Maintain Effective System Administration Practices
Ensure systems are managed effectively with developed and maintained procedures.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Proactive
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Nov 2022
✏️ Control Stack last updated
22 Feb 2026
🎯 E8 maturity levels
N/A
Guideline
Guidelines for system managementSection
System administrationSystem administration processes, and supporting system administration procedures, are developed, implemented and maintained.
Source: ASD Information Security Manual (ISM)
Plain language
This control is about setting up and keeping good habits for managing your computer systems. It’s important because if these processes are neglected, things can quickly get disorganised, leading to security weaknesses, data loss, and downtime—especially in a small business or school environment where resources are limited.
Why it matters
Without documented and maintained system administration processes, admin tasks become inconsistent, increasing misconfigurations, unpatched systems, unauthorised access, and slower incident recovery.
Operational notes
Maintain documented admin procedures (accounts, patching, backups, change control) and review them after major changes or incidents to keep tasks consistent and repeatable across systems.
Implementation tips
- The IT team should create a clear, written procedure for routine system checks and updates. This can be done by listing all the essential tasks needed to keep your systems running smoothly, such as software updates and backups, and assigning team members to specific tasks.
- System owners should regularly review these procedures with the IT team. They can set up monthly meetings to go through what's been working and what needs tweaking, ensuring that the procedures remain up-to-date and effective.
- Managers should ensure there is a backup plan in place. They can work with the IT team to establish ongoing backup schedules and test the backup process at least once a quarter to confirm that data can be restored if something goes wrong.
- The procurement officer should have a role in system administration by making sure that any new hardware or software purchases fit the existing management procedures. They can review new tool requirements with IT before finalising a purchase.
- HR should collaborate with the IT team to ensure new staff are trained on basic system use and security practices. They could organise onboarding training sessions that cover essential system administration processes and security basics.
Audit / evidence tips
-
Ask: the documented system administration procedures: Request the written guide describing standard processes for the IT team
Good: is a current document that the IT team says they use regularly
-
Ask: them about the last time procedures were updated and why
Good: shows they actively maintain and refine the procedures
-
Good: outcome is the task is done smoothly without unexpected issues
-
Ask: logs or reports of backups conducted, including their success or failure details. Ensure they align with documented procedures
Good: log shows consistent backups with any issues addressed promptly
-
Ask: recent training records: Request documentation on recent staff training regarding system administration practices
Good: includes evidence that all relevant staff attended the sessions
Cross-framework mappings
How ISM-0042 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially overlaps (2) | ||
| Annex A 5.37 | ISM-0042 requires organisations to develop, implement and maintain end-to-end system administration processes and supporting procedures a... | |
| Annex A 8.9 | ISM-0042 requires organisations to develop, implement and maintain effective system administration practices and procedures for managing ... | |
| Related (3) | ||
| Annex A 8.13 | ISM-0042 requires organisations to develop, implement and maintain system administration procedures for effective ongoing system operations | |
| Annex A 8.19 | ISM-0042 requires organisations to maintain holistic system administration processes and procedures that govern operational management ac... | |
| Annex A 8.32 | ISM-0042 requires organisations to establish and maintain comprehensive system administration processes and procedures, including control... | |