Ensure Traffic Separation for Video Conferencing and Telephony
Keep video conferencing and IP phone data separate from other data using VLANs or similar methods.
Plain language
This control is about keeping your internet-based phone calls and video meetings on a separate path from other data on your networks. It's like making sure your main conversations don't get caught up in traffic with other office communications, reducing risks of eavesdropping or interference that could cause misunderstandings or productivity loss.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Sept 2019
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for communications systemsTopic
Traffic SeparationOfficial control statement
Workstations are not connected to video conferencing units or IP phones unless the workstation or the device uses Virtual Local Area Networks or similar mechanisms to maintain separation between video conferencing, IP telephony and other data traffic.
Why it matters
Without VLAN separation between workstations, IP phones and video units, voice/video streams can be intercepted or disrupted, exposing confidential discussions and degrading service.
Operational notes
Regularly validate VLAN (or equivalent) separation for IP telephony/video endpoints and workstation ports; review switchport tagging/voice VLAN settings to prevent traffic mixing.
Implementation tips
- The IT team should set up Virtual Local Area Networks (VLANs) to separate data. They can do this by configuring network switches to treat video conferencing and IP telephony as distinct, ensuring this data isn’t mixed with other types of network traffic.
- The system administrator should review the network architecture to identify sections of the network that handle both video calls and workstation data. Then, they should modify the settings so that these data streams are isolated using VLANs or similar technologies.
- Network managers should update policies to include the requirement for traffic separation before installing any new video conferencing equipment. This policy update ensures that every time new devices are added, they will not compromise the separation of data.
- Business managers should ensure the procurement team coordinates with IT when acquiring new conferencing tools. They need to verify that any new equipment supports VLANs or a similar separation mechanism, which keeps network sections distinct.
- The security officer should train staff on recognising the importance of keeping their personal computers off the same network path as their internet calls and video meetings. This involves hosting informational sessions explaining why separation helps keep communications secure and uninterrupted.
Audit / evidence tips
-
Aska network map that shows physical and virtual network separations
Goodis a detailed diagram showing separate VLANs or equivalent setups dedicated to specific traffic types
-
Goodincludes a stated policy mentioning the use of VLANs or similar methods for data separation
-
Askthe network device configuration logs
Goodshows logs with VLAN ID assignments or similar settings distinct for video and phone traffic
-
Askrecent training materials distributed to staff regarding network use
Goodincludes clear guidance on traffic separation practices aligned with organisational policy
-
Goodincludes emails or meeting notes showing intended support for maintaining traffic boundaries
Cross-framework mappings
How ISM-0556 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.22 | ISM-0556 requires organisations to keep video conferencing and IP telephony traffic separated from other workstation/data traffic using V... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.