Prompt Reporting of Cyber Incidents to ASD
Report cyber incidents to ASD immediately when they're identified.
Plain language
When a cyber security incident happens, it's crucial to let the Australian Signals Directorate (ASD) know about it straight away. This is important because if we delay, it might give attackers more time to cause damage and could lead to bigger problems for us, like data breaches or financial losses.
Framework
ASD Information Security Manual (ISM)
Control effect
Responsive
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2, ML3
Guideline
Guidelines for cyber security incidentsOfficial control statement
Cyber security incidents are reported to ASD as soon as possible after they occur or are discovered.
Why it matters
Delays in reporting cyber incidents to ASD increase attack severity, risking data breaches and financial losses.
Operational notes
Define an incident reporting procedure that notifies ASD as soon as possible after detection, with escalation paths, contacts and time targets.
Implementation tips
- IT Team should set up a simple reporting process: Create a clear step-by-step guide for staff on how to report a cyber incident directly to the IT team. This might include filling out a form or sending an email with specific details about what happened.
- Business Owners need to identify the key contact for reporting: Designate a person in the organisation who will be responsible for notifying ASD about any cyber incidents. Ensure staff know who this contact is and how to reach them quickly.
- Managers should run training sessions: Hold regular sessions with all staff to explain what counts as a cyber incident and how to identify it. Use examples relevant to the organisation to make it relatable.
- Office Administrators to maintain a reporting checklist: Develop and distribute a checklist that includes all steps for reporting incidents, including who to contact at ASD and what information is needed.
- IT Managers should establish communication channels with ASD: Ensure there's a direct phone line or email contact with ASD that can be used immediately when an incident is discovered, and test these channels periodically to confirm they are working.
Audit / evidence tips
-
Askincident reporting procedure documents
Goodincludes clear steps, contact information, and is easy for non-technical staff to understand
-
Askthem to describe the process of reporting to ASD and their role in it
Goodis that they can detail the steps, including any communications with ASD
-
Goodis high participation rates and regular trainings scheduled
Cross-framework mappings
How ISM-0140 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 5.5 | Annex A 5.5 requires the organisation to establish and maintain contact with relevant authorities to support rapid coordination during se... | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (4) expand_less | ||
| link Related (4) expand_less | ||
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.