Child Safety Policy
Effective Date: 5th January 2026
Review Cycle: Annual
Next Review Date: 5th January 2027
Approved by: Reg Williams, CEO
1. Purpose
Cybernetic Shield is committed to ensuring that all children and young people are safe, supported, empowered, and protected when engaging with our services. This includes our digital products, helpline, education programs, school partnerships, and communications.
This policy outlines how Cybernetic Shield upholds child safety across every aspect of service delivery and technology design. This policy is informed by and aligned with the National Principles for Child Safe Organisations. It is supported by relevant frameworks and obligations that contribute to child safety outcomes, including Safer Technologies for Schools (ST4S), internal Clinical and Technical Governance arrangements, and privacy obligations under the Australian Privacy Principles, where these relate to safeguarding children and preventing harm.
This is a Tier 1 client-facing policy and must be accessible to children, families, schools, and the public.
2. Scope
This policy applies to:
- All Cybernetic Shield employees, contractors, volunteers, and partners
- All online and in-person interactions with children
- All Cybernetic Shield digital platforms, including 3Cs Helpline, student tools, LMS, and portals
- School-based delivery and support services
- Public communications and content provided to children and parents
3. Our Core Beliefs
Cybernetic Shield’s child-safety approach is shaped by our Core Beliefs:
- It takes a village — everyone contributes to online safety; blame does not support children.
- Knowledge is power — children need practical, current support to navigate online spaces.
- Everyday online impacts matter — small harms can be as significant as major events.
- Restriction alone is not the solution — banning or confiscating devices often worsens issues.
These beliefs guide how we listen, respond, educate, and design technology.
4. Policy Statement
Cybernetic Shield:
- places child safety and wellbeing above all other considerations
- supports children’s rights to be heard and participate in decisions affecting them
- responds promptly and appropriately to concerns, disclosures, or risks
- ensures all staff act ethically, respectfully, and transparently
- designs digital environments using safety-by-design principles
- fosters cultural safety and inclusion
- ensures interactions are trauma-informed and developmentally appropriate
- addresses complaints via child-safe pathways and transparent processes
5. Alignment With the National Principles for Child Safe Organisations
| National Principle | Cybernetic Shield Implementation |
|---|---|
| 1. Leadership & governance | CEO oversight; Clinical & Technical Governance Framework; clear policies. |
| 2. Child participation | Youth-friendly materials; student surveys; opportunities for input. |
| 3. Family engagement | Parent portal; clear communication; support resources. |
| 4. Equity & diversity | Inclusive content; culturally safe practice; accessible resources. |
| 5. Upholding children’s rights | Trauma-informed support and privacy safeguards. |
| 6. Staff behaviour | Code of Conduct; child-safe training; role-based permissions. |
| 7. Complaints & concerns | Clear processes; links to Feedback & Complaints Policy; escalation pathways. |
| 8. Education & training | Ongoing staff training; education for schools, parents, and students. |
| 9. Safe environments | ST4S-aligned digital systems; safety-by-design methods. |
| 10. Continuous improvement | Incident review; data insights; annual policy review. |
6. Child Safety Principles Embedded in Our Work
6.1 Child-Safe Digital Design
Cybernetic Shield implements:
- ST4S technical standards
- risk-based content filtering
- restricted data handling
- safe onboarding/offboarding for student accounts
- transparency in data use
- age-appropriate content design
- visible and persistent help options, warnings before sensitive content, confirmation prompts for risky actions, and clear in-product guidance on how to seek assistance.
6.1A Accessible & Inclusive Digital Environments
Cybernetic Shield designs all child-facing content and tools to be accessible and inclusive. We apply:
- WCAG 2.1 AA accessibility standards
- age-appropriate and plain-language writing
- culturally inclusive examples and imagery
- reduced cognitive load and predictable layouts
- neurodiversity-inclusive design (reduced sensory overload, clear sequencing, limited clutter)
All digital materials must be understandable, easy to navigate, and suitable for diverse learning needs.
6.2 Trauma-Informed Practice
Staff use:
- calm, supportive, non-judgemental language
- active listening
- empowerment and validation
- safety planning when needed
6.3 Privacy and Confidentiality
- Minimal data collection for children
- De-identified reporting by default
- Safety overrides confidentiality when a child is at risk
- Privacy safeguarded by Privacy Policies and Data Governance Standards
7. Behavioural Expectations for All Staff
All staff must:
- treat all children with dignity and respect
- listen and respond sensitively to disclosures
- never shame, blame, scare, or moralise
- maintain professional boundaries
- avoid personal social media interactions with children
- use organisation-approved communication channels only
- protect all identifying information
- comply with mandatory reporting laws
- escalate concerns immediately
Breaches may result in disciplinary action, removal from duties, or referral to authorities.
