Use Write-Once Media for Secure Data Transfers
When moving data between different security levels, make sure to use media that can't be changed, unless the destination can ensure it's read-only.
Plain language
When transferring data between systems with different security levels, it's crucial to use media that can't be altered, like write-once CDs. This is important because changing data mid-transfer could lead to leaks or misuse of sensitive information, so using write-once media prevents tampering.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Mar 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
When transferring data manually between two systems belonging to different security domains, write-once media is used unless the destination system has a mechanism through which read-only access can be ensured.
Why it matters
Using write-once media for cross-domain manual transfers prevents post-write modification and reduces leakage and integrity risks between security domains.
Operational notes
For each manual cross-domain transfer, use write-once media unless the destination can enforce read-only mounting; periodically test and document that control.
Implementation tips
- IT staff should organise a review of existing media usage processes: Ensure staff members are aware of which types of physical media (like CDs or DVDs) can only be written to once. This can involve updating procedures and providing training to relevant staff on the secure handling of such media.
- System owners should coordinate with the IT team to source appropriate write-once media: Identify and purchase media that can be used to securely transfer data. This includes liaising with suppliers to confirm that the media meets security requirements and is compatible with existing systems.
- The IT team should implement a verification process to ensure the media is write-once: Conduct tests to confirm that the media can be written to only once and mark it as secured. This might involve attempting to overwrite the media after data is transferred to verify that it’s not possible.
- Managers should establish a policy for data transfer approval: Create a clear procedure for approving transfers, including a checklist that ensures write-once media is being used for high-security data movements. This could involve setting up a quick form that requires sign-off from a data protection officer.
- The IT team should install software to ensure read-only access on receiving systems: Where exceptions are necessary, configure the systems that will receive data to allow only read access, preventing any changes. This may involve using operating system settings or third-party software to enforce read-only restrictions.
Audit / evidence tips
-
Askdocumentation of the media usage policy: Request written policies that specify the use of write-once media for data transfers between different security levels
Goodis a detailed policy clearly outlining these requirements
-
Askthem how they select appropriate media for transfers. Ensure they describe the process for confirming the media is write-once
Goodis they can articulate the sourcing and testing protocols to ensure media is not reusable
-
Goodis detailed, regularly updated logs showing compliance with the media use policy
-
Goodobservation is staff consistently following procedures and conducting verification checks
-
Askto see any systems configured for read-only access: Request a demonstration of the configured read-only setting on systems receiving data
Goodwould be consistent configuration and a strong knowledge of the protocols to maintain read-only settings
Cross-framework mappings
How ISM-0347 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 5.14 | Annex A 5.14 requires controlled information transfer rules and procedures for all transfer facilities, including manual transfers | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.