GDPR Compliance

We use cookies to ensure you get the best experience on our website. By continuing to use our site, you accept our use of cookies, privacy policy and terms of service.

ESC

Search

Newsletter image

Subscribe to our Newsletter

Join 10k+ people to get notified about new posts, news and updates.

Do not worry we don't spam!

Select theme:

Shopping cart

Subtotal
$97.00
View cart Checkout

Your favorites

You have not yet added any recipe to your favorites list.

Browse recipes

Schedule your 15-minute demo now

We’ll tailor your demo to your immediate needs and answer all your questions. Get ready to see how it works!

star-1
star-2
Kiddo Institutional Digital Safety Score (IDSS)

How Safe Are the Children in Your Institution?

A standardized 0–100 assessment measuring how responsibly any institution handles children’s digital safety, data privacy, and online wellbeing.

Universal Framework — Applicable Across All Institution Types Globally

Who This Is For

Institutions
  • Understand your current level of child digital safety
  • Identify specific gaps and vulnerabilities
  • Prioritize improvements systematically
  • Demonstrate accountability to parents, regulators, and funders
  • Earn the Kiddo Safe Institution Badge
Parents
  • Evaluate schools, clubs, and services before enrolling your child
  • Ask informed questions of institutions
  • Hold institutions accountable
Regulators & Funders
  • Set minimum standards
  • Monitor compliance trends
  • Prioritize inspection resources

How the Score Is Calculated

The IDSS evaluates institutions across 8 Universal Categories, each weighted by its relative importance to child safety.

Category Weight Max Points
1. Governance, Policy & Leadership15%15
2. Data Privacy & Protection20%20
3. Access Controls & Device Management15%15
4. Content Safety & Monitoring10%10
5. Staff Training & Accountability15%15
6. Child & Family Education10%10
7. Incident Response & Crisis Management10%10
8. Compliance & External Accountability5%5
TOTAL100%100

Score Interpretation

🔴
0–39: Critical

Serious gaps. Children at significant risk. Immediate action required.

🟠
40–54: Poor

Basic awareness but major gaps remain. Urgent improvement needed.

🟡
55–69: Developing

Some systems in place but inconsistent. Structured improvement plan required.

🟢
70–79: Good

Solid foundations. Refinements needed for excellence.

🔵
80–89: Excellent

Strong, consistent child digital safety culture.

🌟
90–100: Outstanding

Exemplary. Sets the standard. Eligible for Kiddo Safe Badge.

Institution Size Adjustments

A 5-person NGO cannot be held to the same resource standard as a 5,000-student school. Size is recorded at the start and certain questions are weighted accordingly.

Micro: <10 staff / <50 children
Small: 10–50 staff / 50–500 children
Medium: 51–250 staff / 500–5,000 children
Large: 251–1,000 staff / 5,000–50,000 children
Enterprise: 1,000+ staff / 50,000+ children

The 8 Assessment Categories

Each category measures a critical dimension of institutional child digital safety.

1

Governance, Policy & Leadership

15 points

Whether the institution treats child digital safety as a formal responsibility—embedded into leadership, written policies, and operational planning.

Why it matters: Child digital safety without governance is fragile. When there’s no written policy, no named responsibility, and no leadership commitment, protections depend entirely on individual staff goodwill. Policies endure.

Key Questions Assessed:
  • Q1.1 — Written Child Digital Safety Policy (dedicated, current, publicly available)
  • Q1.2 — Policy coverage areas (acceptable use, staff conduct, data privacy, social media, photography, incident reporting, cyberbullying, vendor standards)
  • Q1.3 — Policy shared with all staff, children, parents, and vendors
  • Q1.4 — Named person responsible for child digital safety
  • Q1.5 — Senior leadership actively engages with digital safety
  • Q1.6 — Regular digital safety risk assessments conducted
2

Data Privacy & Protection

20 points (highest weight)

How the institution collects, stores, uses, protects, and disposes of children’s personal data—including what it shares with third parties.

Why it matters: Children’s data is among the most sensitive data in existence. It can include health records, learning difficulties, family circumstances, behavior records, locations, and images. A breach can cause lasting harm.

Key Questions Assessed:
  • Q2.1 — Data minimization principle (collect only what’s necessary)
  • Q2.2 — Appropriate consent before collecting children’s data
  • Q2.3 — Published data retention policy
  • Q2.4 — Data storage and protection (encryption, access controls, audits)
  • Q2.5 — Role-based access control to children’s data
  • Q2.6 — Documented data breach response plan
  • Q2.7 — Third-party vendor data sharing agreements (DPAs)
  • Q2.8 — Parents and children can exercise data rights (access, correction, deletion)
3

Access Controls & Device Management

15 points

How the institution controls who can access children digitally and how devices used in the institution are managed.

