Classification Retention of Sanitised TOP SECRET Volatile Media
Even after sanitisation, some volatile media retain their TOP SECRET classification depending on data storage duration and repetition.
Plain language
Even when a device is wiped clean, if it held top secret information, it might still be seen as sensitive. That's because it may have stored the same data in one place for a long time or had data saved repeatedly at the same spot. Ignoring this could mean confidential details get into the wrong hands, harming trust and security.
Framework
ASD Information Security Manual (ISM)
Control effect
Responsive
Classifications
TS
ISM last updated
Nov 2021
Control Stack last updated
19 May 2026
E8 maturity levels
N/A
Guideline
Guidelines for mediaSection
Media sanitisationOfficial control statement
Following sanitisation, TOP SECRET volatile media retains its classification if it stored static data for an extended period of time, or had data repeatedly stored on or written to the same memory location for an extended period of time.
Why it matters
Misclassifying sanitised TOP SECRET volatile media as downgraded can expose residual data and compromise national security.
Operational notes
Track volatile media usage; if it held static data long-term or had repeated writes to the same locations, retain TOP SECRET after sanitisation.
Implementation tips
- The IT team should assess volatile media to determine if it held data for a long time or if data was written to the same location repeatedly. This involves consulting logs to track the duration and frequency of data storage on each device.
- Managers responsible for information security need to develop a policy for handling sanitised media that retains a TOP SECRET classification. This can be done by creating guidelines that specify how these devices should be securely stored or destroyed.
- System owners should conduct regular training sessions for staff on the importance of adhering to classification retention guidelines. This involves explaining real-world implications and showcasing sanction processes for non-compliance.
- Procurement officers should ensure that when buying new media, it has features that allow for secure wiping processes and monitoring. This involves researching products and seeking advice from the Australian Cyber Security Centre (ACSC) or similar bodies.
- HR should work with IT to establish an ongoing awareness program highlighting the risks associated with incorrectly handling sanitised TOP SECRET media. This could include posters, emails, and workshops designed to keep the message fresh in employees' minds.
Audit / evidence tips
- AskA log or report documenting the sanitisation process GoodShows clear entries indicating assessment of these factors before concluding the media's classification status
- AskTo see training records or schedules that cover the classification handling processes GoodResult shows regular participation and some evidence of improved understanding among staff
- GoodProgram shows consistency and reinforcement over time, addressing this specific control
Cross-framework mappings
How ISM-0835 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (3) expand_less | ||
| Annex A 7.10 | ISM-0835 addresses the requirement that sanitised TOP SECRET volatile media can still be treated as TOP SECRET based on storage duration ... | |
| Annex A 7.14 | ISM-0835 requires that, even after sanitisation, TOP SECRET volatile media may retain its TOP SECRET classification where data persistenc... | |
| Annex A 8.10 | ISM-0835 deals with the residual risk that sanitisation of TOP SECRET volatile media may be insufficient to remove all recoverable inform... | |
| handshake Supports (1) expand_less | ||
| Annex A 5.12 | ISM-0835 specifies a concrete classification handling outcome: sanitised TOP SECRET volatile media may still retain TOP SECRET classifica... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.