Restrict Backup Modifications by Privileged Users
Only backup admins can modify or delete backups; others are restricted.
Plain language
This control ensures that only backup administrators can change or delete important backup files. It's like keeping the keys to a locked safe - if everyone has access, it’s easy for someone to accidentally or intentionally delete essential files, which could lead to losing vital data or backups when they're needed most.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2, ML3
Guideline
Guidelines for system managementSection
Data backup and restorationOfficial control statement
Privileged user accounts (excluding backup administrator accounts) are prevented from modifying and deleting backups.
Why it matters
Without this control, privileged users could delete backups, risking permanent data loss and crippling business recovery efforts.
Operational notes
Regularly audit backup admin permissions to prevent unauthorised privilege escalation and protect backup integrity.
Implementation tips
- The IT manager should designate specific individuals as backup administrators. This involves formally assigning the role to responsible staff with the skills needed to manage backups securely.
- Backup administrators should set up user accounts with special permissions just for handling backups. This can be done by creating unique accounts for backup tasks that don't overlap with other duties.
- The IT team should configure systems to restrict modification permissions on backups to only these designated accounts. They can do this by adjusting file access controls or system settings to ensure only the backup accounts have these rights.
- Training personnel on recognising why only specific people should alter backups should be done by the HR team. This can be accomplished through regular workshops or informational sessions to explain the importance of this control.
- Periodic reviews by the IT team should ensure these restrictions are still effective and necessary. Set a schedule, perhaps quarterly, to check the list of authorised accounts and modify it as staff roles change.
Audit / evidence tips
-
Aska list of designated backup administrator accounts: Request the document or system setting that lists who has these roles
Gooda current and complete list matching personnel involved in backup tasks
-
Asksystem permissions settings: Request a report or screenshot showing access settings for backups
Goodpermissions granted only to backup administrators, with no excessive access to others
-
Askrole assignment documentation: Request HR or IT records showing how backup admin roles are assigned
Gooda documented and recent approval process with management approval
-
Asktraining records: Request records of training sessions or materials given to staff
Goodsessions held regularly, with attendance records and feedback
-
Askthe audit schedule: Request a document detailing when and how access reviews are performed
Gooda well-documented schedule with evidence of past compliance checks
Cross-framework mappings
How ISM-1707 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (2) expand_less | ||
| E8-RB-ML1.6 | E8-RB-ML1.6 requires that unprivileged accounts are prevented from modifying and deleting backups | |
| E8-RB-ML3.3 | ISM-1707 focuses on preventing non-backup administrators from modifying/deleting backups, whereas E8-RB-ML3.3 constrains backup administr... | |
| link Related (1) expand_less | ||
| E8-RB-ML2.2 | E8-RB-ML2.2 requires that privileged accounts (except backup administrator accounts) are prevented from modifying or deleting backups | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.