The basics
ISO 27001 control A.7.12 Cabling security requires companies to protect data and power cables, as well as other types of cables required to support information facilities. This is important to prevent information disclosure, tampering, or loss.
Documentation
ISO 27001 control A.7.12 Cabling security can be documented:
- for smaller and mid-size companies by defining in the Statement of Applicability (SoA) how cabling is protected (i.e., no separate document is needed)
- for larger companies by writing Plans for Cabling Security.
The plans are not mandatory but are recommended.
Implementation
In order to comply with control A.7.12 Cabling security you might implement the following:
- Technology — the technology to enable cabling security could include shielding technology to ensure separation between data and power cables, and that external signals cannot interfere with them. Companies of all sizes need to plan the security of their cabling based on risk assessment and the sensitivity of the data that flows through them.
- Organization/processes — you should set up a process for ensuring that cabling is properly installed, segregated, and protected, as well as access to them is controlled. You can document those processes through Procedure for Cabling Security.
- People — make employees aware of why protecting data and power cables is needed, and train them on how to identify and report events that can affect those cables.
Audit evidence
During the certification audit, the auditor might look for the following evidence regarding control A.7.12 Cabling security: if data and power cables are protected.
