Ensuring Data Backup Synchronisation
Backups should be in sync to restore everything to the same time point when needed.
Plain language
This control is about making sure your organisation's data backups happen at the same time, so if you ever need to restore your data, everything comes back together just as it was on a certain day and time. It’s important because if backups aren't synced, you might end up with a mishmash of old and new data, which can cause confusion or even lead to data loss.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML1, ML2, ML3
Guideline
Guidelines for system managementSection
Data backup and restorationOfficial control statement
Backups of data, applications and settings are synchronised to enable restoration to a common point in time.
Why it matters
Without synchronised backups, restoring systems can leave data and configurations out of step, causing inconsistencies and disrupting operations.
Operational notes
Confirm backup jobs complete in the same window for related systems, and run restore tests to validate point-in-time consistency.
Implementation tips
- The IT team should set up automated backup processes. Use software that supports scheduled backups to ensure data, applications, and settings are backed up simultaneously. This way, you don't have to remember to do it manually, and it reduces the chance of making mistakes.
- Managers should verify that the backup system covers all critical systems. Create a list of crucial applications and data and ensure each is included in the backup plan. Regularly review this list to accommodate any changes in your organisation's operations.
- The IT team should test the backup restoration process regularly. Set a routine to restore data from backups in a test environment to ensure everything can be recovered correctly and the data is synchronised. This ensures you know the process works before a crisis occurs.
- System owners should coordinate with the IT team to establish a backup frequency that meets business needs. Discuss how often data changes to determine if daily, weekly, or another frequency will best protect your business. Document this decision for future reference.
- Ensure stakeholders understand the backup policy. The system owner should conduct a simple information session for staff, explaining the importance of data backup, what gets backed up, and how often, so everyone is on board and understands the process.
Audit / evidence tips
-
Askthe backup policy document: Request to see the written policy that outlines the backup strategy
Goodhas complete documentation with clear details on timing and scope
-
Askthe logs from the last backup operation
Goodresult shows all components have consistent timestamps aligning with each other
-
Askto see the backup system in action
-
Askhow the IT team tests backup restorations: Inquire about the process for testing backups
-
Goodoutcome shows regular training with documented participation
Cross-framework mappings
How ISM-1810 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.13 | ISM-1810 requires backups of data, applications and settings to be synchronised so restoration can occur to a common point in time | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| E8-RB-ML1.3 | ISM-1810 requires synchronised backups to enable restoration to a common point in time across data, applications and settings | |
| extension Depends on (1) expand_less | ||
| E8-RB-ML1.4 | E8-RB-ML1.4 requires organisations to test restoring data, applications, and settings from backups to a common point in time during disas... | |
| link Related (1) expand_less | ||
| E8-RB-ML1.2 | ISM-1810 requires backups of data, applications and settings to be synchronised so restoration can occur to a common point in time | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.