Skip to content
Control Stack logo Control Stack
ISM-1298 ASD Information Security Manual (ISM)

Advise Personnel on Overseas Mobile Device Security

Inform staff about privacy and security risks when taking mobile devices abroad.

Proactive Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security ManualGuidelines for enterprise mobilityAwareness and trainingPrivacyUser devices

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Proactive

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

Sept 2019

✏️ Control Stack last updated

22 Feb 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for enterprise mobility

Section

Mobile device usage

Topic

Before Travelling Overseas With Mobile Devices
Official control statement
Personnel are advised of privacy and security risks when travelling overseas with mobile devices.

Source: ASD Information Security Manual (ISM)

Plain language

Taking your mobile device overseas can expose it to privacy and security risks, such as data theft or hacking. This control is about ensuring staff understand these risks and know how to protect their devices and the information on them when they travel. If not managed properly, sensitive data could be stolen, leading to financial loss or damage to the organisation's reputation.

Why it matters

If staff are not advised, overseas travel with mobiles can cause compromise, data loss, fraud costs and reputational harm.

Operational notes

Brief travellers on overseas mobile risks: border searches, hostile Wi‑Fi/charging, local laws, and how to reduce data on devices.

Implementation tips

  • HR should provide a training session for all staff members who travel overseas. This training should cover potential security threats, ways devices can be hacked, and methods to protect them, like using strong passwords and avoiding public Wi-Fi networks.
  • IT teams need to prepare a 'travel kit' for mobile devices. This could include installing security apps, configuring devices with remote wipe capability, and ensuring that encryption is enabled. They should also inform staff about using virtual private networks (VPNs) to secure connections.
  • Managers should remind their travelling staff to conduct pre-trip security checks on their mobile devices. This involves updating the device software, backing up important data, and reviewing what sensitive information is stored on the device.
  • The organisation's security officer must develop clear policies for mobile usage abroad that align with guidance from the Australian Cyber Security Centre (ACSC). This includes advising against connecting to unknown networks and guidelines for reporting lost or stolen devices.
  • Procurement teams should ensure that all company-issued mobile devices are purchased with robust built-in security features. This serves as the first line of defence against potential breaches while these devices are abroad.

Audit / evidence tips

  • Ask: evidence of staff training sessions on mobile security

    Good: shows comprehensive training that was attended by all relevant staff before overseas travel

  • Good: will align guidelines with current ACSC recommendations

  • Ask: records of pre-travel device checks

    Good: shows a systematic approach with documented procedures followed before each trip

  • Good: provides a detailed inventory, ensuring all devices have security features enabled

  • Ask: incident reports for any lost or stolen devices while overseas

    Good: includes prompt reporting and follow-up actions to secure data

Cross-framework mappings

How ISM-1298 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control Notes Details
Partially meets (1)
Annex A 6.3 ISM-1298 requires that personnel are advised of privacy and security risks when travelling overseas with mobile devices

Mapping detail

Mapping

Direction

Controls