Restrict Access to User Account Backups
Only backup administrators can access backups; other privileged users cannot access backups of different accounts.
Plain language
This control ensures that only backup administrators can access user account backups, meaning other staff with special access can't view or change these backups. This is important to prevent sensitive information from being misused or stolen by someone who shouldn't have access to it.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2, ML3
Official control statement
Privileged user accounts (excluding backup administrator accounts) cannot access backups belonging to other user accounts.
Why it matters
If privileged users can access other users’ backups, sensitive data may be exposed and integrity and confidentiality compromised.
Operational notes
Regularly review backup ACLs so only backup administrator accounts can access other users’ backups; log and alert on unauthorised access attempts.
Implementation tips
- System administrators should assign specific roles: Make sure there's a designated backup administrator role and only certain staff members have access to this role. Use your system's user management features to clearly define and assign these roles.
- IT managers should set strict access controls: Develop rules so that only backup administrators can view backups. Implement this using your system's access settings, carefully assigning permissions based on roles.
- Managers should conduct routine access audits: Regularly check who has access to backups to ensure there haven't been any unauthorised changes to permissions. Use a simple spreadsheet to track changes and ensure compliance.
- Backup administrators should receive special training: Provide clear guidelines and training to backup administrators on how to manage and protect backups. Use workshops or online courses to ensure they understand their responsibilities.
- The IT team should utilise software tools: Use security software to automatically log access to backups and flag any abnormalities. Regularly review these logs to ensure only authorised individuals are accessing backups.
Audit / evidence tips
- AskThe user access documentation: Request the list of roles and permissions showing who can access backups GoodIs when only backup administrators are listed
- AskThe logs detailing who has accessed backups in the last month GoodShows consistent recorded logins from authorised personnel only
- AskTraining records of backup admins: Request certificates or attendance sheets of specific training related to backup management GoodShows all current administrators have completed training
- GoodIncludes clear records of audits and changes made to maintain correct access
- AskA demonstration of access settings: Request a live demonstration showing how permissions are set in the system GoodIs one where only backup administrators are given permission
Cross-framework mappings
How ISM-1705 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.3 | ISM-1705 requires that privileged user accounts (excluding backup administrator accounts) cannot access backups belonging to other user a... | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 5.3 | Annex A 5.3 requires segregation of duties to prevent a single role from having conflicting capabilities that enable concealment or misuse | |
| handshake Supports (1) expand_less | ||
| Annex A 8.13 | Annex A 8.13 requires backups to be maintained and regularly tested so they can be relied upon for recovery | |
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| E8-RB-ML2.2 | E8-RB-ML2.2 requires that privileged accounts (excluding backup administrator accounts) cannot modify or delete backups | |
| link Related (1) expand_less | ||
| E8-RB-ML2.1 | ISM-1705 requires that privileged user accounts (excluding backup administrator accounts) cannot access backups belonging to other user a... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.