Restrict Sensitive Conversations Near Vehicles
Sensitive phone calls should not be made near connected vehicles.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Mar 2026
✏️ Control Stack last updated
23 Mar 2026
🎯 E8 maturity levels
N/A
Sensitive or classified phone calls and conversations are not conducted within or near connected vehicles.
Source: ASD Information Security Manual (ISM)
Plain language
This control is about not having sensitive conversations near connected cars because they can record or transmit audio. If ignored, private information could be accidentally shared with third parties, risking privacy breaches or data leaks.
Why it matters
Without this control, sensitive conversations could be unknowingly recorded by vehicle cameras or microphones, leading to privacy breaches.
Operational notes
Consistently remind staff of the risks associated with connected vehicles. Regularly review and update employee guidance and designated safe conversation zones.
Implementation tips
- Managers should train staff about the risks of connected vehicles recording conversations. Use simple examples to ensure they understand how cars can record audio without their knowledge.
- Office managers should create safe zones for sensitive calls away from parked cars. Clearly mark these areas and communicate their purpose to the team.
- HR should incorporate guidance on avoiding sensitive conversations near vehicles into onboarding materials. Ensure all new hires receive this information in their first week.
- IT staff should maintain an up-to-date inventory of all connected vehicles used by the organisation. Regularly review this list to keep track of where sensitive conversations should be avoided.
- Security officers should work with facility managers to identify and mitigate potential risks around parking areas. Use signage or barriers to maintain an appropriate distance between cars and meeting spaces.
Audit / evidence tips
-
Ask: training records: Seek documentation showing staff have been trained about the risks of conducting conversations near connected vehicles
Look at: attendance lists or training summaries
Good: includes records showing regular sessions and high attendance
-
Look at: photos or floor plans. Good signage documentation includes clear guides and feedback data from staff
-
Ask: onboarding materials: Verify that new staff receive information about this risk during onboarding
Look at: revised induction schedules or materials. Good materials clearly define actions through practical examples
-
Look at: documents listing connected vehicles used by the organisation. Confirm the list is up-to-date and comprehensive. A complete inventory will include details like make and model, and any audio capabilities
-
Ask: security assessment records: Check for reports that show areas near connected vehicles have been assessed for audio risks
Look at: identified risk zones and mitigation actions. A strong assessment includes clear action items and implemented measures
Cross-framework mappings
How ISM-2101 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| Annex A 6.7 | ISM-2101 requires that sensitive or classified phone calls and conversations are not conducted within or near connected vehicles to mitig... | |