8. Complaints & Reporting Concerns
8.1 Raising Concerns
Children, parents, carers, and schools can raise concerns or complaints through:
- the Feedback & Complaints Management Policy
- the 3Cs Helpline
- their school’s internal wellbeing or leadership teams
- Cybernetic Shield’s website or email
- anonymous submissions where appropriate
We ensure that all complaints and concerns are managed respectfully, promptly, and in a child-safe way.
Children must have access to simple, child-friendly ways to raise digital concerns. Cybernetic Shield provides clear reporting pathways through the 3Cs Helpline, website forms, and school wellbeing staff. Explanations are written in plain language, with reassurance that children will not be blamed or punished for speaking up.
8.2 Internal Reporting by Cybernetic Shield Staff
If a staff member becomes aware of a concern, disclosure, or risk:
- Ensure the child’s immediate safety
- Record the concern accurately in the approved system
- Escalate internally to:
- Chief Risk Officer (Child Safety Lead), or
- Director of Investigations, or
- Clinical Lead / Director of Helpline
- Do not conduct physical abuse investigations — this is the role of statutory authorities
- Continue to follow internal escalation guidance and provide support to the school or family as appropriate
Digital forensic investigations may continue where lawful and appropriate (e.g., grooming, sextortion, cyber abuse), even if police are involved.
These investigations focus on technical evidence and risk—not on substantiating allegations.
8.3 Mandatory Reporting Obligations
Cybernetic Shield supports mandatory reporting as a shared responsibility with schools and families. We follow a “school-first” reporting model wherever safe and appropriate.
8.3.1 School-First Reporting Model
In school-partnered cases, the school is the primary mandatory reporter, unless:
- The school asks Cybernetic Shield to make the report on their behalf
- The school is unable to report promptly
- The school disagrees with reporting but a child remains at risk
- The incident has no connection to the school (e.g., a parent contacts the CIH directly)
- Immediate harm requires urgent direct escalation to police or child protection
Cybernetic Shield always informs the relevant school when a concern involves one of their students, unless doing so would put the child at further risk.
8.3.2 When Cybernetic Shield Makes a Mandatory Report
We make a direct report when:
- the concern is raised outside a school partnership
- a child is at immediate risk and there is no time to coordinate with the school
- a school requests Cybernetic Shield to submit the report
- a school fails to act and a child remains at risk
- the concern involves serious online offending, including grooming, sextortion, or exploitation
Reports may be made to:
- State/Territory Child Protection
- Police
- eSafety Commissioner (where relevant)
Cybernetic Shield always acts in the best interests of the child.
8.3.3 Who Makes the Mandatory Report
Mandatory and statutory reports shall only be made by:
- Chief Risk Officer (Child Safety Lead), or
- Director of Investigations, or
- CEO (in complex, multi-agency, or organisational cases)
Staff must not attempt to contact child protection or police directly unless:
- the child is in immediate, life-threatening danger, and
- internal escalation cannot be reached in time.
8.3.4 Investigations: What Cybernetic Shield Does and Does Not Do
Cybernetic Shield does not:
- conduct interviews intended to substantiate abuse
- attempt to determine whether allegations are “true”
- replace the role of child protection or police
Cybernetic Shield may, however, continue technical or digital forensic investigations even when a police matter is active, including:
- gathering digital evidence
- reconstructing online timelines
- identifying accounts, devices, or actors
- assessing ongoing risk and safety planning
- providing technical reports to police or schools
This is consistent with our role as a cyber incident and digital safety partner.
8.3.5 Safety Overrides Confidentiality
Confidentiality and privacy never override child safety.
Cybernetic Shield may disclose information to schools, police, child protection, or eSafety if required to keep a child safe.
8.4 Relationship with Schools
Cybernetic Shield:
- collaborates with schools to understand concerns
- provides guidance on reporting obligations
- supports the school’s wellbeing and leadership teams
- can prepare technical evidence or written summaries to assist school-led reporting
- maintains communication until the risk is mitigated
If a school chooses not to report and a child remains at risk, Cybernetic Shield escalates independently.
