Skip to content
Control Stack logo Control Stack
ISM-1614 ASD Information Security Manual (ISM)

Manage Emergency Account Access Changes

Change break glass account passwords after emergency access.

Responsive Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security ManualGuidelines for personnel securityaccess controlcredentials

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Responsive

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

July 2020

✏️ Control Stack last updated

19 Mar 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for personnel security

Section

Access to systems and their resources

Topic

Emergency Access to Systems
Official control statement
Break glass account credentials are changed by the account custodian after they are accessed by any other party.

Source: ASD Information Security Manual (ISM)

Plain language

In a nutshell, this control is about changing the passwords for special emergency accounts—called 'break glass accounts'—after they've been used by someone other than the person who normally manages them. This is crucial because if passwords aren't updated, it leaves the door open for potential misuse or unauthorised access to sensitive systems, which could lead to data breaches or disruptions.

Why it matters

Without changing break glass credentials after use, prior holders can re-enter systems, increasing the chance of unauthorised access, breaches and disruption.

Operational notes

After any break glass use, the account custodian must reset the password immediately, record the change in logs/tickets, and confirm access is returned to a known state.

Implementation tips

  • The IT team should identify all break glass accounts within the organisation. This involves creating a list of these accounts and ensuring they are only used in genuine emergencies. Clarify which systems they provide access to and who is authorised to use them.
  • Managers should designate a custodian for each break glass account. This custodian is the go-to person responsible for changing the account's password after every emergency use. Assign someone reliable and ensure they understand their role and responsibilities.
  • The custodian should change the password immediately after an emergency access event. This involves logging into the system, updating the credential, and securely storing the new password. Make sure no other activity is conducted until the password change is confirmed.
  • The IT team should establish a secure procedure for recording when break glass accounts are used. This could be done through a logbook or digital tracking system that records the date, time, and reason for access.
  • Staff training is crucial: Managers should organise regular training sessions for staff to understand when and how break glass accounts should be used and the importance of changing passwords afterwards. Training should include how to recognise a genuine emergency.

Audit / evidence tips

  • Ask: the log of emergency access events: Request to see records that show when break glass accounts have been used

    Good: is a clear and detailed log showing proper documentation of each instance

  • Ask: evidence of password changes: Check the records for confirmations of password updates after each emergency use

    Good: is timely evidence showing passwords were promptly changed post-access

  • Ask: a list of all break glass accounts: Request a current list of all such accounts maintained by the organisation

    Good: is a comprehensive list with up-to-date information

  • Ask: about staff training records: Request documentation of any training sessions held for staff about using break glass accounts

    Good: is records showing regular training sessions with relevant staff attendance

  • Ask: a procedure document: Request the formal procedure for managing break glass accounts

    Good: includes clear steps for maintaining security and evidence of regular procedure reviews

Cross-framework mappings

How ISM-1614 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control Notes Details
Partially meets (1)
Annex A 5.17 ISM-1614 entails changing break glass credentials after emergency access by another party
Partially overlaps (1)
Annex A 8.2 ISM-1614 mandates changing break glass credentials after emergency access to mitigate credential exposure risk

E8

Control Notes Details
Partially overlaps (1)
E8-RA-ML2.5 ISM-1614 requires break glass account credentials to be changed by the account custodian after emergency access by any other party
Supports (1)
E8-RA-ML2.7 ISM-1614 requires break glass account credentials to be changed after they are accessed by another party

Mapping detail

Mapping

Direction

Controls