There’s a certain energy in a school when Ofsted arrive. It’s a mixture of anticipation, pride, and the quiet pressure of wanting to show your very best. For many leaders and safeguarding teams, the words “deep dive” can heighten that feeling. This isn’t a quick glance at your policies or a surface-level conversation about your curriculum — it’s a sustained, focused look at one area of your provision. When that focus is online safety, it’s not just a tick-box exercise. It’s an in-depth examination of how you protect pupils from a complex, fast-changing world.
Online safety is no longer a poster on the wall or a once-a-year assembly. It’s a living part of safeguarding, woven into every layer of school life. It’s in the conversations teachers have with pupils about their online experiences. It’s in the quick decision a lunchtime supervisor makes when a child shows them a worrying message. It’s in the way a member of the admin team spots a phishing email before it reaches the wider staff. In 2025, with Keeping Children Safe in Education setting out tougher and more explicit expectations, Ofsted deep dives are designed to uncover not just whether you “cover” online safety, but whether your culture actively supports it every day.
Understanding the Purpose of an Ofsted Deep Dive
When Ofsted select a focus area for a deep dive, their goal is to understand the depth, quality, and consistency of your provision in that subject. In the case of online safety, it’s not a random choice — it’s often driven by national safeguarding priorities, recent guidance changes like KCSIE 2025, or concerns raised during the inspection’s initial evidence-gathering phase. Sometimes it’s chosen simply because it’s a core element of safeguarding that underpins a school’s overall effectiveness.
A deep dive follows a structured process. Inspectors will review your policies and curriculum plans, talk to leaders about how online safety is planned and monitored, visit lessons to see it in action, and speak directly to staff and pupils about their understanding and experiences. They want to see whether what you say you do is actually happening consistently across the school.
If the written policy says that all staff receive annual training on phishing awareness, they may ask a classroom teacher or lunchtime supervisor to explain how they would recognise and respond to a suspicious email. If your safeguarding policy states that online safety is embedded across the curriculum, they might visit a PSHE or computing lesson to see how that’s being delivered in practice.
Ultimately, the purpose of a deep dive is to test the reality of your provision, not just the intention. It’s about closing the gap between policy and practice — and any inconsistencies, even small ones, can be telling. Ofsted want to see an approach that is lived and understood across the entire school community, not one that relies on a small group of safeguarding leads to hold the knowledge.
Why KCSIE 2025 Has Raised Expectations
Every Ofsted deep dive is shaped by the current safeguarding framework, and in 2025 that framework has shifted. The updated Keeping Children Safe in Education guidance doesn’t just repeat the familiar headlines about e-safety — it sharpens the focus, introduces clearer expectations, and reflects the reality that online risks are growing more complex and harder to monitor.
The Four Cs model — content, contact, conduct, and commerce — remains the foundation, but each of these areas now carries more weight. Harmful or inappropriate content is no longer just about blocking adult websites or filtering explicit material. It now includes AI-generated deepfake imagery, manipulated videos, and false information designed to mislead or damage reputations. This means schools must teach pupils not only how to recognise harmful content, but how to question its authenticity in an era where seeing is no longer believing.
Unsafe contact is another area where the risks have evolved. Grooming and exploitation still occur on mainstream platforms, but increasingly they happen in anonymous messaging apps, gaming environments, and niche online spaces that may not be covered by standard safeguarding filters. For schools, this requires a broader awareness of where pupils are spending time online and what risks those environments carry — and staff need the confidence to discuss these spaces without dismissing or underestimating them.
When it comes to conduct, KCSIE 2025 makes it clear that pupils’ own behaviour online must be addressed in a preventative, educational way. Cyberbullying, oversharing personal information, and engaging in harmful challenges or trends can have lasting consequences. Schools are expected to teach not just the rules, but the reasoning behind them, equipping pupils to make better decisions when no adult is watching.
