Use of Speakerphones in TOP SECRET Areas
Speakerphones can only be used in secure rooms when discussing TOP SECRET matters.
Plain language
This rule is about using speakerphones for discussions involving TOP SECRET information. You can only use speakerphones in specially secured rooms, where conversations can't be overheard by unauthorised people. If this isn't followed, sensitive information could be accidentally shared, leading to serious security breaches.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Speakerphones are not used on telephone systems in TOP SECRET areas unless the telephone system is located in an audio secure room, the room is audio secure during conversations and only personnel involved in conversations are present in the room.
Why it matters
Using speakerphones in TOP SECRET areas outside an audio secure room can allow conversations to be overheard, causing compromise.
Operational notes
Allow speakerphone use only in an audio secure room, verify audio security before calls, and ensure only call participants are present.
Implementation tips
- The office manager should ensure that all areas where TOP SECRET discussions happen are assessed for audio security. This means getting a professional to check that sound can't leave the room and eavesdropping devices can't capture conversations.
- IT staff should set up telephones with speakerphone capabilities only in rooms verified as audio secure. They should use headsets or secure communication devices in other areas to prevent accidental leakage of sensitive information.
- Managers need to brief their teams about which rooms are secure for using speakerphones. They should create a simple list of approved rooms and post it where employees can see it daily, like next to the phones or on the company intranet.
- Security officers should establish a procedure for verifying who is present during TOP SECRET calls. Before the conversation starts, someone should check and log all individuals in the room to ensure everyone there is authorised to hear the information.
- Policy writers should update the organisation’s communication guidelines to include specific sections on the use of speakerphones in TOP SECRET discussions. Clearly outline what constitutes an audio-secure room and the steps to follow for any exceptions.
Audit / evidence tips
- AskThe list of audio-secure rooms: Request the document or log detailing all rooms checked and deemed secure for speakerphone use GoodShows detailed room checks and approval dates
- GoodScenario is seeing soundproofing techniques in place and the use of monitoring equipment to detect audio leaks
- AskThem to describe the process they follow GoodIncludes mentioning name checks and an attendance log or system
- GoodDocument indicates recent training dates and outlines procedures clearly
- GoodPolicy is explicit, recently dated, and widely accessible to all staff
Cross-framework mappings
How ISM-0235 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 7.1 | ISM-0235 prohibits use of speakerphones in TOP SECRET areas unless the telephone system is in an audio secure room, the room remains audi... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.