Register Photographic Devices in Secure Areas
Keep a regularly updated list of authorised photo and video devices in high-security areas.
Plain language
In high-security areas, it's crucial to know exactly which cameras or recording devices are in use and who authorised them. This matters because unauthorised devices could secretly record sensitive information, leading to serious security breaches.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
S, TS
ISM last updated
Aug 2025
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for physical securitySection
Facilities and systemsOfficial control statement
An authorised photographic and video recording device register for SECRET and TOP SECRET areas is developed, implemented, maintained and verified on a regular basis.
Why it matters
Without a verified register of authorised photographic/video devices in SECRET/TOP SECRET areas, sensitive material may be captured, exfiltrated or leaked.
Operational notes
Maintain and regularly verify the register for SECRET/TOP SECRET areas, reconciling approved devices and authorised users; investigate and remove any unregistered devices.
Implementation tips
- Facility managers should create a list of authorised devices: Write a documented register listing all permitted photographic and video recording devices allowed in high-security areas, including device types and serial numbers.
- Security team members must routinely check devices: Schedule regular inspections to ensure only listed devices are present in secure areas by comparing physical devices to the register.
- Management should verify the register: Conduct meetings quarterly to review and update the authorised devices list, ensuring any changes are documented and authorised correctly.
- HR should educate staff on device rules: Provide training sessions to all employees working in high-security areas about device policies, explaining the importance and procedure for getting device approvals.
- IT support should assist with device logging systems: Set up a simple database or spreadsheet to digitally record each authorised device and its details, ensuring that the register is easy to update and access.
Audit / evidence tips
- AskThe photographic devices register: Request the latest authorised device list for high-security areas GoodRegister will be regularly updated, showing clear authorisation for each device
- AskInspection records: Request logs of recent inspections where devices were checked against the register GoodSystem will have frequent inspections with minimal or resolved issues
- AskTo see authorisation records: Request documents or emails showing device approval by management GoodRecord will include specific device details and approval dates
- AskStaff training records: Request records of training sessions on device rules GoodSystem will show regular sessions with wide employee participation
- AskTo access the digital device register: Request to view the digital recording of authorised devices GoodSystem will be comprehensive, current, and user-friendly
Cross-framework mappings
How ISM-2069 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| link Related (1) expand_less | ||
| Annex A 7.6 | Annex A 7.6 requires the design and implementation of security measures that control and protect work within secure areas | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.