Monthly Verification of Data Transfer Logs for SECRET Systems
Check logs every month to ensure safe data transfers in top-secret systems.
Plain language
This control ensures that the logs of data transfers in top-secret systems are checked every month. Doing this is important because it helps catch and fix any issues early. If these logs aren't reviewed, sensitive information could be at risk of being stolen or misused without anyone knowing.
Framework
ASD Information Security Manual (ISM)
Control effect
Detective
Classifications
S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for data transfersSection
Data transfersOfficial control statement
Data transfer logs for SECRET and TOP SECRET systems are fully verified at least monthly.
Why it matters
If monthly verification of SECRET/TOP SECRET data transfer logs is not performed, unauthorised transfers may go undetected, enabling classified data exfiltration and national security compromise.
Operational notes
Monthly, fully verify SECRET/TOP SECRET transfer logs by reconciling each entry to approvals and endpoints; investigate anomalies (unexpected destinations, volume spikes, failures) and retain evidence of completion.
Implementation tips
- The IT manager should assign a team member to check the data transfer logs monthly. They should make it part of their routine to review these logs for any unusual activity or errors.
- The system administrator should ensure the logs are stored securely and are easily accessible for review. They could use a shared folder with restricted access so only authorised personnel can view the logs.
- The compliance officer should schedule a monthly reminder to check that the log reviews are taking place and documented. Using a calendar alert can help ensure this task isn’t forgotten.
- System owners should establish a clear process for what to do if suspicious activity is found in the logs. This could involve contacting the IT team's security expert or following a set protocol.
- The office manager should support by ensuring the IT team has the resources and time needed to conduct the log reviews. This might involve adjusting workloads or providing training.
Audit / evidence tips
- AskThe monthly log review report: Request the document showing the logs were reviewed
- GoodWould be a report listing review dates and any necessary follow-up actions to address issues found
- AskThe procedure document on log reviews: Request the document detailing how these reviews should be conducted
- GoodShows clearly defined responsibilities and step-by-step instructions for the review process
- AskAny incident reports resulting from log review findings: Request documentation of any suspicious activities discovered
- GoodDetails the incidents discovered, actions taken, and how they were resolved
- AskEvidence of training provided to staff conducting reviews: Request records showing training sessions or materials about reviewing logs
- GoodIncludes dates, participant names, and content covered in training sessions
Cross-framework mappings
How ISM-0660 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (2) expand_less | ||
| Annex A 5.14 | ISM-0660 requires organisations to fully verify data transfer logs for SECRET and TOP SECRET systems at least monthly to ensure authorise... | |
| Annex A 5.28 | ISM-0660 requires organisations to fully verify data transfer logs for SECRET and TOP SECRET systems at least monthly to ensure integrity... | |
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| E8-AH-ML2.15 | ISM-0660 requires organisations to fully verify data transfer logs for SECRET and TOP SECRET systems at least monthly to ensure transfers... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.