Requirement
Requirement lens
This control asks whether power, data, and supporting service cables are protected from interception, interference, and damage.
“Cables carrying power, data or supporting information services shall be protected from interception, interference or damage.”
Plain-language meaning
Cables are part of the information processing environment. If they are badly routed, unprotected, mixed incorrectly, poorly labelled, or accessible to unauthorized people, they can cause outages, interference, safety issues, interception, or tampering.
Why this matters
Weak cabling can create availability, integrity, confidentiality, and safety risks. Loose cables can be damaged or disconnected. Unclear labels can lead to incorrect connections. Power and data in the same conduit can create interference. Exposed communications cables can be tapped or damaged.
Implementation guidance
Implementer focus
Treat cabling as infrastructure that needs design, documentation, protection, labelling, and inspection.
1. Protect cables from physical damage
Controls may include:
- proper cable trays, conduits, trunking, or raised-floor routing;
- avoiding loose cables on floors or walls;
- strain relief for connectors;
- protection against pulling, crushing, bending, water, heat, and pests;
- secure routing through controlled areas;
- regular inspection of cable condition.
2. Protect cables from interference
Power and data cables should be routed and segregated where required to reduce interference.
Examples:
| Situation | Risk | Control |
|---|---|---|
| Power and data in same conduit | Interference affecting data | Segregated conduits/routes |
| Industrial environment | Electrical noise or damage | Shielding, separation, specialist installation |
| Loose patch cables | Disconnection or inaccurate connection | Cable management and labelling |
3. Protect cables from interception and tampering
Where communications cables carry sensitive or critical information, consider:
- locked equipment rooms;
- locked communications boxes;
- protected conduits;
- controlled access to patch panels;
- tamper-evident inspection;
- encryption for sensitive transmissions;
- provider discussions for external junction boxes or street cabinets.
4. Maintain cabling documentation
Documentation should show power and communications routes, patching, labels, colour coding, cabinets, rooms, and external provider handoff points.
Audit guidance
Auditor focus
Walk the cable routes. Documentation is useful, but the audit finding often comes from exposed, loose, unlabelled, or poorly segregated cables.
Auditors should verify:
- cabling is properly routed and protected;
- connectors are protected from damage;
- power and data cabling are segregated where required;
- cables are labelled or colour-coded;
- network cabling between rooms, floors, or buildings is protected;
- patch panels and communications cabinets are locked where needed;
- external telecommunications junctions are considered in risk assessment;
- encryption or other transmission controls are used where interception risk justifies them.
Evidence examples
Evidence quality
Strong evidence combines cabling diagrams, labelling, controlled access, inspection records, and walkthrough confirmation.
| Evidence | What it proves |
|---|---|
| Cabling diagrams | Routes and weak points are known |
| Cable labelling/colour coding standard | Connections are controlled |
| Cabling inspection checklist | Physical condition is reviewed |
| Locked cabinet/access records | Patch panels and terminations are protected |
| Risk assessment for exposed/external routes | Interception and tampering risks are considered |
| Provider correspondence | External telecoms risks are addressed |
Strong evidence
- Cable routes are documented and match the site.
- Power and data segregation is implemented where needed.
- Patch panels and communications rooms are access-controlled.
- Exposed or external cable routes are risk-assessed.
- Inspection records identify and correct poor routing or damage.
Weak evidence
- Loose cables run across floors or walls.
- Patch panels are unlocked or unlabelled.
- Cable diagrams are missing or stale.
- Power and data cables are mixed without assessment.
- External junction boxes are ignored.
- Encryption is assumed to compensate for physical exposure without risk analysis.
Common failures
Implementation watchouts
Cabling security fails when cabling is treated as a one-time installation task and never inspected again.
| Failure | Why it matters |
|---|---|
| Unprotected loose cabling | Damage, outage, and safety incidents |
| Poor labelling | Incorrect connections and slow fault tracing |
| Unlocked patch panels | Tampering, unauthorized connections, interception |
| Power/data interference | Loss of integrity or availability |
| Unassessed external junctions | Provider infrastructure becomes a weak point |
| No cable-route documentation | Faults and weak points are hard to find |
Exam traps
Exam focus
A.7.12 is not just tidy cabling. It protects power and data cabling against interception, interference, and damage.
| Trap | Correct interpretation |
|---|---|
| Cabling is only an availability issue | Interception and tampering can affect confidentiality and integrity |
| Labels are cosmetic | Labelling reduces incorrect connections and fault-tracing failures |
| Encryption replaces physical cabling protection | Encryption can help, but physical protection and routing still matter |
| External provider junctions are out of scope | They should be considered where they create risk |
| Power and data can always share routes | Segregation may be needed to avoid interference |
Related controls and concepts
- A.7 Physical Controls MOC
- A.7.1 Physical Security Perimeters
- A.7.3 Securing Offices Rooms and Facilities
- A.7.8 Equipment Siting and Protection
- A.7.11 Supporting Utilities
- Risk Assessment
- Cabling Route and Protection Register
- Cabling Inspection Checklist
- A.7.12 Audit Evidence Pack
- A.7.12 Audit Checklist
KB-ready summary
Mentor takeaway
A.7.12 protects the physical paths that power and data rely on. Good evidence shows routed, labelled, protected, segregated, and inspected cabling.
- Protect cabling from physical damage.
- Segregate power and data where interference is plausible.
- Lock and control patch panels and terminations.
- Document cable routes and labels.
- Consider external telecoms weak points.
Templates and checklists
- Iso27001
- Iso27002
- Annex a
- Physical controls
- Cabling
- Audit
Note Metadata
Aliases: A.7.12, Cabling Security
Source: 04 Annex A Physical Controls/A.7.12 Cabling Security.md
Control dependency map
How this control connects to work products
Generated from the static research graph. It shows navigation and evidence dependencies; it is not an audit conclusion.
10
links
Requirement context
Primary control text, framework notes, or adjacent controls this note points to.
Implementation artifacts
Templates and working records that help operate the control.
Evidence required
Evidence packs and proof records that support auditability.
Audit checks
Audit questions, checklists, or review material connected to the control.
Risk treatment
Risk records and ISO 27005 material this control mitigates or supports.
Graph-sourced resources
Templates and evidence
Implementer templates
Working artifacts for control owners and operators.
Auditor evidence packs
Evidence collections and audit-facing verification material.
Risk treatment artifacts
Risk records, mappings, and treatment-supporting references.
Related Notes
- Risk Assessment
- ISO 27001 A.7.1 - Physical Security Perimeters
- ISO 27001 A.7.11 - Supporting Utilities
- ISO 27001 A.7.3 - Securing Offices, Rooms and Facilities
- ISO 27001 A.7.8 - Equipment Siting and Protection
- A.7 Physical Controls MOC
- A.7.12 Audit Evidence Pack
- AQ-ISO27001-A.7.12 Cabling Security
- A.7 Physical Controls Implementation Guide
- A.7 Physical Controls Audit Guide
- ISO27001-A.7.12 Cabling Security
- A.7 Physical Controls Implementation Audit Risk Mapping
- EXAM-026 - Cabling, Maintenance, and Equipment Disposal
- ISO 27002 Annex A Control Interpretation Map
- A.7.12 Audit Checklist
- Cabling Inspection Checklist
- Cabling Route and Protection Register
- Annex A Controls MOC