Scanning Data for Threats Before Manual Import
Ensure data is checked for viruses and threats before being imported into systems.
Plain language
When you're moving data into your computer systems, it's crucial to check it for any hidden viruses or harmful content first. If you skip this step, you could accidentally let in malicious software that can corrupt your system or steal sensitive information, leading to major disruptions or data breaches.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
When manually importing data to systems, the data is scanned for malicious and active content.
Why it matters
Failing to scan data before manual import can introduce malware or active content, causing compromise, breaches, and outages.
Operational notes
Before each manual import, scan files/media with current signatures and active-content detection, and block/quarantine any detections.
Implementation tips
- The IT team should be responsible for setting up a reliable anti-virus software that automatically scans data files before they are imported. They can choose a reputable software that updates regularly to ensure it detects the latest threats.
- Managers should ensure that all staff involved in manual data imports are trained on the importance of scanning files first. This can be done through regular training sessions and reminder alerts.
- Data entry staff should manually run the scan on each batch of data before uploading. They can use an easy step-by-step guide provided by the IT team to ensure no data is imported without a clean bill of health.
- System owners should regularly review the scanning process and update procedures if new types of threats are identified. They can meet semi-annually with the IT team to discuss any necessary changes based on emerging threats.
- Procurement teams should include requirements for data scanning capabilities when selecting new software solutions. It's important they work with IT to make sure any new tools can integrate with existing scanning solutions.
Audit / evidence tips
-
Askthe records of scanned data logs: Request logs that show recent data imports have been scanned for threats
Goodlogs show consistent scanning with no missed imports, and all logs are dated with results
-
Askthe training records of staff responsible for data imports: Request evidence that shows these staff have been trained on data scanning procedures
Goodup-to-date training records showing completion dates and details of the training content
-
Askto see the anti-virus software subscription or licence: Request proof of a valid and active subscription to an anti-virus tool
Gooda current and valid subscription with the software updated to the latest version
-
Aska demonstration of the scanning process: Request a live demonstration of how data files are scanned before being imported
Goodclear procedure that includes automatic or manual scanning with an easy-to-understand user interface
-
Askfeedback from system owners on the effectiveness of data scanning: Request any reports or assessments discussing the scanning process's effectiveness
Goodpositive feedback highlighting effectiveness with any recommendations for improvements noted and actioned
Cross-framework mappings
How ISM-0657 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.7 | ISM-0657 requires that data is scanned for malicious and active content before it is manually imported into systems | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.