Skip to content
Control Stack logo Control Stack
ISM-1220 ASD Information Security Manual (ISM)

Inspect and Destroy Retained Images on Printer Platens

Check printer surfaces, and destroy them if they have any leftover text or images.

Detective Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security ManualGuidelines for information technology equipmentprivacy

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Detective

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

Nov 2021

✏️ Control Stack last updated

19 Mar 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for information technology equipment

Section

IT equipment sanitisation and destruction

Topic

Sanitising Printers and Multifunction Devices
Official control statement
Printer and MFD platens are inspected and destroyed if any text or images are retained on the platen.

Source: ASD Information Security Manual (ISM)

Plain language

This control is about inspecting the glass surface of your office printer or multifunction device for any leftover copies of documents. If documents or images are left on the printer, it poses a privacy risk—imagine sensitive information accidentally being copied or seen by someone who shouldn't have access.

Why it matters

Retained images on printer/MFD platens can expose sensitive documents to unauthorised personnel, causing data leakage and privacy breaches.

Operational notes

Inspect printer/MFD platens routinely; if any ghosted text/images are present, securely destroy the retained image and clean the platen.

Implementation tips

  • The office manager should schedule regular inspections of printer platens. Train staff to check for visible text or images after jobs to prevent data exposure.
  • Assign an IT team member to lead a monthly sanitisation check. They need to clean the printer platens, ensuring no residue images remain, using soft cloths and approved cleaners.
  • Office staff should be reminded to clear any documents immediately after copying. Notice prompts can be placed near machines to help enforce this habit.
  • Plan for immediate removal if sensitive data is found. The IT team should have a protocol for erasing any retained data and preventing future issues.
  • Managers should oversee the formation of a quick response team. Their task is to ensure data that might be retained is properly cleared or destroyed, possibly by consulting the printer’s manual or technical support.

Audit / evidence tips

  • Ask: a record of inspection schedules: Request to see documents scheduling regular printer checks

    Good: record will show regular checks were performed as planned

  • Ask: to see the IT team’s cleaning procedures

  • Ask: emails or notices sent to remind staff about platen checks. Verify the frequency and content match policy. Good evidence shows regular reminders with detailed instructions

  • Ask: to see staff training materials: Request copies of guides or materials used in teaching staff about this process. Good evidence would have detailed steps with who is responsible for actions

Cross-framework mappings

How ISM-1220 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control Notes Details
Partially meets (1)
Annex A 7.14 ISM-1220 requires organisations to inspect printer and MFD platens and destroy them if any text or images are retained

Mapping detail

Mapping

Direction

Controls