ISO 27001 A.7.12: Cabling security
What This Control Requires
Cables carrying power or data or supporting information services shall be protected from interception, interference, or damage.
In Plain Language
Cables are the physical nervous system of your IT infrastructure, and they are easy to overlook. A network cable running through a public corridor can be tapped. Power and data cables bundled together cause electromagnetic interference. An unlocked patch panel in a shared space lets anyone plug in a rogue device. Data cables carrying unencrypted traffic are especially vulnerable if they pass through areas that are not physically secured. Copper cables are easier to tap than fibre optic, but neither is immune. Power cables can introduce interference that degrades the signal quality to sensitive equipment. The protections here are straightforward: route cables through secure areas, physically protect exposed runs, keep power and data cables separated, and use fibre or encrypted links where cables have to cross high-risk zones. It is not glamorous work, but an auditor who finds unsecured cabling in accessible areas will flag it.
How to Implement
Create cable management standards that cover routing, protection, separation, and documentation. For data cables: route through secure areas wherever possible, avoiding public spaces and areas accessible to unauthorised people. Use enclosed cable trays, conduits, or raised floors. Where cables must pass through unsecured areas, put them in locked conduits and consider fibre optic or encrypted links instead of plain copper. Keep cables away from sources of electromagnetic interference. For power cables: separate them from data cables to prevent interference. Use the right cable gauges and specs for the power load. Install surge protectors and power conditioning at the equipment end. Route cables to avoid tripping hazards and damage. Label power cables clearly so maintenance teams can identify what is what. For critical or sensitive environments: use fibre optic cables - they resist electromagnetic interference and are harder to tap. Encrypt data traversing cables in unsecured areas. Consider port locks or seals on patch panels in shared or accessible locations. For very high-security environments, pressurised cable conduits that detect breaches are an option. Document your cable infrastructure. Create cable route diagrams showing where critical cables run. Label cables at both ends. Record cable types, specifications, and installation dates. Keep patch panel records up to date with current port assignments. Inspect the cable infrastructure periodically. Look for unauthorised connections or tapping devices. Verify cable integrity and routing. Check conduits and trays for damage. Confirm power and data cables are properly separated. Update documentation whenever anything changes.
Evidence Your Auditor Will Request
- Cable management standards and routing documentation
- Cable route diagrams for critical infrastructure
- Patch panel documentation and port assignment records
- Cable inspection records showing periodic verification
- Evidence of power and data cable separation in installations
Common Mistakes
- No cable management standards or documentation of cable routes
- Cables run through unsecured areas without protection or encryption
- Power and data cables are bundled together causing interference
- Patch panels in shared areas are not secured against unauthorized access
- Cable documentation is outdated and does not reflect current installations
Related Controls Across Frameworks
Frequently Asked Questions
Is fiber optic cabling more secure than copper?
How should we secure network patch panels?
Track ISO 27001 compliance in one place
AuditFront helps you manage every ISO 27001 control, collect evidence, and stay audit-ready.
Start Free Assessment