The commerce element — often the least understood — is also gaining attention. Young people are now being targeted with scams, hidden advertising, and even crypto-related schemes that can lead to financial loss or exploitation. Ofsted will expect schools to show how they’re raising awareness of these risks, particularly in older pupils who may be managing their own money online. Inspectors now expect schools to demonstrate their online safety culture in action, not simply describe it in meetings or on paper
In short, KCSIE 2025 shifts online safety from being primarily about “shielding” pupils to actively equipping them with critical thinking, resilience, and practical skills to navigate a digital world full of invisible threats. For schools, this means the old approach of once-a-year assemblies and basic filtering systems will no longer demonstrate compliance — let alone excellence. Inspectors will want to see that these topics are taught regularly, reinforced across subjects, and understood by staff as part of their safeguarding responsibilities.
Building Staff Confidence Across the Board
One of the most common mistakes schools make when preparing for an Ofsted inspection is assuming that online safety confidence begins and ends with the Designated Safeguarding Lead and a small group of safeguarding staff. While these roles are critical, the reality is that inspectors will often speak to a wide cross-section of the team — from teachers and teaching assistants to lunchtime supervisors, office staff, site managers, and even volunteers. Any one of these conversations can shape Ofsted’s view of how well your school understands and responds to online risks.
The challenge for many schools is that while staff may have read the policy, they don’t always feel ready to apply it under pressure. It’s easy to nod along in a briefing when terms like “phishing” or “deepfake” are mentioned, but much harder to respond effectively when you receive a suspicious email or a child confides something worrying in the playground. That’s where confidence — built through realistic, hands-on practice — makes all the difference.
Confidence doesn’t come from memorising procedures; it comes from being able to recognise a problem and take the right first steps without hesitation. That’s why our training focuses on scenario-based learning that mirrors the kinds of situations staff might actually face. We recreate real phishing emails that have been used to target schools, walk staff through spotting the warning signs, and discuss how to report and contain the risk. We explore safeguarding disclosures from pupils in a way that balances immediate care with correct escalation, so staff know exactly what to do without second-guessing themselves.
When staff have been through these exercises, their answers to Ofsted’s questions become second nature. Instead of vaguely describing “we’d tell the DSL”, they can confidently explain the steps they took last term when a Year 8 pupil reported receiving inappropriate messages on a gaming app, or how they handled a suspicious invoice email that appeared to come from the headteacher. These aren’t theoretical examples — they’re real scenarios that demonstrate knowledge, judgement, and action.
Another important aspect of building confidence is normalising conversations about online safety. In some schools, staff still feel awkward raising concerns if they’re not 100% sure something is a risk. This hesitation can delay intervention. Our training creates a no-blame environment where staff can ask questions, admit when they’re unsure, and learn from each other’s experiences. This not only improves day-to-day safeguarding but also reassures inspectors that your school has an open, proactive culture around online safety.
Ultimately, building staff confidence across the board is about shifting from “policy awareness” to “instinctive readiness”. When your entire team — not just safeguarding leads — can identify and respond to online risks in real time, you’re not only inspection-ready; you’re better protecting your pupils every single day. And that is exactly what Ofsted wants to see: a culture where online safety is understood, owned, and acted upon by everyone in the building.
Empowering Pupils to Speak with Authenticity
When Ofsted talk to pupils during an online safety deep dive, they are looking for more than rehearsed slogans. They want to hear pupils speak naturally about how they navigate the online world, how they’ve handled challenges, and who they would approach for help. It’s not enough for a Year 9 student to repeat, “I’d tell my teacher” — inspectors want to see evidence of understanding, decision-making, and confidence in taking action.
The problem is that many pupils, especially older ones, can be guarded in what they share with adults, either because they fear getting into trouble, think their experience isn’t serious enough, or don’t believe adults will understand the platforms and situations they’re describing. This means that even if your school has a strong curriculum on paper, a lack of authentic pupil voice can undermine your deep dive evidence.
To overcome this, pupils need repeated opportunities to talk about online safety in spaces where honesty is encouraged and judgement is removed. This is why your approach to pupil training should be interactive, age-appropriate, and rooted in real-world scenarios. We’ve found that when young people are shown examples from the platforms they actually use — whether that’s Instagram, Snapchat, Discord, or gaming chat — they engage far more than when they are given generic advice about “staying safe online”.