Why it matters: Access controls are the primary technical barrier preventing harm. Inadequate controls allow unauthorized adults to contact children, allow children to access inappropriate content, and create vulnerabilities that enable breaches.

Key Questions Assessed:
  • Q3.1 — Formal controls on staff-child digital communication (approved channels, two-adult rule)
  • Q3.2 — Controls on adult visitors’ digital access to children
  • Q3.3 — Content filtering on child-accessible networks (DNS-level)
  • Q3.4 — Device management systems (MDM for institution-issued devices, BYOD policy)
  • Q3.5 — Application controls (whitelist vs. blacklist approach)
4

Content Safety & Monitoring

10 points

How the institution monitors content children are exposed to, content produced involving children, and how it detects and responds to harmful content.

Why it matters: Filtering prevents most harm. But no filter catches everything. Monitoring provides the secondary layer—human or technological oversight that catches what filtering misses.

Key Questions Assessed:
  • Q4.1 — Formal photography and recording policy (consent, storage, distribution)
  • Q4.2 — Due diligence on content shared with children
  • Q4.3 — Monitoring children’s digital activity for warning signs (transparent, age-appropriate)
  • Q4.4 — Child-friendly reporting mechanism for content concerns
5

Staff Training & Accountability

15 points

Whether all staff understand their digital safety responsibilities, are trained to recognize and respond to digital harms, and are held accountable for their digital conduct with children.

Why it matters: Staff training is consistently identified as the single highest-return investment in child protection globally. Technology can only do so much—ultimately, child digital safety depends on human judgment.

Key Questions Assessed:
  • Q5.1 — Mandatory digital safeguarding training for all staff (including volunteers, contractors)
  • Q5.2 — Training topics coverage (grooming, cyberbullying, data privacy, social media conduct, photography, incident reporting, exploitation awareness, digital first aid)
  • Q5.3 — Training quality verified (assessment, minimum pass score)
  • Q5.4 — Documented Code of Digital Conduct signed by all staff
  • Q5.5 — Digitally appropriate background screening (including social media review)
6

Child & Family Education

10 points

Whether the institution actively educates children and families about digital safety—building genuine digital literacy and resilience beyond just rules and restrictions.

Why it matters: Technology evolves faster than rules can. The most durable protection for any child is their own informed judgment. Family engagement amplifies impact.

Key Questions Assessed:
  • Q6.1 — Structured, age-appropriate digital safety curriculum for children
  • Q6.2 — Education coverage (stranger danger, cyberbullying, privacy, critical thinking, digital footprint, screen time, financial safety, consent, reporting, social media)
  • Q6.3 — Active parent/guardian engagement in digital safety
  • Q6.4 — Practical home resources provided to parents
7

Incident Response & Crisis Management

10 points

Whether the institution has a clear, tested plan for when digital safety incidents occur—from cyberbullying to data breaches to online exploitation.

Why it matters: Every institution will face a digital safety incident. The question is not if but when. Institutions with tested plans contain harm quickly and support affected children effectively.

Key Questions Assessed:
  • Q7.1 — Documented Incident Response Plan (classification, roles, investigation, notification, support, review)
  • Q7.2 — Incident types covered (cyberbullying, grooming, harmful content, data breach, staff misconduct, image sharing, self-harm, unauthorized recording)
  • Q7.3 — Plan tested and reviewed (tabletop exercises, post-incident reviews)
  • Q7.4 — All staff know what to do when a child reports an incident
  • Q7.5 — Access to external expert support (legal, law enforcement, psychology, cyber forensics)
8

Compliance & External Accountability

5 points

Whether the institution meets its legal obligations, submits to external scrutiny, and demonstrates accountability to regulators, funders, and the public.

Why it matters: Self-assessment is valuable. External accountability is essential. Institutions that welcome external scrutiny signal genuine commitment rather than performative compliance.

Key Questions Assessed:
  • Q8.1 — Applicable child digital safety regulations identified and compliance documented
  • Q8.2 — External assessment, audit, or certification completed
  • Q8.3 — Transparency report published (incidents, data practices, policy updates, improvement plans)

Fix First: Highest-Impact Gaps

These gaps are the most common and have the highest child harm impact. Fixing all 8 typically adds 20–25 points.

