Visual Indication for Secure Telephone Connections
Telephone systems must show a visual cue for the security level of a call when using encryption.
Plain language
Imagine you're on a phone call discussing sensitive information. You want to know if the chat is secure. This control helps by making sure your phone shows a visual signal, like a green light or an icon, indicating the security level when calls are encrypted. This matters because without it, you risk discussing private data over insecure lines, potentially exposing your business to eavesdropping or data breaches.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
When using cryptographic equipment to permit different levels of conversation for different kinds of connections, telephone systems give a visual indication of what kind of connection has been made.
Why it matters
Without a visual indication of secure vs non-secure calls, staff may discuss classified or sensitive information on an insecure link, causing disclosure.
Operational notes
Confirm telephones clearly display the secure/non-secure connection state when crypto is used; train users to verify it before speaking and to report indicator faults.
Implementation tips
- IT team should ensure that phone systems are equipped with the capability to display security indicators. Research phone systems that have this feature and verify with suppliers before purchasing or upgrading systems.
- System administrators need to configure the phone systems to show the right visual cues. Follow the manufacturer's instructions to set up the display that indicates when a secure or unsecure connection is being used.
- Office managers or the IT team should train staff on what the security indicators mean. Organise a briefing session where employees can learn to recognise the visual cues and understand the implications of different security levels.
- Procurement should include criteria for encrypted communication and visual indicators in vendor contracts. When contracting new phone services, specify the need for visual security indicators as a must-have feature.
- Managers should conduct regular checks to ensure the visual indicators are functioning correctly. Schedule monthly tests where selected employees make a secure connection and confirm the visual cue is shown.
Audit / evidence tips
- AskThe phone system vendor documentation: Request the documentation that describes how the visual indicators work GoodIncludes a detailed explanation of these functions in the documentation
- GoodHas the settings clearly showing these features are active
- AskEmployees if they can recognise the visual indicators and understand their meanings GoodIs staff members who can accurately describe what the indicators signify and when they're used
- GoodIs a clear visual signal, like a light or icon, appearing on the phone display
- AskLogs showing regular checks have been performed on the system GoodIncludes dated records with actions taken to fix any indicator problems
Cross-framework mappings
How ISM-0231 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 8.24 | ISM-0231 requires telephone systems using cryptographic equipment for multiple security levels to provide a visual indication of the conn... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.