Prevent Unauthorised User Access to Backup Data
Ensure that regular user accounts cannot view or restore their own backup files for security reasons.
Plain language
This control ensures that regular users can't access, view, or restore the backup files of their own data. This matters because if anyone could see or modify their backups, it could lead to sensitive information being accidentally shared or altered, which could harm the entire organisation by making data unreliable or exposing it to competitors.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML3
Official control statement
Unprivileged user accounts cannot access their own backups.
Why it matters
If unprivileged users can access their own backups, they could recover deleted data and exfiltrate sensitive information outside normal access controls.
Operational notes
Ensure backup repositories and restore tools are restricted to privileged roles; test that standard user accounts cannot list, read or restore their own backups.
Implementation tips
- The IT team should set up access restrictions in the backup system so that only designated administrators can view and manage backup files. They can do this by configuring user roles specifically in the backup software to prevent regular users from obtaining access.
- System administrators need to implement a policy that clearly defines who can access backups and what actions they are permitted to perform. This involves updating the company’s existing security protocols and ensuring only administrators have backup access rights.
- Managers should conduct training sessions to educate staff about why they cannot access their own backup files. This can be done through regular meetings or informational emails explaining the security reasons behind these restrictions.
- IT managers should regularly review the list of users with backup access to ensure compliance with policies. This involves checking user roles and permissions in the backup system and revoking access that is no longer necessary.
- The security team should set up alerts to notify them of any unauthorized access attempts to the backup system. This can be achieved by configuring monitoring software to log access attempts and report unusual activities immediately.
Audit / evidence tips
-
Askthe current backup access policy document: Ensure the document is up-to-date and specifies who has access and under what conditions
Goodincludes a policy document with clear roles assigned and signed approval
-
Goodshould have a limited, justified number of users with backup permissions
-
Aska demonstration of user access restrictions in the backup system: Verify that only authorised users can access the backup files
Goodis a system setup where only specific admin roles can access backups
-
Goodshows no incidents of unauthorised access or a record of prompt responses to alerts
-
Askstaff training records regarding backup access policies: Verify that regular training sessions are conducted and that employees understand why they can't access their backups
Goodincludes complete training records with dated sessions and signed attendance
Cross-framework mappings
How ISM-1813 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.3 | ISM-1813 requires that unprivileged user accounts cannot access their own backup data | |
| link Related (1) expand_less | ||
| Annex A 5.15 | Annex A 5.15 requires rules and procedures to control logical access to information assets | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (2) expand_less | ||
| E8-RB-ML1.5 | ISM-1813 requires that unprivileged user accounts cannot access their own backup data | |
| E8-RB-ML3.2 | ISM-1813 requires that unprivileged user accounts cannot access their own backup data | |
| link Related (1) expand_less | ||
| E8-RB-ML3.1 | E8-RB-ML3.1 requires that unprivileged accounts cannot access their own backups | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.