Record All Data Imports and Exports
Keep logs to track every time data is transferred into or out of the system.
Plain language
This control is about making sure you keep records every time data moves into or out of your system. It's important because without these logs, you might not notice if sensitive information is taken or something goes wrong during a transfer. Keeping good records helps protect your business from data breaches and ensures accountability.
Framework
ASD Information Security Manual (ISM)
Control effect
Detective
Classifications
NC, OS, P, S, TS
ISM last updated
July 2020
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for data transfersSection
Data transfersOfficial control statement
Data transfer logs are used to record all data imports and exports from systems.
Why it matters
Without data transfer logs for all imports/exports, unauthorised transfers can go undetected, delaying incident response and increasing the impact of data breaches.
Operational notes
Record all imports/exports with timestamp, user, source/destination and data set; regularly review logs for anomalies and retain/protect logs to support investigations.
Implementation tips
- The IT team should implement a logging system: They should set up a tool or software that automatically records each data transfer. This can be done by configuring the system to log details like the time of transfer, type of data, and who accessed it.
- Managers should conduct regular reviews of the logs: They should set aside time once a month to review the data transfer logs. This involves checking for any unusual or unexpected transfers and following up on them.
- System owners need to establish a clear data transfer policy: They should define what constitutes an authorised data transfer and communicate this to all staff. This can be done through a policy document and team meetings.
- The IT team should ensure logs are securely stored: They should use secure digital storage to prevent tampering or loss of these logs. This can involve encryption and access controls to ensure only authorised personnel can view them.
- Senior management should allocate resources for log analysis tools: They should budget for tools that help summarise and analyse the log data to identify patterns or potential security issues. This could be incorporated into the annual IT budget planning.
Audit / evidence tips
-
Askdata transfer logs for the past six months: Request to see records of data imports and exports recorded by the system
Goodwould show comprehensive logs with no large gaps
-
Askthe data transfer policy document: Request to see the policy that outlines how data transfers should be handled
Goodwill have a dated policy with management approval
-
Askmeeting notes from monthly log reviews: Request notes or records from meetings where logs were reviewed
Goodwill include documented follow-up on suspicious activities
-
Askproof of log storage security measures: Request evidence of encryption and access controls on stored logs
Goodwill include technical details showing these measures are in place
-
Askevidence of log analysis tool usage: Request reports or summaries produced by log analysis tools
Goodwill include recent reports with analysis of data transfer patterns and anomalies
Cross-framework mappings
How ISM-1586 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.15 | ISM-1586 requires data transfer logs to record all data imports and exports, aligning with Annex A 8.15's broader requirement to produce,... | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 5.33 | ISM-1586 mandates keeping logs to record all imports and exports of data, which ensures evidentiary records of transfers | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.