Quarantine Data Failing Security Checks During Manual Export
Data failing security checks during manual export is quarantined until reviewed for approval.
Plain language
When you manually move data from one place to another, it's important to make sure that any data not meeting security checks is put aside, or 'quarantined', until someone can review it. This process matters because if unchecked data gets out, it could lead to a leak of sensitive information, harming your business or client relationships.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
When manually exporting data from systems, all data that fails security checks is quarantined until reviewed and subsequently approved or not approved for release.
Why it matters
If data failing export security checks is not quarantined, sensitive data may be released, causing breaches and reputational damage.
Operational notes
During manual exports, automatically quarantine files that fail security checks and review/approve or reject release within defined timeframes.
Implementation tips
- The IT team should create a process for handling data exports. They can start by setting up a secure folder where any data that doesn't pass security checks is automatically stored until further review.
- A manager should assign a trained staff member to regularly review quarantined data. This person should have a checklist to ensure every piece of data is reviewed for security risks before deciding if it can be safely shared or needs more attention.
- System owners need to coordinate with their security officer to set up automated alerts that notify the right people when data is quarantined. This ensures timely review and prevents data from sitting unreviewed for too long.
- The compliance officer should develop clear guidelines for what types of data should be quarantined. These guidelines can be based on government regulations or industry standards and should be communicated clearly to all staff involved in data exports.
- HR should organise regular training sessions for staff involved in data handling. These sessions should cover how to recognise when data needs to be quarantined and the steps to take when this happens.
Audit / evidence tips
-
Askthe data quarantine log: This should be a record of all data that has been quarantined due to security check failures
Goodis a complete and up-to-date log showing regular reviews and timely decisions
-
Askdocumentation of the data review process: Inspect the process to see if it includes steps for evaluating quarantined data. Good documentation will have clear steps with designated responsible persons
-
Goodsecurity measure will list who accessed the data and have limited access permissions
Cross-framework mappings
How ISM-1779 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 5.14 | ISM-1779 requires quarantining data that fails security checks during manual export until it is reviewed and approved for release | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.