Summer is the calm before the storm. For K-12 IT administrators, the weeks before school starts are when you set the foundation for a smooth (or chaotic) year. Web filtering, device prep, policy updates, staff training — it all needs to happen before that first bell rings.

This isn't a generic "get ready for school" article. This is a detailed, actionable checklist built from conversations with dozens of school IT directors. Print it out. Pin it to your wall. Work through it section by section.

Let's make sure you're ready for 2026-2027.

☐ Section 1: Policy Review and Updates

Before touching any technology, start with policy. Your Acceptable Use Policy (AUP) is the foundation everything else sits on.

Review Your Current AUP

☐ Pull out your current AUP and read it top to bottom
☐ Check dates — is it still referencing the "2024-2025 school year"?
☐ Verify it covers all device types your district uses (Chromebooks, iPads, Windows, BYOD)
☐ Confirm it addresses off-campus/take-home filtering
☐ Make sure consequences for violations are clearly stated

Update for 2026-2027 Realities

☐ AI tools policy — Does your AUP address ChatGPT, Claude, Gemini, Copilot, and other AI tools? If not, this is your #1 update. See our AI tools school policy guide for templates
☐ Social media updates — Are TikTok, BeReal, Threads mentioned? Update the list of platforms you block/allow/monitor. Review our social media filtering strategy
☐ VPN policy — Explicitly prohibit VPN and proxy use on school devices. Students are getting smarter about bypassing web filters
☐ Personal device (BYOD) policy — If you allow BYOD, clarify what filtering applies. Check our BYOD management guide
☐ Data privacy addendum — Ensure your AUP references FERPA, COPPA, and any state-specific privacy laws like SOPIPA (California) or Education Law 2-d (New York)

Get Sign-Off

☐ Submit updated AUP to district legal counsel for review
☐ Present to school board for approval (plan for 2-3 revision cycles)
☐ Prepare parent notification letters (CIPA requires this)
☐ Create student-friendly version for classroom discussions
☐ Set up digital signature collection via your SIS or Google Forms

☐ Section 2: CIPA Compliance Audit

If you receive E-Rate funding (and most districts do), CIPA compliance isn't optional. Summer is the time to audit.

Verify Technical Compliance

☐ Content filtering is active on all school-owned devices — both on-campus and off-campus
☐ Visual monitoring capability exists (live screen viewing or screenshot capture)
☐ Activity logging is enabled with at least 12 months of retention
☐ Category blocking covers CIPA-required categories: obscenity, child pornography, and content harmful to minors
☐ SSL/HTTPS inspection is working — without it, encrypted sites pass through unfiltered. Read about why SSL inspection matters
☐ Authentication ties activity to individual students (not just devices)
☐ Override capability exists for authorized staff to access blocked content for legitimate research

Document Everything

☐ Generate a compliance report from your web filter showing filtering is active
☐ Document your Internet Safety Policy (ISP) — CIPA requires a formal written policy
☐ Keep records of your public hearing (required for CIPA/E-Rate)
☐ Archive board meeting minutes where the ISP was adopted
☐ Store all documentation in your E-Rate filing records

E-Rate Filing Check

☐ Verify your E-Rate discount rate is current
☐ Check Form 479 status (CIPA certification)
☐ Review Form 470 for upcoming filing windows
☐ Confirm your web filtering vendor is E-Rate eligible — KyberGate is fully E-Rate eligible through Category 2 or ancillary services

☐ Section 3: Device Preparation

Devices should be wiped, updated, and ready to hand out on day one.

Chromebook Fleet

☐ Factory reset and re-enroll any devices returned by graduating students
☐ Update Chrome OS to the latest stable channel
☐ Verify web filter extension is force-installed via Google Admin
☐ Test filtering on 3-5 sample devices (try accessing blocked categories, unblocked game sites, and known bypass methods)
☐ Update organizational unit (OU) structure if you've reorganized schools or grade levels
☐ Remove any devices from inventory that are end-of-life (check your Chrome device management)
☐ Charge all devices and verify battery health

iPad Fleet

☐ Update all iPads to the latest iPadOS version
☐ Verify MDM profiles are installed and locked — your PAC proxy configuration should be pushed via MDM
☐ Test web filtering on sample devices (verify SSL inspection certificates are installed)
☐ Check supervised mode is enabled (required for effective filtering)
☐ Review app restrictions — remove unauthorized apps, approve new ones for the year
☐ For 1:1 programs, review our iPad 1:1 web filtering guide

Windows/Mac Fleet

☐ Apply all OS updates and security patches
☐ Verify web filter agent/proxy configuration is active
☐ Test with sample devices
☐ Update antivirus definitions
☐ Clear local browser profiles if devices are shared

New Device Imaging

☐ Create or update your base device image with the latest OS, apps, and filter configuration
☐ Document the imaging process so any IT staff member can replicate it
☐ Test the image on one device of each model before mass deployment

☐ Section 4: Web Filter Configuration Updates

Your web filter policies from last year probably need tuning. Students evolve, threats change, and new tools emerge.

