ISO 27001 Annex A 7.12 Cabling Security is a simple way to protect your vital cables. This control helps you make sure nobody damages or interferes with your cables. It also stops people from using your cables to intercept your private communications.
Both power and data cables can be easily damaged or tapped into. To keep your service running and your data safe, ISO 27001 asks you to use cabling security steps.
This particular ISO 27001 control focuses only on your cables. As part of your security plan, you must stop people from intercepting communications that travel along them.
Table of contents
What is ISO 27001 Annex A 7.12?
The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022).
In the ISO/IEC 27001:2022 Standard the control is titled “Cabling Security”.
What is the ISO 27001 Annex A 7.12 control objective?
The formal definition and control objective in the standard is: “Information should be classified according to the information security needs of the organisation based on confidentiality, integrity, availability and relevant interested party requirements.“
What is the purpose of ISO 27001 Annex A 7.12?
The purpose of ISO 27001 Annex A 7.12 is “to ensure the identification and understanding of the protection needs of information in accordance with its importance to the organisation.“
Is ISO 27001 Annex A 7.12 Mandatory?
ISO 27001 Annex A control 7.12 (Cabling Security in the 2022 standard) is not automatically mandatory in the same way the clauses in the main body of the standard (clauses 4 through 10) are.
The mandatory part of the standard requires you to consider ISO 27001 Annex A 7.12 and all other Annex A controls, but you have the flexibility to exclude it if it is not applicable to your organisation’s specific risks and context.
Key Parts of the Rule
To follow this rule, you should have clear plans and policies. Here are some important steps:
To implement ISO 27001 Annex A 7.12, you should know that this control focuses on cabling security. This security measure is most important for places like data centres and server rooms, but you can also apply it to your office.
This rule is mainly about keeping your systems running (availability) and protecting your data (confidentiality). It aims to stop people from cutting your cables or using them to steal your data.
Some parts of this control are likely outside your control. You are usually limited by the building you are in and the services you buy.
The standard can be too much, and many small companies will not need to follow all parts of it.
If you have a server room, a data facility, or even just an office, you should hire professionals for advice and installation. You should not do this work yourself, as many complex laws govern it.
The standard mentions burying power and communication lines. Unless you are building a new facility, this work has already been done for you. You are largely dependent on your office building and your service companies.
A good piece of advice is to regularly check and inspect your cables for any strange or unexpected devices. You should also control who can access cable rooms and patch management cabinets.
