Contribute to the cybersecurity survey asking the questions others didn't dare to... Click here

ISO 27001 Control 7.12: Cabling Security

How to Protect the Cables Your Systems Rely On

ISO 27001 Control 7.12 Cabling security is about protecting the power and data cables that keep your organisation running.

If a malicious person can get at your cabling, they can disrupt services, tap into traffic, or cause damage that looks like “just a fault”. Even accidental damage – a contractor cutting through a cable run – can cause serious downtime. Control 7.12 asks you to make sure your power, network, and communications cabling is installed, protected and managed in a way that supports confidentiality and availability.

This guide explains what ISO 27001 Control 7.12 is really asking for, and how to build practical cabling security into your physical and network design.

What ISO 27001 Control 7.12 Actually Requires

In plain English, ISO 27001 Control 7.12 – Cabling security expects you to:

  • Protect power and communications cabling from damage, tampering, and unauthorised access.
  • Reduce the risk of interception, interference, or disruption of data and services.
  • Apply stronger protections where cabling supports sensitive or critical systems.
  • Maintain cabling so it remains reliable and identifiable over its lifetime.

This covers:

  • Power feeds to critical equipment
  • Network and telecoms cabling (copper and fibre)
  • Patch panels, cable trays, risers, floor boxes, and termination points

If you can show that you’ve designed, routed, and protected cabling deliberately, you’re well on the way to satisfying ISO 27001 Control 7.12.

Step 1 – Map and Classify Your Critical Cabling

Start by working out which cabling really matters from an information security and availability perspective:

  • Power feeds to:
    • Server rooms and comms rooms
    • Network racks and core switches
    • Key telecoms equipment and firewalls
  • Data and communications cabling for:
    • Core network links between racks and floors
    • WAN and internet connections
    • Inter-site links and connections to key partners/providers

For ISO 27001 Control 7.12, think in terms of:

  • Impact if the cable is cut (availability).
  • Risk if the cable is tapped or monitored (confidentiality).
  • Ease of access – is it locked away, or in a public riser or car park duct?

Document this at a sensible level: a simple schematic or short description per site is usually enough to demonstrate you know where your critical cabling is and what it supports.

Step 2 – Route and Protect Cables Sensibly

One of the simplest and most effective measures under ISO 27001 Control 7.12 is to route cabling where it’s harder to damage or tamper with.

Good practices include:

  • Underground or concealed routes
    – Route external power and telecoms cables underground where possible.
    – Avoid running critical cables in open, unprotected areas where vehicles, weather, or vandalism can affect them.
  • Conduits and trunking
    – Use protective conduits, trunking, or cable trays that shield against accidental damage (tools, trolleys, doors, etc.).
    – For exposed runs, use armoured or reinforced cable where the risk justifies it.
  • Avoiding obvious weak spots
    – Don’t run critical network links through easily accessible corridors, public risers, or unmonitored external walls if you can avoid it.
    – Limit exposed patch points in public or shared areas.
  • Signalling presence
    – Use warning tape or markers in ducts and underground routes to warn contractors there are cables present.
    – Label external cabinets and access points clearly, and protect them with locks where appropriate.

The aim is to make accidental damage less likely, and deliberate tampering more difficult and more obvious.

Step 3 – Separate Power Cabling from Communications Cabling

ISO 27001 Control 7.12 also cares about interference and reliability, not just physical tampering.

You should:

  • Physically separate power and data lines
    – Use separate conduits, trays, or routes for mains power and network cabling.
    – Follow vendor and standards guidance for minimum separation distances.
  • Cross at right angles where separation isn’t possible
    – If power and data cables must cross, keep the crossing as short as possible and at right angles to minimise interference.
  • Pay extra attention to high-power equipment
    – Keep network cabling away from heavy plant, motors, generators, and lifts where electromagnetic interference (EMI) is likely.

This helps maintain the integrity and availability of data transmission, which ISO 27001 Control 7.12 explicitly targets.

Step 4 – Add Extra Protection for Sensitive or Critical Systems

For systems carrying sensitive information or supporting critical services, ISO 27001 Control 7.12 expects you to go further.

Stronger measures can include:

  • Armoured conduits and secure termination points
    – Use armoured or metal conduit for critical cabling runs.
    – Place patch panels and termination points inside locked rooms or cabinets.
    – Fit tamper alarms or monitoring on key cabinets where risk is high.
  • Electromagnetic shielding
    – Use shielded cabling or additional electromagnetic shielding where there’s a realistic risk of interception or high interference.
    – For very sensitive environments, involve specialists to design appropriate shielding.
  • Fibre-optic cabling
    – Where possible, use fibre instead of copper for critical links. Fibre is far more resistant to electromagnetic eavesdropping and interference.
  • Restricted access to cabling spaces
    – Lock comms rooms, riser cupboards, and patch rooms.
    – Control access using keys, cards, PINs, or other suitable methods.
    – Limit who can access these areas and keep an access log if the risk justifies it.
  • Technical sweeps and inspections (higher-risk environments)
    – For organisations at higher risk of espionage or targeted attacks, consider periodic technical sweeps and detailed inspections to detect rogue taps or devices.