8.5 What Triggers a Child Safety Escalation
The following always triggers escalation under this policy:
- grooming or predatory behaviour
- sexualised content involving minors
- threats of violence
- credible self-harm or suicide risk
- coercion, blackmail, or extortion
- stalking or harassment
- severe cyberbullying
- disclosures of abuse or major safety risk
8.6 Digital Harm Severity Levels
Cybernetic Shield categorises digital harms to support consistent response and escalation:
- Low-Level Harms – conflict, low-severity cyberbullying, misunderstandings, non-sexual content issues
- Moderate Harms – sexting incidents, harmful content exposure, impersonation, ongoing cyberbullying
- High-Risk Harms – grooming, extortion/sextortion, sexual content involving minors, credible self-harm, threats, or predatory behaviour
High-risk harms always trigger immediate escalation under this policy. Ratings can be altered at the discretion of the CRO, Director of the Helpline, or the Director of Investigations.
9. Digital Safety & Online Interaction Rules
Cybernetic Shield moderates any user-generated content in accordance with child-safe principles. Harmful or inappropriate material is removed promptly, and reports are escalated according to severity. Content reviews are undertaken by trained staff, with urgent matters escalated to the CRO or Investigations team.
Cybernetic Shield ensures:
- no unsafe or inappropriate contact
- no use of personal accounts for interaction
- safe moderation of any user-generated content
- strict protection of student identity
- approved communication channels only
- no screenshots, images, or case details shared externally
10. Technology Safety & ST4S Compliance
We meet or exceed ST4S requirements by ensuring:
- strong authentication
- minimal data collection
- clear data flows
- AU hosting for sensitive student data
- secure content delivery
- no advertising or tracking
- safe deletion and retention practices
- Cybernetic Shield does not use AI to profile children, analyse behaviour, or make automated decisions. Any AI-supported tools must meet strict privacy, safety, and transparency requirements and must not influence or manipulate children.
- All third-party platforms used by Cybernetic Shield (such as LMS or website membership systems) must meet equivalent child-safety, privacy, and security standards. Vendors undergo annual review under our Vendor Management Policy and must uphold the principles in this policy.
11. Working with Schools and Families
We ensure:
- child-friendly explanations of tools
- appropriate consent processes
- transparent communication
- shared responsibility for escalating safety concerns
- support for parents with accessible information
12. Cultural Safety
We commit to:
- cultural respect and responsiveness
- creating safe, inclusive environments for First Nations children
- supporting children with disability
- LGBTQIA+ inclusivity
- accessibility in digital and written content
13. Continuous Improvement
Cybernetic Shield strengthens child safety through:
- annual review of policies
- audits of digital safety controls
- analysis of incidents and disclosures
- community and school feedback
- updated staff training
- learning from new research and regulatory guidance
14. Roles & Responsibilities
| Role | Responsibilities |
|---|---|
| CEO | Ensures organisation-wide commitment to child safety. |
| Chief Risk Officer (Child Safety Lead) | Owns this policy; manages escalations and mandatory reporting. |
| Director of Investigations | Manages escalations and mandatory reporting. |
| Clinical Lead / Director of Helpline | Oversees triage, safety plans, trauma-informed practice. |
| CISO | Ensures ST4S, privacy, and security compliance in digital environments. |
| System Owners | Embed safety in product design and reviews. |
| All Staff & Volunteers | Follow this policy, uphold child-safe behaviour, report concerns immediately. |
15. Related Documents
- External Privacy Policy
- Privacy Management Policy
- Feedback & Complaints Management Policy
- Social Media & Public Communications Policy
- Information Security Policy
- Data Governance & Handling Standard
- Clinical & Technical Governance Framework
- Incident Response Plan
- Data Breach Response Plan
- Workforce Capability & Credentialing Framework
16. Review
This policy is reviewed annually or sooner if:
- legislative changes occur
- a serious incident requires review
- better practice emerges
- feedback indicates required improvements
Appendix A — Mandatory Reporting by Jurisdiction (Summary)
Cybernetic Shield operates nationally and follows a unified, precautionary rule:
If there is reasonable belief a child is unsafe, we report.
Below is a high-level outline of key authorities contacted depending on location of the child or incident.
eSafety Commissioner
Reports are made for:
- illegal or harmful online content
- image-based abuse
- cyberbullying of Australian children
- serious online harms where platforms fail to act
Cybernetic Shield’s internal Child Safety Leads determine the correct reporting pathway.
