Privileged accounts cannot modify or delete backups.
Ensure privileged users can't change or remove backups, except backup admins.
🏛️ Framework
ASD Essential Eight
🧭 Control effect
Preventative
🛠️ E8 mitigation strategy
Regular backups
🔐 Classifications
N/A
🗓️ Official last update
N/A
✏️ Control Stack last updated
22 Feb 2026
🎯 E8 maturity levels
ML2
Privileged accounts (excluding backup administrator accounts) are prevented from modifying and deleting backups.
Source: ASD Essential Eight
Plain language
This control is about making sure that people with special access to your systems, like IT administrators, can't change or delete your important backups unless they are specifically responsible for backups. This is important because if someone accidentally or deliberately deletes your backups, or if a hacker gets hold of an admin account, you could lose all your data and not be able to recover it.
Why it matters
If privileged users can delete or alter backups, attackers can remove recovery points, increasing ransomware impact and causing irrecoverable data loss.
Operational notes
Audit backup repository ACLs regularly so only backup administrator accounts can modify or delete backups; alert on any permission changes.
Implementation tips
- The IT team should have a clear list of who is responsible for backups and ensure only these backup administrators can modify backups. They can use permission settings in the backup software to control access.
- The system administrator should regularly review user accounts with admin privileges. They can do this by running a user access report to identify any accounts with backup modification rights.
- Security officers should conduct regular training for all staff involved with system management to ensure they understand who is allowed to modify backups and why these controls are in place.
- The IT team should implement a logging system that records anytime someone tries to modify or delete a backup. This can be done by enabling logging features in the backup management system.
Audit / evidence tips
-
Ask: Who is allowed to modify or delete backups in your organisation?
-
Good: The system should clearly show that only designated backup administrators have the ability to modify or delete backups
-
Ask: How often do you review who has access to modify backups?
-
Good: Access reviews are conducted regularly, such as monthly or quarterly, and the logs show that only appropriate personnel have modification access
Cross-framework mappings
How E8-RB-ML2.2 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| ISM-1811 | E8-RB-ML2.2 requires that privileged accounts (excluding backup administrator accounts) cannot modify or delete backups | |
| Partially overlaps (3) | ||
| ISM-1706 | ISM-1706 requires that privileged user accounts (excluding backup administrator accounts) cannot access their own backups | |
| ISM-1708 | E8-RB-ML2.2 requires that privileged accounts (excluding backup administrator accounts) cannot modify or delete backups | |
| ISM-1814 | E8-RB-ML2.2 requires controls that prevent privileged accounts (except backup administrators) from modifying or deleting backups | |
| Supports (2) | ||
| ISM-1705 | E8-RB-ML2.2 requires that privileged accounts (excluding backup administrator accounts) cannot modify or delete backups | |
| ISM-1928 | E8-RB-ML2.2 requires privileged accounts (other than backup admins) to be unable to modify or delete backups | |
| Related (1) | ||
| ISM-1707 | E8-RB-ML2.2 requires that privileged accounts (except backup administrator accounts) are prevented from modifying or deleting backups | |