4. Cabling Documentation and Labelling Integrity Verified

Verification Criteria: Infrastructure cabling is clearly labelled at both ends and accurately documented in a current patch schedule or network map. Required Evidence: Patch panel schedules and physical cable tags cross-referenced against the internal network topology diagram.

5. Redundant Path Geographic Diversity Confirmed

Verification Criteria: Where redundancy is required, cabling paths for primary and secondary services follow geographically diverse routes to prevent a single point of failure (e.g., a single digger event). Required Evidence: Site drawings showing "North/South" or diverse entry points for carrier fibre feeds.

6. Patch Panel and Termination Point Security Verified

Verification Criteria: All cabling termination points (patch panels, distribution frames) are located within secure, restricted-access rooms or locked cabinets. Required Evidence: Physical inspection of comms cupboards showing restricted access control (badge readers or mechanical locks).

7. Electromagnetic Interference (EMI) Shielding Confirmed

Verification Criteria: Cabling is protected from EMI sources (e.g., lift motors, fluorescent lighting ballasts, or large transformers) through distance or shielding. Required Evidence: Technical specifications of installed cabling (e.g., Category 6A F/UTP or S/FTP) and physical routing away from high-interference equipment.

8. Unused Cable Decommissioning Evidence Identified

Verification Criteria: Redundant or decommissioned cabling is removed or clearly identified and disconnected at both ends to prevent unauthorized "shadow" connections. Required Evidence: Inventory of "Dark Fibre" or decommissioned cable logs; visual inspection for unlabelled, disconnected cables in racks.

9. Cabling Maintenance and Service Records Present

Verification Criteria: The cabling infrastructure undergoes periodic inspections for wear, heat damage, or environmental degradation. Required Evidence: Annual physical security walk-through reports or cable certification test results (e.g., Fluke test reports).

10. Fire-Stopping Compliance in Cable Penetrators Verified

Verification Criteria: Points where cables penetrate fire-rated walls or floors are sealed with fire-stopping material to maintain the integrity of physical security zones. Required Evidence: Physical sighting of fire pillows or intumescent mastic around cable bundles at zone boundaries.

ISO 27001 Annex A 7.12 Audit Checklist [+ Templates]

Q: 1. Telecommunications and Power Line Segregation Verified

Verification Criteria: Power and telecommunications lines are physically separated to prevent electromagnetic interference (EMI) and reduce the risk of simultaneous accidental damage. Required Evidence: Physical inspection of internal cable trunking or conduit layouts showing a minimum separation distance (typically 50mm+) or shielded dividers.

Q: 2. Cabling Physical Protection and Conduit Usage Confirmed

Verification Criteria: Exposed cabling in public or uncontrolled areas is housed within secure conduits or armoured trunking to prevent tampering or accidental severing. Required Evidence: Visual verification of secure cable routing in public hallways, basements, or external building faces.

Q: 3. Entry Point Physical Security Validated

Verification Criteria: Physical entry points for external telecommunications and power feeds into the building are secured and restricted to authorised facilities personnel. Required Evidence: Physical sighting of locked cabinets or secure rooms for external service entry points (manholes, cable vaults, or telecom rooms).

In this ultimate how to audit guide to ISO 27001 Annex A 7.12 Cabling Security, you will learn directly from an ISO 27001 Lead Auditor:

10 Key Audit Steps
Verification Criteria
Required Evidence
The Pass / Fail Test

I am Stuart Barker, the ISO 27001 Lead Auditor and author of the Ultimate ISO 27001 Toolkit.

Using over 30 years of industry experience across hundreds of audits, I’m giving you the exact templates, walkthroughs, and practical examples you need to achieve ISO 27001 certification.

ISO 27001 Annex A 7.12 Cabling Security Audit Checklist

ISO 27001 Annex A 7.12 Cabling Security Audit Checklist

Auditing ISO 27001 Annex A 7.12 Cabling Security is a technical verification of the physical infrastructure carrying sensitive data and power. The Primary Implementation Requirement involves the physical segregation and hardening of conduits, providing the Business Benefit of ensuring communications integrity and preventing unauthorised data interception or infrastructure tampering.

This technical verification tool is designed for lead auditors to establish the physical integrity of power and telecommunications infrastructure. Use this checklist to validate compliance with ISO 27001 Annex A 7.12.

1. Telecommunications and Power Line Segregation Verified

Verification Criteria: Power and telecommunications lines are physically separated to prevent electromagnetic interference (EMI) and reduce the risk of simultaneous accidental damage.

Required Evidence: Physical inspection of internal cable trunking or conduit layouts showing a minimum separation distance (typically 50mm+) or shielded dividers.

Pass/Fail Test: If unshielded data cables are found bundled directly with high-voltage power lines in shared trays, mark as Non-Compliant.

2. Cabling Physical Protection and Conduit Usage Confirmed

Verification Criteria: Exposed cabling in public or uncontrolled areas is housed within secure conduits or armoured trunking to prevent tampering or accidental severing.

Required Evidence: Visual verification of secure cable routing in public hallways, basements, or external building faces.

Pass/Fail Test: If network or power cables are found dangling or accessible to the public without protective casing, mark as Non-Compliant.

3. Entry Point Physical Security Validated

Verification Criteria: Physical entry points for external telecommunications and power feeds into the building are secured and restricted to authorised facilities personnel.

Required Evidence: Physical sighting of locked cabinets or secure rooms for external service entry points (manholes, cable vaults, or telecom rooms).

Pass/Fail Test: If the building’s primary external cable entry vault is found unlocked or accessible to unauthorised tenants/visitors, mark as Non-Compliant.

READ THE FULL ARTICLE

Access to Business and Consultant Toolkit Members Only.

Get the Toolkit

Members Login

How to Audit ISO 27001 Annex A 7.12: Cabling Security

Table of contents

ISO 27001 Annex A 7.12 Cabling Security Audit Checklist

1. Telecommunications and Power Line Segregation Verified

2. Cabling Physical Protection and Conduit Usage Confirmed

3. Entry Point Physical Security Validated