Policy Management

Product icon

Create bespoke filtering profiles with sensible defaults to ensure an appropriate level of filtering is applied to every user.

SurfProtect offers flexible filtering settings, offering reasonable defaults with the ability for users to tailor their settings how they need for their school, or for specific users, groups and devices.

IWF & CTIRU members

Organisations such as the UKSIC prescribe that school filtering providers should ensure that content listed by these sources is blocked, due to its highly illegal nature. 

SurfProtect blocks content identified by either the IWF or CTIRU by default, with no ability to opt-out, bypass or disable these settings. These sources, the IWF and CTIRU, are queried automatically multiple times a day to ensure SurfProtect is blocking the most up-to-date data possible.

School-appropriate default settings

SurfProtect provides default settings on all filtering policies to ensure you get the best safeguarding practice straight away. 

SurfProtect policies come as standard with settings curated by Exa to not over-block while meeting the statutory guidance. These defaults cover common scenarios such as blocking adult content, drug-related and violent content, and filtering searches on supported search engines and websites. 

Application Controls

SurfProtect offers a library of pre-built rulesets which enables users to easily allow known applications and websites to work through their filtering. 

Over time Exa has compiled a library of rules which different applications and websites require to be allowed or HTTPS bypassed through SurfProtect. This knowledge is available to SurfProtect users as ‘Application controls’, settings which apply Allowed URLs, HTTPS bypasses and any other required settings in a single click. These controls are added to, and updated, on a regular basis and as applications and websites which require specific settings become known to Exa. 

Filtering Policies tailored to staff and pupils

Teachers and staff often require less restrictive internet access for lesson planning, curriculum delivery, or pastoral care. SurfProtect supports defining staff policies, enabling authorised users to bypass filtering restrictions where necessary. Activity filtered by these policies is still logged and auditable - ensuring staff have the flexibility they need without compromising safeguarding accountability. 

These policies are able to be defined to match specific usernames, usergroups or internal IP addresses if available, allowing schools to define a many or few policies as they require. 

Guest Policies

SurfProtect also enables the creation of guest policies for visitors, contractors, or temporary users. Guests can be given safe, restricted internet access without needing full user accounts or user identity integration, such as Active Directory. This ensures safeguarding controls remain in place across the entire network, while minimising possible inconvenience for short-term users.

Website Recategorisation

SurfProtect recognises that no categorisation database can be perfect. That’s why it gives schools the ability to reclassify websites directly from within the platform. If a site is misclassified — for example, an educational resource blocked under a strict policy — administrators can quickly correct it. This responsiveness ensures that filtering remains both accurate and practical in supporting learning.

Walled Garden - Explicit allow only policies

SurfProtect offers a locked down policy mode, Walled Garden, which blocks all requests against the policy unless explicitly allowed. With this setting enabled, schools can restrict access to only the urls which have been explicitly added to the Allowed URL list of the policy.