Backup administrators cannot modify or delete backups during retention
Ensure backup admins can't change or remove backups until retention ends.
Plain language
This control is all about making sure that backup administrators can't change or delete important backup data until it's no longer needed. This is crucial because if backup copies are altered or lost too soon, it could leave us with no way to recover key information if something goes wrong, like a data breach or system failure.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
Regular backups
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Official control statement
Backup administrator accounts are prevented from modifying and deleting backups during their retention period.
Why it matters
If backups can be altered or deleted prematurely, critical data recovery following incidents like cyber attacks or system failures may be impossible.
Operational notes
Regularly verify backup access controls so admin accounts cannot modify or delete backups during the retention period.
Implementation tips
- IT team should ensure backup software settings are configured to prevent administrators from modifying or deleting backups during the retention period. This can be done by setting strict permissions and roles within the software.
- Security officer should review and update access control lists regularly to ensure they reflect current staff roles and responsibilities. This means checking who has access to backup systems and adjusting permissions as needed.
- System administrator should implement logging on backup systems to monitor and record any attempts to modify or delete backups during their retention period. Enable detailed logging features available in the backup software.
- IT manager should establish a policy that clearly defines retention periods for different types of data. This involves collaborating with business units to understand the importance and required retention times of various datasets.
- Compliance officer should provide training to backup administrators on security protocols and the importance of retaining backups without alteration. Offer workshops or e-learning sessions on data protection and security responsibilities.
Audit / evidence tips
-
AskCan you describe the process for preventing backup modification or deletion during the retention period?
-
GoodBackup software settings restrict all modification and deletion actions for backup administrators during the retention period, and this is enforced by structured access control policies
-
AskHow do you ensure that the correct retention policies are being followed for all data backups?
-
GoodRetention policies are clearly documented, regularly reviewed, and the system configurations enforce these policies effectively
-
AskWhat methods are used to detect and log unauthorised access or changes to backups?
-
GoodSecurity logs are actively monitored, and alerts are set up to notify administrators of any attempts to modify or delete backups during retention
Cross-framework mappings
How E8-RB-ML3.3 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 8.13 | Annex A 8.13 requires organisations to maintain backups and regularly test them so they are usable for recovery | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (3) expand_less | ||
| ISM-1707 | ISM-1707 focuses on preventing non-backup administrators from modifying/deleting backups, whereas E8-RB-ML3.3 constrains backup administr... | |
| ISM-1814 | E8-RB-ML3.3 requires that backup administrator accounts cannot modify or delete backups during their retention period | |
| ISM-1928 | ISM-1928 requires backups of specific identity services (AD DS, AD CS, AD FS and Entra Connect) to be encrypted, stored securely, and onl... | |
| link Related (2) expand_less | ||
| ISM-1708 | ISM-1708 requires that backup administrator accounts are prevented from modifying or deleting backups during their retention period | |
| ISM-1811 | ISM-1811 requires backups to be retained securely and resiliently, which includes protecting them from tampering and deletion during the ... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.