-4 points

No staff digital safeguarding training

Category 5
-3 points

No named responsible person

Category 1
-3 points

No content filtering on networks

Category 3
-3 points

Staff using personal devices to message children

Category 3
-3 points

Children’s data shared with vendors without agreements

Category 2
-3 points

No incident response plan

Category 7
-3 points

No photography consent policy

Category 4
-3 points

No child digital safety education

Category 6

Quick Wins (High Points, Low Effort)

Action Points Effort
Name a responsible person3Low
Share existing policy with parents0.5–1Low
Have staff sign Code of Digital Conduct1–2Low
Enable content filtering (free DNS tools)3Low-Med
Add photography consent form to enrollment2–3Low
Document data retention schedule2Low
Map applicable regulations2Medium

Self-Assessment vs. Verified Assessment

Choose the assessment level that fits your institution’s needs.

Self-Assessment

Internal reference.

Free
Complete at your own pace
Full 0–100 score
Category-level breakdown
Gap identification
Standard report format
No badge eligibility
Limited regulatory evidence
Start Self-Assessment
Recommended

Verified Assessment

External assurance.

Paid
Independently assessed by Kiddo Network
Full 0–100 verified score
Detailed report with recommendations
Gap analysis + action plan
Kiddo Safe Badge eligibility
Suitable for regulatory purposes
Evidence-based review included
Get Certified

Global Regulatory Alignment

The IDSS synthesizes common principles across the world’s major child digital safety frameworks. An institution scoring 80+ is likely aligned with most applicable regulations.

Principle GDPR/UK COPPA FERPA POPIA LGPD Kenya DPA
Consent for data collection
Data minimization
Breach notification
Right to deletion
Vendor agreements
Security measures
Children’s special protection

Recommended Assessment Frequency

Schools & Childcare
Annually
Healthcare
Annually
Sports & Youth Clubs
Annually
Technology Companies
Twice Yearly
NGOs & Charities
Every 1–2 Years
Government Services
Annually

Frequently Asked Questions

  • Our institution is very small (3 staff, 20 children). Is this fair to us?

    The size adjustments throughout the framework recognize resource constraints. A micro-institution that earns 60 points is demonstrating excellent proportionate practice. Focus on the foundational elements: name a responsible person, have a policy, filter internet content, train all staff, and have a basic incident process. These require more intention than resources.

  • We don’t use any digital technology. Are we exempt?

    No institution that serves children is fully digital-free today. Even institutions without issued devices collect enrollment data, communicate with families via email or messaging apps, may use CCTV, and staff bring personal devices. The framework scores what is relevant to your context.

  • A competitor has a higher score. Should we publicize ours if it’s lower?

    The value of the IDSS is in improvement, not comparison. An institution that scores 45 today, acts on the results, and scores 72 in six months is demonstrating more genuine commitment than one that scores 80 and does nothing. Progress scores can be shared: “We’ve improved our Child Digital Safety Score from 45 to 72 this year.”

  • What if we score badly in one category but excellently in others?

    Category scores matter alongside total scores. An institution with a total of 75 but a score of 2/20 in Data Privacy is a data disaster waiting to happen. Always look at category-level scores, not just the total. Any category below 40% of its maximum warrants urgent focused attention.

  • Is this legal compliance certification?

    No. The IDSS is a digital safety maturity framework, not a legal compliance certification. A high score indicates strong practice alignment with global standards, which correlates with legal compliance, but does not constitute legal advice. Always seek qualified legal advice for regulatory compliance questions.

  • Who should complete the assessment?

    The primary respondent should be the named Child Digital Safety Officer or senior leader responsible for digital safety. Recommended reviewers before submission include: IT/Technology Manager (Categories 3, 4), HR/People Manager (Category 5), Legal/Compliance Officer (Categories 2, 8), and Operations/Program Manager (Categories 1, 6, 7).

  • What evidence is needed for a Verified Assessment?

    Institutions seeking a Verified Score must provide documentation for each claimed point: policies (with dates and version numbers), training logs and completion records, system screenshots and vendor agreements, anonymized sample incident reports, and meeting minutes or audit reports.

Scientific Basis

This framework is informed by research and standards from: UNICEF, Internet Watch Foundation, Thorn, NCMEC, Child Exploitation and Online Protection Command (UK), Australian eSafety Commissioner, Internet Safety Labs, Common Sense Media, UK Information Commissioner’s Office Children’s Code, EU Digital Services Act, and academic research in child development, information security, and organizational safeguarding.

Assess Your Institution Today

Find out where your institution stands. Identify gaps. Build a roadmap to protect every child who comes through your doors.

Free Assessment Get Certified

Questions? Email us: institutions@kiddo.network