Review Block/Allow Lists

☐ Pull last year's "most blocked" report — are there sites being blocked that teachers actually need?
☐ Pull last year's "override request" log — if the same sites keep getting unblocked, update the policy
☐ Review allow lists — are there sites from last year's curriculum that are no longer needed?
☐ Add newly identified gaming and bypass sites to your blocklist
☐ Block or restrict VPN and proxy services
☐ Update YouTube filtering policies — consider per-grade-level access

Update Filtering Policies by Group

☐ Elementary (K-5): Strictest filtering, SafeSearch enforced, social media blocked, AI chatbots blocked. Review our SafeSearch enforcement guide
☐ Middle school (6-8): Moderate filtering, limited social media access for digital citizenship, AI chatbots monitored but restricted
☐ High school (9-12): More open access with monitoring, selective social media access, AI tools available with monitoring
☐ Staff/Teachers: Full access with logging, ability to request temporary unblocks for classroom use
☐ Guests/BYOD: Filtered access on school network, basic category blocking

AI Tool Policies (New for 2026-2027)

This is the biggest policy area for the new school year. AI tools are everywhere and you need a clear stance.

☐ Decide your district's position: block, allow with monitoring, or differentiate by grade level
☐ Configure ChatGPT policies — block for elementary, monitor for secondary?
☐ Address Claude, Gemini, Copilot, and other AI platforms — see our AI chatbot blocking guide
☐ Enable AI Chat Monitor if your filter supports it (KyberGate monitors AI conversations in real-time)
☐ Create teacher guidelines for using AI in lesson plans
☐ Develop a comprehensive AI acceptable use policy

Test Everything

☐ Test filtering on each device type (Chromebook, iPad, Windows, Mac)
☐ Test on-campus and off-campus filtering
☐ Test with student accounts AND staff accounts
☐ Verify SafeSearch is enforced on Google, Bing, and YouTube
☐ Try to access known bypass methods (VPN apps, web proxies, DNS changes)
☐ Verify override/unblock workflow works for staff

☐ Section 5: Student Safety Monitoring Setup

Student safety monitoring is no longer optional — it's a core responsibility.

Configure Safety Monitoring

☐ Verify student safety monitoring is active on all student accounts
☐ Review alert severity levels and ensure appropriate staff are receiving alerts
☐ Update the list of designated responders (counselors, administrators, safety officers)
☐ Configure after-hours alert routing (who gets alerts at 11 PM on a Saturday?)
☐ Test alert delivery — send a test alert and verify the right people receive it
☐ Review Google Workspace monitoring settings if you use Google for Education

Establish Response Protocols

☐ Document your response protocol: Who responds to what severity level?
☐ Prepare scripts for difficult parent conversations about monitoring alerts
☐ Coordinate with school counselors on intervention workflows
☐ Ensure your protocol aligns with mandatory reporting laws in your state
☐ Train designated responders on the monitoring dashboard
☐ Review your incident response plan

☐ Section 6: Staff Training

Technology is only as good as the people using it. Budget time for training.

IT Staff Training

☐ Walk through the filter administration dashboard with all IT staff
☐ Review common troubleshooting scenarios (blocked site requests, override procedures, device issues)
☐ Document escalation paths — who handles what
☐ Cross-train at least one backup person for every critical role
☐ Review your cybersecurity incident response plan
☐ Run through a tabletop exercise for a ransomware scenario

Teacher Training

☐ Schedule teacher training sessions during professional development days
☐ Demonstrate how to use classroom management tools (screen monitoring, focus mode, push URLs)
☐ Show teachers how to request site unblocks and how long the process takes
☐ Explain the AI tools policy and how it affects their lesson plans
☐ Provide a one-page quick reference guide for common tasks
☐ Set realistic teacher expectations for the web filter rollout

Administrator Training

☐ Show administrators how to access activity reports and safety alerts
☐ Walk through the student safety monitoring dashboard
☐ Explain what data is collected and how long it's retained (FERPA compliance)
☐ Demonstrate how to present web filtering ROI to the school board

☐ Section 7: Game Blocking Preparation

If you've been in K-12 IT for more than five minutes, you know: game blocking is a constant battle. Start the year strong.

