Sanitise Media After Data Transfers Between Domains
Clean rewriteable media after transferring data between systems of different security levels.
Plain language
When you move files using a USB stick or another rewritable disk between computers with different security levels, like from a personal laptop to a work computer with sensitive information, you need to wipe it clean afterwards. This is important because if you don’t, the disk could carry confidential data to places it shouldn't, risking a data leak or security breach.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Mar 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
When transferring data manually between two systems belonging to different security domains, rewritable media is sanitised after each data transfer.
Why it matters
If rewritable media isn’t sanitised after each cross-domain manual transfer, residual data can leak between domains and be accessed unauthorised.
Operational notes
After every manual transfer between security domains, sanitise rewritable media using an approved method and record completion to prevent residual data carryover.
Implementation tips
- IT staff should establish a clear protocol for sanitising media. This can be done by providing employees with a step-by-step guide on how to completely erase data from rewritable media after use.
- Managers should ensure staff are trained to understand the importance of sanitising media. Host a training session where employees learn why it's critical for data protection and the steps involved in doing it.
- The IT team should set up technical tools to help staff erase data from media automatically. Implement software on work devices that prompts users to clean media after use or does it automatically when plugged in.
- Office managers could designate a secure spot to check and clean media after data transfers. Encourage employees to visit the tech support desk where IT can help erase data immediately after transfers.
- HR should incorporate media sanitisation policies into the onboarding process. Include a section in the employee handbook defining the procedure and significance of sanitising media used for data transfers.
Audit / evidence tips
- AskThe media sanitisation procedure document: Request the written procedure for how rewritable media should be cleaned GoodIs a comprehensive guide with examples and contact details for further help
- AskTo see training records: Request documentation that shows employees have been trained in media sanitisation practices GoodIs a list of courses with employee participation rates and dates
- AskTo see software tools used for media sanitisation: Request a demonstration of the software tools provided to staff for cleaning media GoodIncludes a demonstration showing how the tool works
- AskTo review logs for recently sanitised media: Request the log file that records instances of media sanitisation GoodIs a log entry showing regular use of the sanitisation process
- AskThe policy document given to employees regarding media use: Request a copy of the section of the employee handbook that discusses media use and sanitisation GoodIs a plainly written policy that includes both 'why' and 'how' instructions
Cross-framework mappings
How ISM-0947 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 7.10 | ISM-0947 requires sanitising rewritable media after each manual transfer of data between different security domains | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 7.14 | ISM-0947 requires that when data is manually transferred between systems in different security domains, any rewritable transfer media is ... | |
| handshake Supports (1) expand_less | ||
| Annex A 5.14 | ISM-0947 requires sanitising rewritable media after each manual transfer between different security domains to prevent information leakag... | |
| link Related (1) expand_less | ||
| Annex A 8.10 | Annex A 8.10 requires deletion of information from storage media once it is no longer required | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.