Inspect IT Equipment Post-Maintenance for Unauthorised Changes
After maintenance, check that IT equipment is the same as it was and has no unauthorised changes.
Plain language
After your IT equipment has been fixed or worked on, you should check it over to make sure nothing has been changed without your go-ahead. This is important because unauthorised changes could lead to sensitive data leaks, system failures, or even security breaches, putting your business at risk.
Framework
ASD Information Security Manual (ISM)
Control effect
Detective
Classifications
NC, OS, P, S, TS
ISM last updated
May 2025
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Following maintenance or repair activities for IT equipment, the IT equipment is inspected to confirm it retains its approved configuration and that no unauthorised modifications have taken place.
Why it matters
If post-maintenance inspections are missed, devices may return with altered configs or added components, creating vulnerabilities, outages or data exposure.
Operational notes
After any repair/maintenance, compare device settings/firmware to the approved baseline and record results; escalate and remediate any unauthorised changes.
Implementation tips
- IT team should verify equipment state: After any maintenance, the IT team should compare the device's current settings and software against a known good configuration record. This involves checking that no new software is installed and settings haven't been altered unexpectedly.
- System owner should conduct a visual inspection: The person responsible for the system should physically check the equipment for any obvious physical signs of tampering or modification. This includes looking for broken seals or unfamiliar hardware attachments.
- Manager should confirm with service providers: If outside technicians have done the maintenance, the manager should confirm with them what work was performed. This means requesting a detailed service report from the technicians and verifying it against what was expected.
- IT team should use tools for software checks: The IT team should use security tools to scan the equipment for any unauthorised software or unusual network connections. This involves running antivirus and anti-malware scans as well as checking running processes.
- Document all inspections: The person responsible for the inspection should keep a detailed log of what was checked and any issues found. This log should include dates, findings, and steps taken to resolve any unauthorised changes.
Audit / evidence tips
- AskA maintenance report: Request a copy of the most recent maintenance report for the IT equipment GoodShows the equipment matches the pre-maintenance configuration
- AskInspection checklists: Request checklists used post-maintenance to ensure equipment integrity GoodContains detailed, dated checks with no unauthorised changes listed
- AskTo see the configuration records: Request the baseline configuration documents that detail approved settings for IT equipment GoodOutcome is that both configurations match unless planned changes were documented
- AskThe software inventory log GoodIs no discrepancies between the two lists
- AskThe log of audit trail or historical records: Request any logs showing system changes made during maintenance GoodOutcome shows that all changes align with scheduled maintenance periods
Cross-framework mappings
How ISM-1598 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.9 | ISM-1598 requires IT equipment to be inspected after maintenance or repair to confirm it still matches the approved configuration and has... | |
| sync_alt Partially overlaps (2) expand_less | ||
| Annex A 7.13 | ISM-1598 requires inspection of IT equipment after maintenance/repair to ensure integrity of the approved configuration and identify unau... | |
| Annex A 8.32 | ISM-1598 requires verifying, after maintenance, that IT equipment retains its approved configuration and has not been changed without aut... | |
| handshake Supports (1) expand_less | ||
| Annex A 8.19 | ISM-1598 requires post-maintenance inspection to confirm systems remain in their approved configuration and no unauthorised modifications... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.