Table of Contents
ISO 27001 Cabling Security
The focus for this ISO 27001 Control is cabling. As one of the ISO 27001 controls this is about stopping people intercepting communications on your cables.
You will learn what the ISO 27001 control 7.12 is, how to simply and easily implement it for ISO 27001 certification and I will show you some common gotchas so you can avoid them.
What is ISO 27001 Annex A 7.12 Cabling Security ?
ISO 27001 Annex A 7.12 Cabling Security is an ISO 27001 control that looks to make sure you protect any cables that you use from being damaged, interfered with or people using them to intercept your communications.
ISO 27001 Annex A 7.12 Purpose
The purpose of Annex A 7.12 is to prevent loss, damage, theft or compromise of information and other associated assets and interruption to the organisations operations related to power and communications cabling.
ISO 27001 Annex A 7.12 Definition
The ISO 27001 standard defines Annex A 7.12 as:
Cables carrying power, data or supporting information services should be protected from interception,
ISO 27001:2022 Annex A 7.12 Cabling Security
DO IT YOURSELF ISO 27001
All the templates, tools, support and knowledge you need to do it yourself.
How to implement ISO 27001 Annex A 7.12
General Guidance
Cabling security is only really relevant if you have cables. Which goes without saying. As a physical control this relates to information processing utilities such as data centres and server rooms but we can consider it in the context of office as well.
This control is really looking at availability and confidentiality and the ability to stop people breaking your cables or hacking them to get your data.
To some extent this control is outside of your gift to control but there are some considerations that you can put in place and evidence.
The standard is a little overkill and for most small organisations elements of this will not apply.
The advice here is, if you have a server room or information processing facility or offices, to bring in professional third parties to advise and implement. This is not something you will undertake yourself and there are many laws that govern this that are outside your capability.
The guidance in the standard talks about things like putting power and communications lines underground which clearly will have been done for you unless you are building some facility from scratch. You are at the mercy really of the premises you occupy and the service providers you use.
One part of guidance to consider technical sweeps and inspections of cables looking for devices that are not yours or suspicious is well founded as is controlling access to cable rooms and patch management cabinets.
ISO 27001 Templates
ISO 27001 templates have the advantage of being a massive boost that can save time and money so before we get into the implementation guide we consider these pre written templates that will sky rocket your implementation. Not interested in ISO 27001 templates, then you can skip to the next section.
How to comply with ISO 27001 Annex A 7.12
To comply with ISO 27001 Annex A 7.12 you are going to
- Get the help of a professional third party to put in place controls around cabling where required.
- Have policies and procedures in place
- Assess your cables and perform a risk assessment
- Implement controls proportionate to the risk posed
- Test the controls that you have to make sure they are working
Top 3 Mistakes People Make for ISO 27001 Annex A 7.12
The top 3 mistakes people make for ISO 27001 Annex A 7.12 are
1. You have no cables
If everything is in the cloud then this control is potentially irrelevant to you.
2. One or more members of your team haven’t done what they should have done
Prior to the audit check that all members of the team have done what they should have. Can you explain your cable set up? Have you checked it? Have you looked for rogue devices? Check!
3. Your document and version control is wrong
Keeping your document version control up to date, making sure that version numbers match where used, having a review evidenced in the last 12 months, having documents that have no comments in are all good practices.
Get the Help of the ISO 27001 Ninja
Book your FREE 30 Minute ISO 27001 Strategy Call and let me show you how you can do it 30x cheaper and 10x faster that you ever thought possible.
Controls and Attribute Values
| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |
|---|---|---|---|---|
| Preventive | Availability | Protect | Physical Security | Protection |
| Integrity |