Prevent Backup Modifications During Retention
Backup administrators cannot change or delete backups until the retention period ends.
Plain language
This control means that once backups are created, no one is allowed to change or delete them until a certain amount of time has passed. This is important because if backups could be changed or erased too early, you might lose important data that you need to recover from disasters or unexpected problems.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Guideline
Guidelines for system managementSection
Data backup and restorationOfficial control statement
Backup administrator accounts are prevented from modifying and deleting backups during their retention period.
Why it matters
Backup modifications during retention risk data loss, undermining recovery efforts post-incident and increasing operational and reputational damage.
Operational notes
Implement immutability for backups to prevent changes. Scheduled audits ensure backup integrity and the effectiveness of role-based restrictions.
Implementation tips
- IT manager should create clear policies: The IT manager should develop and implement policies that specify how and when backups can be accessed and modified. This can be done by creating a set of rules that are communicated clearly to all staff involved in backup processes.
- Backup administrator should set up restrictions: The backup administrator should configure the backup systems to automatically block any modifications or deletions until after the retention period. This might involve using built-in features of backup software that enforce this protection.
- Business owner should engage with IT suppliers: The business owner should ensure that any outsourced IT services or cloud providers are aware of your retention policies and have controls in place to enforce them. This could involve checking contracts and discussing how they implement retention protections.
- Finance team should budget for storage: The finance team should allocate sufficient budget to ensure storage costs are covered for the set retention period. This will involve forecasting the storage needs based on current usage and future growth.
- HR should train staff: The HR team should organize training sessions for all employees involved in handling backups. The training should cover the importance of the retention period and how they can help maintain these policies.
Audit / evidence tips
-
Askthe backup policy document: Request the official organisation policy document that explains how backups are managed, including the retention period
Goodis a clearly written policy outlining retention times and prohibiting early deletion or modification
-
Aska demonstration of backup system settings: Request the backup administrator show the settings in the backup software that enforce retention periods
Goodis a system configuration that clearly prevents changes or deletions until after the designated period
-
Askcommunication logs with IT suppliers: Request any logs or communications confirming that IT suppliers understand and enforce your backup retention policies
Goodis documentation showing supplier acknowledgement and compliance with the retention policy
-
Askstorage invoices and budget forecasts: Request financial records showing budget allocations for backup storage that account for full retention periods
Goodshows a match between budgeted funds and expected storage costs over retention periods
-
Askstaff training records: Request the training materials and attendance records for staff involved in the backup process
Goodincludes detailed training programs with signed attendance sheets indicating who was trained and when
Cross-framework mappings
How ISM-1708 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (2) expand_less | ||
| E8-RB-ML1.6 | E8-RB-ML1.6 requires that unprivileged accounts are prevented from modifying and deleting backups | |
| E8-RB-ML2.2 | E8-RB-ML2.2 requires that privileged accounts (excluding backup administrator accounts) cannot modify or delete backups | |
| handshake Supports (1) expand_less | ||
| E8-RB-ML3.2 | ISM-1708 requires that backup administrator accounts are prevented from modifying or deleting backups during their retention period | |
| link Related (1) expand_less | ||
| E8-RB-ML3.3 | ISM-1708 requires that backup administrator accounts are prevented from modifying or deleting backups during their retention period | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.