One-Month Notice for Service Termination
Service contracts require a one-month notice before a provider can stop services.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Nov 2022
✏️ Control Stack last updated
19 Mar 2026
🎯 E8 maturity levels
N/A
A minimum notification period of one month for the cessation of any services by a service provider is documented in contractual arrangements with service providers.
Source: ASD Information Security Manual (ISM)
Plain language
When you have a contract with a service provider, this control ensures that if they plan to stop providing their services, they must give you at least one month's notice. This is crucial because unexpected service stoppage can disrupt your business operations, leading to financial loss and potential harm to your reputation.
Why it matters
If contracts lack a documented one‑month termination notice, services may stop abruptly, disrupting operations and causing unplanned cost and reputational damage.
Operational notes
Include a documented minimum one‑month cessation notice clause in each provider contract, and review contracts periodically to confirm it remains in force.
Implementation tips
- Business owners should verify that all new contracts include a clause requiring a one-month notice period before services can be terminated. This can be done by reading through the contract thoroughly and confirming this term is clearly stated.
- Procurement officers should work with legal advisors to align new service agreements with this requirement. They should review the contracts before signing to ensure the termination clause is included and correctly worded.
- IT managers should document all critical services their organisation relies on and ensure each has a one-month termination clause in the service agreements. This involves creating a checklist for reviewing contracts of each service provider.
- Office managers should maintain a calendar of contract renewal and termination dates to track when notices should be sent or received. Setting reminders a month before critical dates can help ensure compliance with this requirement.
- Executives should communicate with their teams regularly to discuss any upcoming service terminations and manage any transition smoothly. Holding monthly review meetings to discuss current contracts and potential impacts helps to keep everyone informed.
Audit / evidence tips
-
Ask: a copy of the standard service agreement template
Good: includes a clear statement requiring a minimum one-month notice for termination
-
Good: shows all contracts having this clause properly documented
-
Ask: evidence of any recent service terminations
Good: includes documentation showing at least one month's notice was provided
-
Good: shows these details were actively negotiated and agreed on in writing
-
Ask: the organisation’s contract management process documentation
Good: shows clear procedures for reviewing and approving service terminations according to contract terms
Cross-framework mappings
How ISM-1575 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially meets (2) | ||
| Annex A 5.19 | ISM-1575 requires a documented minimum one-month notification period for a supplier to cease services, written into service provider cont... | |
| Annex A 5.20 | ISM-1575 requires contracts with service providers to include a documented minimum one-month notice period before services can be terminated | |