Skip to content
arrow_back
ISM-1855
search
ISM-1855 policy ASD Information Security Manual (ISM)

Central Logging of Multifunction Device Use

Uses of multifunction devices are logged centrally for tracking purposes.

Detective NC OS P ASD Information Security ManualGuidelines for communications systemsloggingaudit trail
record_voice_over

Plain language

Central logging of multifunction device use means that everything you print, scan, or copy is tracked and recorded in one place. This is important because if there's a data breach or sensitive information is mishandled, you can trace back who did what, helping to prevent potential damage to your business's reputation and security.

Framework

ASD Information Security Manual (ISM)

Control effect

Detective

Classifications

NC, OS, P, S, TS

ISM last updated

Nov 2023

Control Stack last updated

19 Mar 2026

E8 maturity levels

N/A

Guideline

Guidelines for communications systems

Section

Multifunction devices

Topic

Logging Multifunction Device Use

Official control statement

Use of MFDs for printing, scanning and copying purposes, including the capture of shadow copies of documents, are centrally logged.
policy ASD Information Security Manual (ISM) ISM-1855
priority_high

Why it matters

Without central MFD logging (print/scan/copy and shadow copies), investigating document misuse is difficult, increasing risk of undetected data leakage.

settings

Operational notes

Centrally collect MFD print/scan/copy and shadow-copy logs; review routinely and alert on spikes, after-hours use or repeated failures to spot misuse quickly.

build

Implementation tips

  • The IT team should set up a central logging system for multifunction devices (MFDs), ensuring every use of these devices is automatically recorded. They need to configure MFDs to send activity logs to a secure server where all this information is collected and can be reviewed.
  • Managers should ensure that staff are aware of the logging process by organising a briefing session. During this session, explain why logging is necessary for protecting sensitive information and how it helps in case of any security incidents.
  • Procurement officers should work with IT to choose multifunction devices that support central logging. This involves reviewing specifications and confirming the devices can send log data directly to a central system before purchasing.
  • The IT team should regularly check the logging system to make sure it is working correctly. This means verifying that data from all multifunction devices is updated in real time and no logs are missing or incomplete.
  • Security officers should have a process for reviewing logs in response to suspicious activity or security incidents. This includes setting predefined criteria for what constitutes unusual activity and a plan for investigating these issues promptly.
fact_check

Audit / evidence tips

  • AskThe logging configuration manual: Request the document that describes how the central logging system is set up for MFDs GoodIncludes clear procedures detailing what is logged and the technology used to record and store this information
  • AskA sample activity log from the central logging system GoodLog should include dates, times, user IDs, and actions taken (e.g., print, scan)
  • AskA list of MFDs with logging enabled
  • AskTo see evidence of periodic log reviews: Request records or emails showing that logs are regularly checked. Good evidence includes logs of review dates, who conducted them, and any actions taken based on findings
  • AskAny incident reports that involved MFD logs GoodWill show logs being used to trace actions back to responsible users, outlining how this helped in resolving incidents
link

Cross-framework mappings

How ISM-1855 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.

ISO 27001

Control Notes Details
layers Partially meets (1) expand_less
Annex A 8.15 ISM-1855 requires organisations to centrally log multifunction device (MFD) use for printing, scanning and copying, including capturing s...
handshake Supports (1) expand_less
Annex A 5.28 ISM-1855 requires organisations to centrally log MFD activity and retain shadow copies, producing a detailed record of who used MFD funct...

E8

Control Notes Details
handshake Supports (1) expand_less
E8-MF-ML2.7 ISM-1855 requires organisations to centrally log MFD printing, scanning and copying activity, including shadow copies of documents

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

Mapping detail

Mapping

Direction

Controls