You don’t need every control everywhere, but you should be able to show that the more sensitive or critical the system, the stronger the cabling protections applied.

Step 5 – Label, Document, and Maintain Your Cabling

Cabling that nobody can identify quickly is hard to secure and even harder to troubleshoot. ISO 27001 Control 7.12 benefits a lot from good housekeeping.

Make sure you:

  • Label cables clearly at both ends
    – Include source, destination, and (if useful) service or VLAN details.
    – Use consistent labelling schemes across sites.
  • Label patch panels and cabinets
    – Clearly show which ports connect to which rooms, racks, or devices.
    – Keep panel diagrams up to date.
  • Keep basic documentation
    – Maintain simple drawings or spreadsheets showing main cable runs, risers, and external links.
    – Update documentation when changes are made (moves, adds, changes).
  • Inspect and tidy periodically
    – Schedule periodic inspections of comms rooms and cable routes.
    – Tidy up “spaghetti”, remove abandoned cabling, and fix damaged or strained cables.
    – Check that labels are still legible and accurate.

This reduces downtime during incidents and makes it much easier to manage risks associated with cabling under ISO 27001 Control 7.12.

Step 6 – Manage Cabling Risks in Shared or Co-Located Premises

In shared buildings, data centres, or co-location environments, you may not control all aspects of cabling. ISO 27001 Control 7.12 still expects you to understand and manage the risk.

You should:

  • Clarify responsibilities with landlords and providers
    – Ensure contracts and SLAs describe who is responsible for protecting and maintaining cabling.
    – Confirm how physical access to risers, ducts, and shared comms spaces is controlled.
  • Understand shared cabling risks
    – Know where your circuits share ducts or risers with other tenants.
    – Assess the risk of accidental damage or deliberate tapping.
  • Seek specialist advice where needed
    – For complex or high-risk environments, use cabling and security specialists to assess vulnerabilities and recommend controls.
  • Factor cabling into site selection decisions
    – If you’re choosing a new DC or office, consider the quality of their cabling protections as part of your due diligence.

Even if you don’t own the building, ISO 27001 Control 7.12 expects you to show that cabling security has been properly considered and addressed as far as is practical.

Step 7 – Plan for Cabling Incidents and Keep People Informed

Finally, ISO 27001 Control 7.12 is easier to evidence if you’re prepared for when things go wrong.

Consider:

  • Incident response for cabling failures
    – Include cable cuts, failures, or suspected tampering in your incident management process.
    – Define how incidents are triaged, who’s called (internal teams, landlords, providers), and how impact is assessed.
  • Emergency planning
    – For critical links, understand what happens if they fail (e.g. automatic failover, manual rerouting, degraded mode).
    – Ensure staff know how to escalate if they see physical damage or suspicious activity around cabling.
  • Training and awareness
    – Make facilities, IT, and security staff aware of the importance of cabling security.
    – Brief contractors and maintenance teams on where they must take extra care and who to contact if they suspect a problem.

This shows that cabling security under ISO 27001 Control 7.12 is not just a design exercise – it’s part of your operational practice.

Quick Implementation Checklist for ISO 27001 Control 7.12

Use this checklist to review your cabling security against ISO 27001 Control 7.12:

  • ISO 27001 Control 7.12 (Cabling security) is referenced in your ISMS documentation.
  • Critical power and communications cabling routes are identified and documented.
  • External and internal cabling is placed in protected routes (conduits, trunking, underground where possible).
  • Power and data cabling are physically separated to reduce interference.
  • Sensitive or critical systems use enhanced protections (armoured conduit, secure termination points, restricted access).
  • Fibre-optic cabling is used for key links where interception or EMI is a concern.
  • Patch panels, cable rooms, and riser cupboards are locked and access-controlled.
  • Cables are labelled at both ends, and patch panels and cabinets are clearly identified.
  • Cabling routes and termination points are inspected and maintained regularly.
  • Risks from shared or co-located cabling are understood and addressed through contracts, SLAs, or additional controls.
  • Cabling incidents (damage, suspected tampering) are covered by incident response and emergency procedures.

Bringing It All Together

ISO 27001 Control 7.12 – Cabling security – is about recognising that your information and systems are only as reliable and secure as the power and data cables that connect them.

If you:

  • Route and protect cabling deliberately,
  • Separate and secure critical links, and
  • Label, maintain, and monitor your cabling properly,

you’ll reduce the risk of outages, interference, and interception – and you’ll be able to show an auditor that cabling security is an active part of your ISMS, not just something the installers thought about once and forgot.

Explore the ISO 27001 Control Group Purposes

Organisational Controls
People Controls
Physical Controls
Technological Controls

Iseo Blue Limited - UK Registered Company Number : 10215427

Privacy Policy  

Registered office address: Belmont Suite Paragon Business Park, Chorley New Road, Bolton, England, United Kingdom, BL6 6HG