Policies and Procedures
(always Ofsted-ready status)
REPORT A SAFEGUARDING INCIDENT HERE
(Including any low level concerns.)
Access UK Gov PREVENT Training HERE
Team Member Policy Acknowledgement HERE
Step8Up maintains a comprehensive set of policies and procedures to support good governance, legal compliance, quality assurance, and responsible operations across our training, education, and consulting activities.
All policies are reviewed regularly and aligned with relevant standards and guidance, including Cyber Essentials Plus (2025), UK GDPR, ICO requirements, Ofsted expectations, and industry best practice (ISO 27001 expected in 2026). Document control information — including version history, approval details, and review dates — is contained within the individual PDF documents.
Some policies are publicly accessible for transparency and external reference, while others are internal and available only through password-protected access for authorised users.
General guiding principle of internal vs external (public)
-
Public = anything a learner, parent/guardian, employer, partner, or auditor might reasonably expect to see (rights, safety, fairness, complaints, privacy).
-
Internal = “how we do it” procedures, security controls, operational details, keys, incident playbooks, internal QA.
-
Even if a policy is internal, for reasons and with prior information request, we are glad to provide access (example of reasons: Ofsted inspections, request for more info from an organisation etc). Please note, it may take some time depending on the request.
External (Public) Policies :
Jan 2026 in progress – aligned with Cyber Essentials Plus, upcoming ISO 27001 and Ofsted standards.
Internal Policies :
Email us here for the access password to the policies below
Jan 2026 in progress – aligned with Cyber Essentials Plus, upcoming ISO 27001 and Ofsted standards.