Mandatory Reporting Requirements by Jurisdiction
| Jurisdiction | Who Must Report | Column 3 | Column 4 |
|---|---|---|---|
| Australian Capital Territory (ACT) |
Doctors, nurses, teachers, police, childcare workers, and others in prescribed roles | Physical, sexual, emotional abuse, and neglect | Child and Youth Protection Services – 1300 556 729 ACT Government CYPS |
| New South Wales (NSW) |
Mandatory reporters include teachers, counsellors, health and welfare professionals | Physical, sexual abuse, serious psychological harm, or neglect | Department of Communities and Justice – 132 111 ChildStory MRG |
| Northern Territory (NT) |
Every adult is a mandatory reporter | Any belief on reasonable grounds that a child has suffered or is likely to suffer harm or exploitation | Territory Families – 1800 700 250 NT Child Protection |
| Queensland (QLD) |
Teachers, early childhood workers, doctors, registered nurses, police, and certain religious and counselling staff | Sexual, physical abuse, or risk of significant harm | Department of Child Safety – 1800 177 135 QLD Child Protection Guide |
| South Australia (SA) |
Broad categories including educators, healthcare, police, and clergy | Any reasonable suspicion of physical, sexual, emotional abuse or neglect | Department for Child Protection – 13 14 78 SA Mandatory Reporting |
| Tasmania (TAS) |
Teachers, childcare, medical, police, psychologists, welfare workers | Physical, sexual abuse, or risk of significant harm | Strong Families, Safe Kids Advice & Referral Line – 1800 000 123 TAS Child Safety |
| Victoria (VIC) |
Teachers, school staff, medical practitioners, nurses, police, early childhood staff | Physical, sexual abuse; emotional abuse and neglect if significant | Department of Families, Fairness and Housing – 1300 664 977 VIC Child Protection |
| Western Australia (WA) |
Teachers, doctors, nurses, midwives, police officers | Sexual abuse or suspicion thereof | Department of Communities – 1800 273 889 WA Child Protection |
Appendix B — Child-Safe Design Standard
Cybernetic Shield designs all digital products, platforms, and user experiences in accordance with Safety-by-Design, TEP, ST4S, and child-safe organisation principles. This Standard applies to the 3Cs Hub, LMS, student portals, helpline interfaces, and any future digital tools.
1. Purpose of the Child-Safe Design Standard
This Standard ensures that all Cybernetic Shield digital environments are designed to:
- protect children and young people from online harm
- avoid manipulation, coercion, or dark patterns
- ensure ease of navigation, comprehension, and help-seeking
- reduce cognitive load and prioritise safety
- support cultural safety, inclusion, and accessibility
- uphold privacy and data minimisation
2. Child-Safe Design Principles
Cybernetic Shield incorporates the following principles into all products:
2.1 No Dark Patterns
Digital environments must:
- avoid pressure tactics (timers, “are you sure you want to leave?” loops)
- avoid reward mechanics that encourage risk-taking
- avoid infinite scroll, autoplay, or engagement-maximising patterns
- present choices in a neutral, unforced way
2.2 Accessible, Inclusive & Age-Appropriate UX
Products must:
- use plain, developmentally appropriate language
- adhere to WCAG 2.1 AA accessibility guidelines
- offer high-contrast text and simple visual layout
- avoid excessive text or complex navigation paths
- consider neurodivergent accessibility (reduced overload, predictable structure)
- include culturally inclusive examples and visuals
2.3 Safe Defaults
All Cybernetic Shield digital experiences must:
- default to the safest option for children
- require explicit confirmation for unsafe actions
- limit optional features until safety is assured
- restrict exposure to inappropriate content or contact
2.4 Embedded Safety Signals
Products must include:
- visible, persistent “Get Help” or “Contact Support” access
- clear reporting pathways
- warnings before exposure to sensitive content
- reassurance wording (e.g., “You’re not in trouble”, “You can ask for help anytime”)
2.5 Transparent Data Practices
Digital experiences must:
- clearly state when and why data is collected
- use child-friendly privacy explanations
- allow children to understand and control their data where possible
- never collect data unnecessary for safety or function
2.6 Risk Assessment of New Features
Before releasing new features:
- a Child Safety Impact Review must be completed
- CRO and CISO must approve new functionality
- risks, mitigations, and privacy impacts must be documented
- testing must include child-safe UX evaluation
2.7 No Advertising, Tracking, or Behavioural Profiling
Cybernetic Shield digital platforms must not include:
- advertising
- behavioural profiling
- third-party behavioural trackers
- influencer-style persuasive design
The 3Cs app and all student platforms must remain free from commercial influence.
3. Responsibilities
- CEO – ensures child-safe digital design is embedded across all products
- CRO (Child Safety Lead) – conducts safety impact reviews
- CISO – ensures ST4S-aligned technical controls
- Product Owners – integrate child-safe design in development
- Design & UX Teams – ensure accessible, age-appropriate design
- All Staff – report any digital safety concerns
4. Continuous Improvement
Cybernetic Shield will:
- annually review digital safety measures
- update content and features based on student feedback
- incorporate learnings from digital safety incidents
- monitor emerging online risks and design best practice