meets all requirements of the Data Protection
legislation including the General Data Protection Regulations when they come into force.

10. Safeguarding Meetings
10.1 The Company shall ensure that its board considers a safeguarding report from the
responsible Director each quarter. The report shall detail any breaches of the policy, any
customer feedback and any security review which has been undertaken.
10.2 The Company’s board shall consider any development of the business or any product
on the basis that safeguarding must be maintained.
10.3 The board shall review this safeguarding policy on an annual basis.

11. Breach of this Policy
11.1 Compliance with this policy is essential to the protection of children, customers, the
Company’s reputation and that of its employees. Any employee or associated person who is
found to have acted in contravention of this policy or its principles may be subject to
disciplinary action, including summary dismissal where the breach amount to gross

12. Review of this Policy
12.1 This policy will be reviewed by the board each year to ensure it continues to meet the
Company’s requirements and any legal obligations. The board shall be notified and review
any breaches of the policy at the next meeting after such breach.