Record All Data Imports and Exports
Keep logs to track every time data is transferred into or out of the system.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Detective
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
July 2020
✏️ Control Stack last updated
19 Mar 2026
🎯 E8 maturity levels
N/A
Guideline
Guidelines for data transfersSection
Data transfersData transfer logs are used to record all data imports and exports from systems.
Source: ASD Information Security Manual (ISM)
Plain language
This control is about making sure you keep records every time data moves into or out of your system. It's important because without these logs, you might not notice if sensitive information is taken or something goes wrong during a transfer. Keeping good records helps protect your business from data breaches and ensures accountability.
Why it matters
Without data transfer logs for all imports/exports, unauthorised transfers can go undetected, delaying incident response and increasing the impact of data breaches.
Operational notes
Record all imports/exports with timestamp, user, source/destination and data set; regularly review logs for anomalies and retain/protect logs to support investigations.
Implementation tips
- The IT team should implement a logging system: They should set up a tool or software that automatically records each data transfer. This can be done by configuring the system to log details like the time of transfer, type of data, and who accessed it.
- Managers should conduct regular reviews of the logs: They should set aside time once a month to review the data transfer logs. This involves checking for any unusual or unexpected transfers and following up on them.
- System owners need to establish a clear data transfer policy: They should define what constitutes an authorised data transfer and communicate this to all staff. This can be done through a policy document and team meetings.
- The IT team should ensure logs are securely stored: They should use secure digital storage to prevent tampering or loss of these logs. This can involve encryption and access controls to ensure only authorised personnel can view them.
- Senior management should allocate resources for log analysis tools: They should budget for tools that help summarise and analyse the log data to identify patterns or potential security issues. This could be incorporated into the annual IT budget planning.
Audit / evidence tips
-
Ask: data transfer logs for the past six months: Request to see records of data imports and exports recorded by the system
Good: would show comprehensive logs with no large gaps
-
Ask: the data transfer policy document: Request to see the policy that outlines how data transfers should be handled
Good: will have a dated policy with management approval
-
Ask: meeting notes from monthly log reviews: Request notes or records from meetings where logs were reviewed
Good: will include documented follow-up on suspicious activities
-
Ask: proof of log storage security measures: Request evidence of encryption and access controls on stored logs
Good: will include technical details showing these measures are in place
-
Ask: evidence of log analysis tool usage: Request reports or summaries produced by log analysis tools
Good: will include recent reports with analysis of data transfer patterns and anomalies
Cross-framework mappings
How ISM-1586 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| Annex A 8.15 | ISM-1586 requires data transfer logs to record all data imports and exports, aligning with Annex A 8.15's broader requirement to produce,... | |
| Partially overlaps (1) | ||
| Annex A 5.33 | ISM-1586 mandates keeping logs to record all imports and exports of data, which ensures evidentiary records of transfers | |