Report Potential Compromises of Mobile Devices Overseas
Inform your employer immediately if your mobile device is compromised or shows unusual behaviour while overseas.
Plain language
If you take your mobile device overseas and it acts strangely or gets handled by foreign officials, tell your boss right away. This is important because if your device is compromised, it could lead to sensitive information being stolen or misused, affecting both your privacy and your organisation's security.
Framework
ASD Information Security Manual (ISM)
Control effect
Responsive
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Mobile device usageOfficial control statement
Personnel report the potential compromise of mobile devices, removable media or credentials to their organisation as soon as possible, especially if they: - provide credentials to foreign government officials - decrypt mobile devices for foreign government officials - have mobile devices taken out of sight by foreign government officials - have mobile devices or removable media stolen, including if later returned - lose mobile devices or removable media, including if later found - observe unusual behaviour of mobile devices.
Why it matters
If overseas device compromise isn’t reported quickly, attackers may keep access to accounts, data and communications, enabling espionage and wider compromise.
Operational notes
Brief travellers to report immediately if foreign officials request credentials/decryption, take devices out of sight, or if devices/media are lost, stolen or act unusually.
Implementation tips
- Employees should be trained to recognise signs of device compromise. This involves participating in a brief training session or workshop where common signs like unexpected behaviour or unfamiliar apps are explained. Make sure training materials include real-world examples and are easy to understand.
- Managers should establish a clear reporting process for device issues encountered overseas. Develop a simple policy that employees can follow if their device is compromised. This might involve calling a designated IT contact immediately or filling out an online incident report form.
- IT departments should create a checklist for employees to follow before travelling. This checklist should include steps like installing security updates, backing up data, and setting strong passwords. The checklist can be distributed via email or as a downloadable document from the company's intranet.
- HR should ensure that employees who travel have access to the necessary contact details. Distribute an emergency contact list with relevant phone numbers or email addresses that employees can reach out to if their devices are compromised while overseas.
- Security teams should regularly update the overseas mobile device policy. This involves reviewing and refining policies based on past incidents and feedback from employees. Ensure that the revised policies are communicated clearly to all staff before travel.
Audit / evidence tips
-
Askthe training materials used to educate employees about mobile device compromise
Goodincludes up-to-date materials with real-life examples and evidence of recent training sessions
-
Goodshows a simple, easy-to-follow document that is accessible to all employees
-
Aska copy of the pre-travel checklist provided to employees
Goodis a comprehensive list that has been distributed to all staff planning travel
-
Goodshows that all contact information is up-to-date and that staff have been informed how to access it
-
Askrecords of overseas mobile device policy reviews
Goodincludes regularly updated policies with a documented review cycle and recent revisions based on feedback
Cross-framework mappings
How ISM-1088 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 5.24 | ISM-1088 requires personnel to report potential compromises of mobile devices, removable media or credentials quickly, especially when ov... | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 6.8 | Annex A 6.8 requires mechanisms and defined channels for personnel and other relevant parties to report security events and suspected wea... | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (2) expand_less | ||
| E8-RA-ML2.11 | ISM-1088 requires personnel to rapidly report potential compromise of mobile devices, removable media, or credentials, particularly in ov... | |
| E8-AH-ML2.16 | ISM-1088 requires personnel to rapidly report potential compromise of mobile devices, removable media, or credentials, particularly when ... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.