Mobile Device Security After Overseas Travel
Upon returning from overseas, clean your devices, reset any lost credentials, and report any security concerns.
Plain language
When you come back from a trip overseas with your phone, tablet, or any other device, it's crucial to clean them up and ensure they are secure. This matters because while travelling, your devices are more exposed to risks like hacking or theft, and this could lead to someone accessing your private information or business data.
Framework
ASD Information Security Manual (ISM)
Control effect
Responsive
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Mobile device usageOfficial control statement
Upon returning from travelling overseas with mobile devices, personnel take the following actions: - sanitise and reset mobile devices, including all removable media - decommission any credentials that left their possession during their travel - report if significant doubt exists as to the integrity of any mobile devices or removable media.
Why it matters
If devices and removable media aren’t reset after overseas travel, malware may persist, enabling data compromise and unauthorised access.
Operational notes
After overseas travel, wipe/sanitise and reset mobiles and removable media, revoke any credentials that left your possession, and report integrity concerns.
Implementation tips
- IT staff should sanitise devices upon return from overseas. This involves wiping and reinstalling the device's operating system and applications to ensure any potentially harmful software picked up during travel is removed.
- Managers must ensure employees report lost or stolen devices immediately. They should create an easy procedure for reporting, which could be a simple form or a quick call to the IT team.
- HR should organise training sessions on the importance of resetting passwords for any accounts accessed on the device during travel. They can provide a checklist of accounts to consider such as email, social media, and work-related apps.
- IT staff must check removable media such as USB sticks used during travel by scanning them with antivirus software before reconnecting to office systems to ensure they are free of malware.
- System owners should work with IT to review and decommission any credentials that might have been compromised during travel. This might include changing passwords and revoking access tokens or certificates.
Audit / evidence tips
- AskTravel procedures documentation GoodIs a document with a clearly outlined process for post-travel device hygiene
- GoodIncludes training attendance records and session materials showing these topics were covered
- AskA log of reported lost or stolen devices GoodWill show a recent loss or theft was reported and handled appropriately
- GoodIs a log showing recent scans, date, and outcome for media used abroad
- AskSystem audit logs showing credential changes after travel GoodIncludes a documented trail of credential updates
Cross-framework mappings
How ISM-1300 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 5.26 | ISM-1300 requires a mandatory post-overseas-travel remediation sequence: sanitise and reset mobile devices (including removable media), d... | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 7.10 | ISM-1300 requires that after overseas travel, mobile devices and any removable media are sanitised and reset, and any credentials that le... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.