Prepare Mobile Devices Before Overseas Travel
Before travelling overseas, ensure mobile devices are recorded, updated, reduced to essentials, and backed up to safeguard data.
Plain language
Before you travel overseas, it's important to prepare your mobile devices to protect the information on them. This preparation involves recording key details about your devices, updating them, only keeping necessary data, and backing up everything important. If you skip these steps, you risk losing valuable data or having it compromised, which can be inconvenient and damaging to your personal or business security.
Framework
ASD Information Security Manual (ISM)
Control effect
Proactive
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Mobile device usageOfficial control statement
Before travelling overseas with mobile devices, personnel take the following actions: - record all details of the mobile devices being taken, such as product types, serial numbers and International Mobile Equipment Identity numbers - update all operating systems and applications - remove all non-essential data, applications and user accounts - backup all remaining data, applications and settings.
Why it matters
If devices aren’t inventoried, patched, stripped of non-essential data and backed up before overseas travel, theft or compromise can expose sensitive data and hinder recovery.
Operational notes
Keep a pre-travel checklist: record make/model, serial and IMEI; apply OS/app updates; remove non-essential apps/accounts/data; then back up remaining data and settings.
Implementation tips
- The IT team or individuals should record device details: Make a list of all the mobile devices you are taking, including their product types, serial numbers, and International Mobile Equipment Identity (IMEI) numbers. You can usually find this information on the device itself or in its settings menu.
- The IT team should ensure that all mobile devices are updated: Check that the operating systems and all apps on your devices are updated to their latest versions. This usually involves going to the settings on your device and selecting 'update' or allowing automatic updates to ensure you have the latest security patches.
- The user should remove non-essential data and apps: Go through your devices and delete any apps or data you won't need while traveling. This can help protect your information by limiting exposure if your device is lost or stolen. Be sure to remove old accounts that are no longer in use.
- The IT team or users should perform a backup of devices: Use cloud services or an external hard drive to back up all important data, apps, and settings. Most smartphones have a built-in option to create backups, which can be found in the phone's settings.
- Managers should have a checklist for employees’ device preparation: Create a checklist to ensure all steps are followed before anyone travels. This checklist should include recording device details, updating systems, removing unnecessary items, and performing backups, making sure to check off each step before traveling.
Audit / evidence tips
-
Askthe recorded list of mobile devices: Request to see the document or file where device details including product types, serial numbers, and IMEI numbers are stored
Goodshows a comprehensive, up-to-date list
-
Askthe update log of devices: Request evidence that all devices have been updated, such as system logs or status reports
-
Aska list of deleted apps and data: Request documentation or a checklist showing what non-essential data or apps have been removed from the devices. Look whether unnecessary apps and user accounts were indeed removed. Good evidence contains a list with corresponding actions and dates
-
Askbackup verification: Request proof that all the data was backed up before travel, like a screenshot of the backup settings or confirmation email. Look to see if backups cover all data, apps, and settings
Goodwould include backup details, dates, and a quick way to restore data if needed
-
Askevidence of the pre-travel checklist: Request to see the filled-out checklist used for ensuring devices were properly set up before travel. Look to see if each step was checked off with a person's initials and date
Goodhas a signed and dated checklist with all items verified as completed
Cross-framework mappings
How ISM-1555 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.13 | ISM-1555 requires personnel to back up remaining data, applications, and settings before taking mobile devices overseas, as part of a bro... | |
E8
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (3) expand_less | ||
| E8-RB-ML1.1 | ISM-1555 requires personnel to prepare mobile devices for overseas travel by recording device details, updating software, removing non-es... | |
| E8-RB-ML1.2 | ISM-1555 requires mobile devices to be backed up prior to overseas travel alongside updating and data minimisation steps | |
| E8-RB-ML1.4 | ISM-1555 requires creating a backup of mobile device data/applications/settings prior to overseas travel to reduce impact if the device i... | |
| handshake Supports (1) expand_less | ||
| E8-PA-ML2.2 | ISM-1555 requires updating all operating systems and applications on mobile devices before overseas travel to reduce exposure to known vu... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.