Update Game Block Lists

☐ Research the latest "unblocked games" sites trending among students (check TikTok, Reddit, and Discord)
☐ Block the Chrome Dino game (yes, students play this constantly during "slow Wi-Fi" complaints)
☐ Add known Google Sites game mirrors to your blocklist
☐ Block popular gaming platforms: Steam, Epic, Roblox, Discord (on school devices)
☐ Review why static blocklists aren't enough — consider AI-powered game detection

Configure Proactive Detection

If your web filter supports it, enable proactive game detection features:

☐ Enable real-time content analysis (catches games on unknown sites)
☐ Enable Canvas/WebGL detection (catches browser-based game rendering)
☐ Enable search pattern monitoring ("unblocked games" searches are an early warning)
☐ KyberGate users: verify all 8 layers of the game detection engine are enabled

☐ Section 8: Network and Security

Web filtering is just one layer of your security posture. Use summer to harden everything.

Network Security

☐ Update firewall rules and review access control lists
☐ Verify network segmentation (student, staff, guest, IoT on separate VLANs)
☐ Update Wi-Fi passwords and RADIUS configurations
☐ Test bandwidth — is your network ready for day-one load?
☐ Review your cybersecurity framework compliance

Endpoint Security

☐ Update antivirus/endpoint protection on all devices
☐ Verify mobile device management (MDM) enrollment for all devices
☐ Disable USB ports on shared devices if policy allows
☐ Review local admin access — students should never have admin rights
☐ Check for shadow IT risks — unauthorized software or services

Backup and Recovery

☐ Verify backup schedules are running and backups are valid
☐ Test a restore from backup (when was the last time you actually tested this?)
☐ Review your disaster recovery plan
☐ Confirm cyber insurance coverage is current and adequate
☐ Check your ransomware defense posture

☐ Section 9: Communication and Documentation

Internal Communication

☐ Send "Welcome Back" email to all staff with key IT information for the year
☐ Include: helpdesk contact info, AUP summary, new technology policies, training dates
☐ Provide printed quick reference cards for teachers (filter bypass requests, classroom tools, common troubleshooting)
☐ Update your internal IT knowledge base or wiki

Parent Communication

☐ Prepare parent newsletter section about technology and online safety for the year
☐ Create FAQ for parents about web filtering (what's monitored, what's blocked, privacy)
☐ Set up parent portal access if your filter supports it
☐ Prepare talking points for Back-to-School Night technology discussions

Documentation

☐ Update your network documentation (diagrams, IP assignments, credentials)
☐ Document all web filter policy changes from the summer
☐ Create a "state of IT" report for your superintendent
☐ Archive last year's filtering reports for compliance records

☐ Section 10: Vendor and Budget Check

Current Vendor Review

☐ Check your web filter contract renewal date — is it time to evaluate alternatives?
☐ Review your vendor's pricing against competitors (see our school web filter buyer's guide)
☐ Verify your vendor addresses the latest threats (AI tools, VPN bypass, hosted games)
☐ Check if your current contract allows you to pilot alternatives — KyberGate offers free 30-day pilots

Budget Planning

☐ Submit purchase orders for any new hardware or software
☐ File E-Rate applications for eligible services — review our E-Rate funding guide
☐ Prepare justification documents for any new technology purchases
☐ Calculate ROI of your web filtering investment for budget discussions

The First Week: Quick Wins

Once school starts, the first week is critical. Here's your day-by-day focus:

Day 1: Monitor, don't fix. Watch the dashboard. Note what's getting blocked that shouldn't be, and what's getting through that shouldn't. Resist the urge to make changes on day one — collect data.

Day 2-3: Tune based on teacher feedback. You'll get help desk tickets. Common ones: "I can't access [educational site]" and "Students are playing games on [new site]." Address these in batches, not one at a time.

Day 4-5: Review and adjust. Pull your first week's activity report. Look for:

Unexpected traffic patterns
Students testing bypass methods
Sites that need policy exceptions
Safety monitoring alerts that need response protocol adjustments

End of Week 1: Send a summary. Email your principals and superintendent a brief "first week technology status" report. Include: number of devices deployed, filtering status, any incidents, and next steps. Proactive communication builds trust.

Download the Checklist

Want a printable version of this checklist? Request a demo of KyberGate and we'll send you a PDF version along with our complete IT admin toolkit for the 2026-2027 school year.

Already using a web filter and curious if KyberGate might be a better fit? Run a side-by-side comparison with our web filter comparison guide, or check how we stack up against specific competitors like GoGuardian, Securly, or Lightspeed Systems.