Ensure UPS Powers All Top Secret IT Equipment
All Top Secret IT equipment must use power from a board with a UPS to maintain functionality during power outages.
Plain language
All Top Secret IT equipment needs to be connected to an Uninterruptible Power Supply (UPS) to ensure it keeps running during a power outage. This is crucial because if such equipment loses power unexpectedly, sensitive data could be at risk, operations could be disrupted, and you might face significant downtime and security breaches.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
TS
ISM last updated
May 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Section
Cabling infrastructureTopic
Power ReticulationOfficial control statement
A power distribution board with a feed from an Uninterruptible Power Supply is used to power all TOP SECRET IT equipment.
Why it matters
Without UPS-backed power distribution, TOP SECRET systems may shut down in outages, causing data loss and mission disruption.
Operational notes
Test the UPS and its feed to the power distribution board; replace batteries on schedule and confirm TOP SECRET racks stay on UPS power.
Implementation tips
- The IT team should install a UPS system for all Top Secret IT equipment. This can be done by first assessing the power requirements of each device and then choosing a UPS that can handle that load and has enough battery life to cover typical outages.
- Facilities management should ensure that the power distribution board in use is correctly connected to the UPS. They can do this by working with an electrician to install the necessary cabling and confirm that power is fed through the UPS.
- Managers should create a maintenance schedule for the UPS systems. This involves regular testing and battery checks, which help ensure the UPS can provide backup power when needed.
- System owners should document which equipment is powered by the UPS and update this inventory whenever there are changes in the setup. This helps keep track of which devices are protected and ensures all necessary equipment is covered.
- IT security personnel should verify and periodically review the setup to confirm that all Top Secret IT equipment remains connected through the UPS. This can be done by cross-referencing the equipment inventory against the power configuration.
Audit / evidence tips
-
Askthe UPS installation plan: Request documentation or diagrams that show how the UPS is connected to the Top Secret IT equipment
Goodwill show clear and complete links for all equipment listed
-
Askthe maintenance log: Examine the record of maintenance activities for the UPS
Goodlog has entries with dates, activities performed, and signatures of those who conducted the maintenance
-
Askto see the equipment inventory: Check the list of Top Secret IT equipment against the UPS setup. Look to see that all listed items are aligned with the UPS connections
Goodwill have a comprehensive and updated list that matches with the UPS-fed power board
-
Asktesting procedures: Request the documentation that outlines how the system's UPS is tested for effectiveness during outages
Goodprocedure shows successful test results and includes plans for correcting any issues found
-
Askincident response documentation: See if there is a plan for what happens when the UPS fails
Goodprovides clear action plans and roles during power incidents
Cross-framework mappings
How ISM-1123 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 7.11 | ISM-1123 requires a power distribution board fed by an Uninterruptible Power Supply (UPS) to power all TOP SECRET IT equipment to maintai... | |
| handshake Supports (2) expand_less | ||
| Annex A 5.29 | ISM-1123 requires UPS-backed power delivery for TOP SECRET IT equipment to improve resilience to power outages and maintain availability | |
| Annex A 5.30 | ISM-1123 requires UPS power to be used for all TOP SECRET IT equipment so services remain available during loss of mains power | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.