ISO 27001 Control 7.12: Cabling Security
Physical cable security is a foundational control that often gets overlooked in favor of digital defenses. ISO 27001 7.12 requires organizations to protect power and data cables from interception, interference, and damage through routing, shielding, and access controls—ensuring your infrastructure remains secure from both accidental and deliberate threats.
What this means
Cabling security protects the physical pathways that carry sensitive data and power throughout your organization. This control requires you to implement controls that prevent unauthorized access, tapping, or damage to cables carrying communications or power. Proper implementation includes strategic cable routing (avoiding public areas), appropriate shielding (electromagnetic protection), and physical access restrictions (locked conduits or cabinets) to maintain the confidentiality and integrity of data in transit.
How to comply
- 1.Map all power and data cables in your infrastructure to identify risk areas and exposure points
- 2.Route cables away from public spaces, external walls, and high-traffic areas where interception or damage is likely
- 3.Install cable shielding (Faraday cages, armored conduits) for sensitive communications carrying confidential data
- 4.Secure cables in locked or restricted-access cable trays, ducts, or conduits
- 5.Implement physical access controls to server rooms, network closets, and cable distribution points
- 6.Label and document all cabling to enable regular audits and maintenance without disturbing security measures
- 7.Establish a cable management policy that covers installation, modification, and inspection procedures
- 8.Conduct periodic physical inspections to detect tampering, damage, or unauthorized modifications
Evidence auditors look for
- Network closet with locked door and keycard access logs
- Cable routing diagrams showing segregation of sensitive communications
- Photographs of shielded or armored cable installations in sensitive areas
- Access control records for cable distribution rooms and server rooms
- Cable management audit reports documenting inspection and maintenance activities
- Inventory of cable shielding materials and protective conduits in use
- Maintenance logs showing cable inspections and any damage or tampering incidents
- Security policy document defining cabling standards and physical protection requirements
Frequently asked questions
When will FAQs be available?
The FAQ for this control is currently being prepared.
GRCWatch tracks your physical infrastructure assets and cabling inventory in one dashboard, enabling you to document cable routing decisions, schedule periodic security inspections, and maintain audit evidence of access controls—eliminating spreadsheet chaos and ensuring cabling compliance documentation is always audit-ready.
See how GRCWatch handles this control automatically
Start free trial