Privileged accounts cannot modify or delete backups.
Ensure privileged users can't change or remove backups, except backup admins.
Plain language
This control is about making sure that people with special access to your systems, like IT administrators, can't change or delete your important backups unless they are specifically responsible for backups. This is important because if someone accidentally or deliberately deletes your backups, or if a hacker gets hold of an admin account, you could lose all your data and not be able to recover it.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
Regular backups
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2
Official control statement
Privileged accounts (excluding backup administrator accounts) are prevented from modifying and deleting backups.
Why it matters
If privileged users can delete or alter backups, attackers can remove recovery points, increasing ransomware impact and causing irrecoverable data loss.
Operational notes
Audit backup repository ACLs regularly so only backup administrator accounts can modify or delete backups; alert on any permission changes.
Implementation tips
- The IT team should have a clear list of who is responsible for backups and ensure only these backup administrators can modify backups. They can use permission settings in the backup software to control access.
- The system administrator should regularly review user accounts with admin privileges. They can do this by running a user access report to identify any accounts with backup modification rights.
- Security officers should conduct regular training for all staff involved with system management to ensure they understand who is allowed to modify backups and why these controls are in place.
- The IT team should implement a logging system that records anytime someone tries to modify or delete a backup. This can be done by enabling logging features in the backup management system.
Audit / evidence tips
- AskWho is allowed to modify or delete backups in your organisation?
- GoodThe system should clearly show that only designated backup administrators have the ability to modify or delete backups
- AskHow often do you review who has access to modify backups?
- GoodAccess reviews are conducted regularly, such as monthly or quarterly, and the logs show that only appropriate personnel have modification access
Cross-framework mappings
How E8-RB-ML2.2 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| ISM-1811 | E8-RB-ML2.2 requires that privileged accounts (excluding backup administrator accounts) cannot modify or delete backups | |
| sync_alt Partially overlaps (3) expand_less | ||
| ISM-1706 | ISM-1706 requires that privileged user accounts (excluding backup administrator accounts) cannot access their own backups | |
| ISM-1708 | E8-RB-ML2.2 requires that privileged accounts (excluding backup administrator accounts) cannot modify or delete backups | |
| ISM-1814 | E8-RB-ML2.2 requires controls that prevent privileged accounts (except backup administrators) from modifying or deleting backups | |
| handshake Supports (2) expand_less | ||
| ISM-1705 | E8-RB-ML2.2 requires that privileged accounts (excluding backup administrator accounts) cannot modify or delete backups | |
| ISM-1928 | E8-RB-ML2.2 requires privileged accounts (other than backup admins) to be unable to modify or delete backups | |
| link Related (1) expand_less | ||
| ISM-1707 | E8-RB-ML2.2 requires that privileged accounts (except backup administrator accounts) are prevented from modifying or deleting backups | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.