Do Not View Classified Data on Mobile Devices
Avoid looking at sensitive information on your phone near connected cars.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Mar 2026
✏️ Control Stack last updated
23 Mar 2026
🎯 E8 maturity levels
N/A
Sensitive or classified data is not viewed on mobile devices within or near connected vehicles.
Source: ASD Information Security Manual (ISM)
Plain language
This rule says you shouldn't look at secret or sensitive information on your phone when you're in or close to cars that have internet connections, like some modern vehicles. This matters because if a hacker accesses a connected car, they could see sensitive information on a nearby phone, which might lead to your secrets getting out.
Why it matters
Failing to follow this rule could result in sensitive information being intercepted by hackers via connected car systems.
Operational notes
Regularly remind teams about the risks of viewing data on phones in connected vehicles to prevent complacency.
Implementation tips
- IT team should educate employees: Conduct a workshop for staff highlighting the risks of viewing sensitive data on mobile devices near connected cars. Demonstrate how connected cars can inadvertently access phone data.
- Managers should set policies: Draft clear company rules stating that sensitive data must not be accessed on phones in or near connected vehicles. Communicate these rules in employee handbooks.
- HR should include policy in onboarding: Add a segment to the new employee orientation covering policies about mobile device usage, especially about connected cars, to raise awareness from day one.
- Security team should perform checks: Conduct regular 'spot checks' where employees might access sensitive data, ensuring no mobile device usage in connected cars. Use these checks to reinforce the policy.
- IT team should provide alternatives: Ensure employees know how to connect to secure, private networks when accessing classified information. Offer guidance on secure data handling practices.
Audit / evidence tips
-
Ask: mobile usage policy documents: Request to see the company’s mobile device usage rules, specifically sections covering connected vehicles
-
Look at: employee training logs: Check if employees have completed training sessions about not accessing data on phones in connected cars
-
Ask: access logs: Request records of mobile device connections and situations where sensitive data was accessed in or near vehicles
-
Look at: meeting notes: During 'spot checks', evaluate feedback or corrective actions noted, ensuring they're targeting prohibited actions
-
Ask: onboarding materials: Ensure new hire materials include warnings about viewing data on mobile devices near connected vehicles
Cross-framework mappings
How ISM-2100 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Supports (2) | ||
| Annex A 5.12 | ISM-2100 requires that sensitive or classified data is not viewed on mobile devices within or near connected vehicles to reduce the risk ... | |
| Annex A 5.15 | ISM-2100 addresses a specific confidentiality risk by prohibiting viewing classified information on mobile devices within or near connect... | |