Cabling Security - ISO 27001 Annex A Control

ISO 27001 Annex A 7.12

The wires running through the building need protection like the equipment they serve.

ISO 27001 Annex A 7.12 - Cabling Security

Cables tend to be invisible after installation, but they carry the power and data the operation depends on. Damage to a power cable can take down equipment as effectively as a UPS failure. Tapping into a network cable is a route to data interception that bypasses logical access controls. The control asks for cabling to be installed and maintained with these risks in mind.

For most office environments the protection is straightforward. Cables run through walls, ceiling voids and floor ducts rather than across floors where they can be damaged or accessed. Patch panels and network cabinets are in controlled rooms, locked where appropriate. Power cabling meets the relevant electrical standards. Spare cables are kept in known locations.

Higher-sensitivity environments add additional controls. Cable conduits sealed against tampering. Network cables physically separated from power cables to reduce interference. Encrypted point-to-point links where wired interception is a real concern. Inspection regimes that pick up any physical changes to the cabling routes. The strictness scales with the sensitivity of the data carried.

The most useful piece of cabling documentation is an up-to-date diagram of what runs where. When something stops working, when something needs to be added, or when there is a suspicion of interference, knowing the cabling layout saves significant investigation time. We keep the diagrams alongside the equipment register and update them whenever changes are made.

Practical Compliance Guidance

Cabling arrangements are described in the IMS1 Manual in Section 8.3 on IT equipment and section 8.5 alongside the Physical Security Policy. Cabling diagrams sit alongside the equipment register.

alphaZ document	How to use it
ISO 27001 Toolkit	The full alphaZ ISO 27001 toolkit including the IMS1 Manual, policies, procedures, registers and audit checklists.

Note - all the above files can be downloaded with an alphaZ subscription.

Frequently Asked Questions

What does adequate cable protection look like in a typical office?

Cables routed through structured cabling pathways - wall ducts, floor boxes, ceiling voids - rather than running across floors. Patch panels in lockable cabinets in a controlled comms room. Visible cabling secured and labelled. Power and network cables separated to reduce interference. The arrangement does not need to be elaborate to meet the control - it needs to be deliberate.

Do we need to worry about wired interception?

For most operations, the controlled comms room and network cabinets prevent casual interception. Higher-risk environments may add monitored cabinets, sealed conduits, and end-to-end encryption that protects data even if interception did occur. The level of concern should match the threat model rather than apply a single standard everywhere.

How are cabling changes managed?

Through the change management process under A.8.32, with the resulting changes reflected in the cabling diagrams. Cabling work is often done by specialist contractors - the supplier security arrangements under A.5.20 should cover the access and confidentiality expectations during the work.

Further Resources