Skip to content
Control Stack logo Control Stack
ISM-1626 ASD Information Security Manual (ISM)

Seek Legal Advice for Insider Threat Plans

Get legal advice when making and applying plans to handle insider threats.

Proactive Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security ManualGuidelines for cyber security incidentsregulatorycontracts and clauseshr securityprivacy

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Proactive

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

May 2024

✏️ Control Stack last updated

19 Mar 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for cyber security incidents

Section

Managing cyber security incidents

Topic

Insider Threat Mitigation Program
Official control statement
Legal advice is sought regarding the development and implementation of an insider threat mitigation program.

Source: ASD Information Security Manual (ISM)

Plain language

This control is about getting legal help when planning how to protect your business from insiders who might misuse their access to your systems and data. It's crucial because if you don't involve legal experts, you might break the law or miss crucial protections, leading to damaged reputation, legal trouble, or financial loss.

Why it matters

Without legal guidance, insider threat plans may inadvertently breach laws, resulting in costly legal issues and reputational damage.

Operational notes

Engage legal counsel to review insider threat program design, monitoring, investigations and reporting for privacy and workplace law compliance.

Implementation tips

  • Business owners should consult with a legal advisor to understand the legal requirements involved in developing an insider threat program. They can find a legal advisor through a professional legal firm or local business network and schedule a meeting to discuss potential legal considerations.
  • HR managers should work with the legal advisor to ensure that all employee agreements include clear expectations regarding data usage and behaviour. This can be done by reviewing current contracts and updating clauses related to confidentiality and data protection.
  • The IT team leader should collaborate with the legal advisor to set up a system for monitoring employee activity that complies with privacy laws. This involves identifying monitoring tools that respect privacy but detect unusual behaviour and configuring them accordingly.
  • Managers should arrange training sessions for staff that include components about legal responsibilities and data protection obligations. They can do this by integrating privacy regulations and company policies in existing training programs and making it part of the onboarding process.
  • The compliance officer should ensure that any action taken against an employee suspected of being a threat is legally sound. This involves documenting all investigative steps and having them reviewed by a legal professional before proceeding with disciplinary actions.

Audit / evidence tips

  • Ask: the legal advisor engagement records: Request the agreement or contract between the organisation and the legal advisor concerning insider threat programs

    Good: is a clear record showing ongoing legal consultation on insider threats

  • Ask: updated employee contracts: Request examples of employee contracts that include insider threat clauses

    Good: result is contracts showing these updated sections, approved by a legal advisor

  • Ask: documentation of monitoring tools used: Request the list of monitoring tools implemented to detect insider threats

    Good: includes detailed documentation reviewed by a legal professional

  • Ask: to see training materials for staff: Request copies of training materials or programs addressing legal responsibilities in data protection

    Good: outcome is comprehensive materials with legal input

  • Ask: incident response records: Request records of any investigations or actions taken against insiders

    Good: record demonstrates all steps were taken with legal oversight

Cross-framework mappings

How ISM-1626 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control Notes Details
Supports (3)
Annex A 5.1 ISM-1626 requires seeking legal advice specifically for insider threat mitigation program development and implementation
Annex A 5.31 ISM-1626 requires an organisation to seek legal advice when developing and implementing an insider threat mitigation program
Annex A 5.34 Annex A 5.34 requires identifying and meeting privacy and PII protection requirements under applicable law

Mapping detail

Mapping

Direction

Controls