In our Cyber Safety Sessions for Young People, we use discussion, role-play, and live demonstrations to help learners think like a hacker, spot potential risks, and practice what to do before it happens in real life. For example, we might walk them through a fake DM from someone pretending to be a friend, unpacking the small clues that show it’s not genuine, and then exploring how to block, report, and tell a trusted adult. The aim isn’t to scare them, but to give them the confidence to act decisively.
This practical, hands-on approach also means pupils can give richer, more specific answers when inspectors speak to them. Instead of “we learned about phishing”, a Year 11 student might explain how they recently received an email about a fake job offer, remembered the red flags from training, and deleted it without clicking the link. That level of detail demonstrates not only that the topic was taught, but that it was understood and applied.
Empowering pupils also builds a feedback loop for your safeguarding team. When children and young people feel able to speak openly about what they’re seeing online, staff have a clearer picture of emerging risks and can respond more effectively. This benefits your inspection evidence, but more importantly, it strengthens the safety net for your learners.
In short, preparing for an Ofsted deep dive means ensuring your pupils are not only aware of online risks but confident and articulate in how they would handle them. It’s about shifting their understanding from “I know the rule” to “I know what to do, and I have done it.” That’s the authenticity inspectors are looking for — and it’s the kind of confidence that changes outcomes, both in the inspection room and in the real world.
Making Your Evidence Work for You
Just as pupil voice needs to be authentic, your documentation needs to speak with clarity and evidence. Strong evidence can turn an Ofsted deep dive from a nerve-wracking experience into an opportunity to demonstrate the depth and consistency of your online safety provision. It’s not about producing a mountain of paperwork; it’s about having the right evidence, clearly organised and easy to access, that proves your policies are alive in everyday practice.
First, you need to show the breadth of your provision. Inspectors will want to see curriculum planning documents that map where and how online safety is taught — not just in computing, but across PSHE, tutor time, and even subjects like English and design technology where digital literacy or critical thinking might be embedded. Having annotated schemes of work that highlight online safety touchpoints shows intentionality and integration.
Training records are another key piece of evidence. It’s not enough to say “all staff have training”; you need logs showing who attended, what topics were covered, when it happened, and how you followed up. For example, if you ran phishing awareness training, a record that includes the date, the trainer, and a summary of learning outcomes paints a clear picture of continuous development.
Incident logs also carry significant weight. Anonymised case records that show how online safety concerns were reported, investigated, and resolved demonstrate that your safeguarding systems work in practice. Ofsted will be reassured to see a clear process from first disclosure to follow-up, including communication with parents and any adjustments to policies or teaching as a result.
Don’t overlook pupil voice. Surveys, focus group notes, or even anonymised pupil quotes can show that learners understand and can apply what they’ve been taught. If a Year 8 survey response explains how they avoided a scam on social media thanks to a recent lesson, that’s powerful evidence of impact.
Parental engagement records also add value. Letters, newsletters, parent workshop sign-in sheets, or copies of online safety guides you’ve shared help prove that your safeguarding culture extends beyond the school gates.
Digital resources can be part of your evidence too. Screenshots of intranet pages where staff can quickly access policies, links to guidance, or a log of your internal safeguarding newsletter show that online safety is kept visible and accessible.
Finally, keep inspection logistics in mind. It’s far easier to impress an inspector if your evidence is collated into a single, well-structured folder — physical or digital — with clear labelling. This avoids last-minute scrambles and signals that online safety isn’t something you pull together only for inspection; it’s monitored and documented all year round.
The strength of your evidence lies not in its quantity, but in how clearly it tells the story: We planned this, we delivered it, we monitored it, and it made a difference. When you can connect those dots in a way that’s easy for Ofsted to follow, you’re not just meeting the standard — you’re showing leadership in the area.
Testing Your Readiness Before the Inspectors Arrive
Once your evidence is in place, the next step is to make sure it holds up under real inspection conditions. It’s one thing to have everything organised in a folder — it’s another to be able to talk confidently about it, link it back to practice, and show how it works in the day-to-day life of the school. This is where testing your readiness becomes invaluable.
