Restrict Unapproved AI Access on Personal Devices
Do not let AI tools access sensitive systems on personal devices without approval.
Plain language
This control is about making sure AI tools don't get into sensitive systems on personal devices without a thumbs-up first. If we skip this, confidential business info might leak or get hacked, which could cost us time, money, and trust.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
OS, P
ISM last updated
Mar 2026
Control Stack last updated
24 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Enterprise mobilityOfficial control statement
Personnel using privately-owned mobile devices or desktop computers to access OFFICIAL: Sensitive or PROTECTED systems or data are disallowed from granting access to unapproved artificial intelligence agents.
Why it matters
Without controlled AI access, personal devices could expose sensitive data, leading to leaks, financial loss, and reputational damage.
Operational notes
Regularly update the AI access policy and conduct refresher training. Ensure logs and approved tool lists are consistently reviewed and maintained.
Implementation tips
- Managers should create a clear policy: Develop a simple guideline that explains when and how AI tools can be accessed. Discuss this policy at team meetings to ensure everyone understands the rules.
- IT teams should evaluate AI tools: Identify which AI applications are used on staff devices and assess their security implications. Use a collaborative platform to document and share findings with relevant stakeholders.
- HR should train all staff: Organise regular training sessions focusing on the new AI access policy and the reasons behind it. Include interactive elements like quizzes to bolster understanding and engagement.
- System owners should monitor access: Regularly review logs to ensure no unauthorised AI access occurs. Set up alerts for suspicious activities that deviate from usual access patterns.
- Procurement teams should vet AI solutions: Ensure any AI tool being used undergoes a security assessment before purchase. Incorporate a checkbox for security approval in the procurement process.
Audit / evidence tips
- Askthe AI access policy document: Request the written policy that outlines how AI tools can be accessed on personal devices Look atclear guidelines and an approval process Gooda regularly updated policy with evidence of management endorsement
- Asktraining records: Request documentation of staff training sessions about AI access Look atattendance lists and training content summaries Goodregularly conducted sessions covering policy details with engaged staff participation
- AskAI access logs: Request logs showing access history by AI tools on personal devices Look atentries showing approved and unapproved access attempts Goodlogs demonstrate all AI access attempts are either documented or blocked
- Askapproved AI tools list: Request a documented list of AI tools that staff are allowed to use Look atevidence of security assessments and approvals Goodan up-to-date list showing tools with passed security assessments
- Askprocurement approval records: Request records showing AI tools were subject to security review before purchase Look atevidence of approval in purchasing files Goodprocurement records clearly showing tools passed security checks before buying
Cross-framework mappings
How ISM-2095 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (3) expand_less | ||
| Annex A 5.15 | ISM-2095 prohibits personnel from granting unapproved AI agents access when using privately-owned devices to access OFFICIAL: Sensitive o... | |
| Annex A 5.18 | ISM-2095 requires that unapproved AI agents are not granted access to sensitive/protected systems or data from privately-owned devices | |
| Annex A 8.3 | ISM-2095 restricts granting unapproved AI agents access to OFFICIAL: Sensitive or PROTECTED systems or data when accessed via privately-o... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.