This article provides additional information on how you can meet the requirement for the ISO 27001: 2022 control A.7.12 Cabling security.
ISO 27001: 2022 Control Description
Cables carrying power, data or supporting information services shall be protected from interception, interference or damage.
Purpose
To prevent loss, damage, theft, or compromise of information and other associated assets, and to avoid interruptions to the organisation’s operations related to power and communications cabling.
Guidance on implementation
To ensure the security of cabling, follow these guidelines:
a) Underground Cabling: Where possible, run power and telecommunications lines underground. If not feasible, provide adequate protection, such as floor cable protectors or utility poles. For underground cables, use armoured conduits or markers to protect against accidental damage.
b) Cable Separation: Keep power cables separate from communications cables to prevent interference.
c) Additional Controls for Sensitive or Critical Systems:
- Install armoured conduits, lockable rooms or boxes, and alarms at inspection and termination points.
- Use electromagnetic shielding to protect cables.
- Conduct regular technical sweeps and physical inspections to detect any unauthorised devices attached to the cables.
- Control access to patch panels and cable rooms using mechanical keys or PINs.
- Consider using fibre-optic cables for added security.
d) Cable Labelling: Label cables at both ends with clear source and destination details to facilitate easy identification and inspection.
Additional Notes
Seek specialist advice for managing risks related to cabling incidents or malfunctions. Be aware that power and telecommunications cabling might be shared with other organisations in co-located premises.
This guide provides straightforward recommendations to ensure the security and integrity of power, data, and information service cabling.