A mock deep dive is the most effective way to do this. Ideally, it should follow the same flow Ofsted use: start with a leadership discussion to outline your online safety intent, move into lesson observations and curriculum scrutiny, talk to staff at different levels, and finish with pupil voice. During this process, pay close attention to how quickly staff can find and explain the evidence you’ve prepared. If they hesitate or can’t connect it to what they do in practice, that’s a signal to revisit your training.
It’s also worth rehearsing with staff the kinds of questions Ofsted might ask. For example, a lunchtime supervisor might be asked what they would do if a pupil told them they’d seen something upsetting online. A member of the admin team might be asked about phishing emails. These conversations aren’t about catching people out — they’re about building fluency so that when inspectors ask, the answer feels natural.
You can extend this approach to pupils, too. Hold a Q&A session where they can talk about their online habits, the advice they remember from lessons, and how they’ve handled tricky situations. This not only gives you insight into their understanding but can also highlight where lessons need reinforcing.
Finally, review how the evidence you’ve collated actually supports the story you want to tell. Does it demonstrate progression over time? Does it link directly to curriculum plans and safeguarding priorities? Is it easy to navigate if an inspector asks for something specific? Think of this as a dress rehearsal — the more realistic your run-through, the more confident and coordinated your team will be when the real inspection happens.
Using the Cyber Rebels Deep Dive Prep Checklist
Preparing for an Ofsted deep dive in online safety doesn’t have to be guesswork — and you don’t need to wait until inspection week to find out if there are gaps in your approach. Our interactive Deep Dive Prep Checklist lets you audit your readiness in under 30 minutes, all from your browser.
The checklist takes you through the exact areas Ofsted will explore: leadership culture, staff confidence, pupil voice, curriculum integration, evidence preparation, and inspection readiness. Each question is scored as you go, giving you an instant readiness score at the end.
It’s a quick, practical way to test your preparedness, identify blind spots, and start improving immediately — whether your inspection is next month or next year. You can start the checklist 
here
From Compliance to Confidence
An Ofsted deep dive in online safety is not just an inspection hurdle to clear — it’s a reflection of how well your school safeguards its community in a world where digital risks are constantly evolving. Over the course of this guide, we’ve looked at what inspectors are really seeking in a deep dive, how the updated KCSIE 2025 framework has raised expectations, why building confidence across all staff matters, how to empower pupils to speak with authenticity, the role of well-prepared evidence, and the value of stress-testing your readiness before the inspection day.
The thread that runs through all of these points is culture. Policies and procedures are essential, but they only create the framework. What Ofsted want to see — and what truly protects children — is a culture where online safety is embedded in everyday interactions, understood at every level, and practised instinctively. That means staff can respond calmly and correctly in real scenarios, pupils can talk openly and confidently about their online experiences, and evidence tells a clear story of planning, action, and impact.
At Cyber Rebels, we specialise in turning compliance into that kind of lived practice. Our training for schools goes beyond theory, using realistic scenarios, hands-on exercises, and age-appropriate workshops to ensure staff and pupils can put their knowledge into action when it matters most. We help you build the consistency that Ofsted look for, the confidence that inspection conversations demand, and the proactive safeguarding culture that keeps your community safe all year round.
If you want your next Ofsted deep dive in online safety to feel less like an interrogation and more like an opportunity to showcase your strengths, we can help you get there. Visit our Education & Training Providers page to learn more, or get in touch to start building a programme tailored to your school’s needs.
Director of Training and Development, Cyber Rebels.
Andy Longhurst is the founder of Cyber Rebels and a cybersecurity practitioner and educator focused on how risk actually shows up in real organisations. His work sits at the intersection of digital safety, education, and practical risk management — helping teams understand not just what policies say, but what happens in the moments where decisions are made under pressure.
With a background spanning adult education, web development, and technical consultancy, Andy specialises in translating complex security concepts into clear, usable understanding. Rather than focusing solely on tools or compliance frameworks, his approach centres on human behaviour, judgement, and the systems that shape everyday choices.
He delivers live, interactive cyber awareness training for organisations of all sizes, from small businesses and education providers to public-sector teams and larger organisations operating in complex risk environments.
Outside of delivery, Andy spends his time analysing emerging attack patterns, refining training design, and exploring how organisations can build resilience that holds up in the real world — usually with a strategically sized cup of tea close to hand.
