(Drafted March 2026. Pending Governing Board Approval)
Email, Web, and Endpoint Protection Standard
1. Purpose
This standard sets expectations for protecting Colearn Academy users and devices from common threats delivered via email, web browsing, and malicious software.
2. Scope
This standard applies to school‑managed email services, web access used for school purposes, and school‑managed endpoint devices.
Operating context: Colearn Academy has no physical building and no school-owned hardware. Endpoint “devices” are owned by families or students; “school‑managed” means school email and web accounts and any security configuration or software the School requires or recommends on those devices.
3. Email Protections
3.1
Colearn Academy will use available email security features (for example, spam and malware filtering) provided by its email platform or related tools to reduce unwanted and malicious messages.
3.2
Users should exercise caution when opening attachments or clicking links from unknown or unexpected senders and are encouraged to report suspicious messages.
4. Web Protections
4.1
Where feasible, Colearn Academy will use available controls or services to reduce access to known malicious or inappropriate websites, especially for student accounts.
4.2
Users are expected to follow acceptable use guidelines and to avoid risky web behavior that could expose school systems or data to harm.
5. Supported Browsers and Email Clients
5.1
Colearn Academy requires that users access school systems using vendor‑supported, up‑to‑date web browsers and email clients. The School relies on native update mechanisms (such as automatic updates enabled by default in modern browsers and email applications) to help ensure that users remain on supported versions.
5.2
Where the School manages browsers directly (for example, managed Chrome profiles or school‑issued devices), automatic updates will be enabled where feasible, and users are expected not to disable or circumvent these update mechanisms. For key instructional platforms such as the learning management system, the School follows the platform’s published supported‑browser requirements (for example, “current and previous major versions” of mainstream browsers) and communicates these expectations to staff and students.
5.3
Users are expected to avoid using outdated or unsupported browsers and email clients for accessing school systems. If a user encounters compatibility warnings indicating that their browser or email client is unsupported, they are expected to update or switch to a supported option before continuing to use school systems.
6. Endpoint Protection
6.1
Devices used for school purposes (family- or user-owned) should have antivirus or equivalent endpoint protection software installed and enabled, where supported; the School may require or recommend specific protections as a condition of access.
6.2
Device users should not disable or circumvent security protections required or recommended by the School on devices used for school purposes.
7. Review
This standard will be reviewed at least annually and updated as needed to reflect changes in threats, technology, or tools available to the School.