Annex A 7.12 verified ISO/IEC 27001:2022
Secure Cabling for Power and Data
Ensure cables are protected from interception, damage, or interference to prevent security risks.
record_voice_over
Plain language
Cables carry important information, like power and internet, around your business. If these cables aren't protected, someone could tap into them, causing data breaches or downtime that might stop your business operations. That's why it's essential to secure them against damage or interception.
01 - Overview
Framework
ISO/IEC 27001:2022
Control effect
Preventative
ISO 27001 domain
Physical controls
Classifications
N/A
Official last update
24 Oct 2022
Control Stack last updated
18 May 2026
Maturity levels
N/A
Official control statement
Cables carrying power, data or supporting information services shall be protected from interception, interference or damage.
verified ISO/IEC 27001:2022 Annex A 7.12
priority_high
Why it matters
Unprotected power or data cabling can be tapped, disrupted by EMI, or physically damaged, causing data compromise and outages to critical information services.
settings
Operational notes
Inspect and protect cable routes using secure conduits/trunking, segregate power and data, label and restrict access to risers/patch panels, and check for tampering and EMI sources.
02 - Implement
build
Implementation tips
- IT Manager should ensure that all power and data cables entering the building are underground when possible. If that isn't feasible, use protective coverings like floor cable protectors or place them on utility poles to safeguard against physical damage.
- Facilities Manager should separate power cables from communication cables within the building. Running them in separate, distinct pathways prevents interference that might disrupt communication services.
- Security Officer should install protective measures for sensitive cables, such as armoured conduits and locking mechanisms on rooms or boxes. This can include using fibre-optic cables for critical data and setting up alarms at key points to deter and detect tampering.
- Office Manager should arrange for clear labelling of all cables with information about their source and destination. This makes it easier to track and inspect them if needed and ensure proper maintenance.
- IT Support should conduct regular checks for any unauthorized attachments or tampering with the cables. This includes inspection of patch panels and cable rooms, ensuring that access is strictly controlled and monitored.
03 - Audit
fact_check
Audit / evidence tips
- AskRequest the building infrastructure plan showing cabling routes.
- AskRequest documentation detailing the separation of power and data cables.
- AskAsk for records of inspections and checks for unauthorized devices.
- AskRequest the access logs for cable rooms and patch panels.
- AskAsk for a demonstration of the cable labelling system used.
04 - Mappings
link
Cross-framework mappings
How Annex A 7.12 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (17) expand_less | ||
| ISM-0187 | ISM-0187 requires SECRET cables, when bundled together or run in conduit, to be run exclusively in their own individual cable bundle or c... | |
| ISM-0195 | ISM-0195 requires the use of uniquely identifiable SCEC-approved tamper-evident seals to secure all removable covers on TOP SECRET cable ... | |
| ISM-0926 | ISM-0926 requires that non-classified, OFFICIAL: Sensitive and PROTECTED cables are not coloured salmon pink or red, to avoid misidentifi... | |
| ISM-1096 | Annex A 7.12 requires cabling to be protected from interception, interference, or damage, which includes being able to verify cabling int... | |
| ISM-1100 | ISM-1100 requires TOP SECRET cables to be terminated only within an individual TOP SECRET cabinet, which specifies a precise location for... | |
| ISM-1101 | ISM-1101 requires that, in TOP SECRET areas, cable reticulation systems entering cabinets in server/communications rooms are terminated a... | |
| ISM-1103 | ISM-1103 requires that, in TOP SECRET areas, cable reticulation systems leading into cabinets (outside server/communications rooms) are t... | |
| ISM-1111 | ISM-1111 requires organisations to use fibre-optic cables instead of copper for cabling infrastructure to reduce security and performance... | |
| ISM-1112 | ISM-1112 requires cables in non-TOP SECRET areas to be physically inspectable at intervals of five metres or less to support routine secu... | |
| ISM-1114 | ISM-1114 requires cable bundles or conduits in a shared cable reticulation system to be physically separated by a dividing partition or v... | |
| ISM-1115 | Annex A 7.12 requires organisations to protect power and data cabling from interception, interference, and damage across their environments | |
| ISM-1119 | ISM-1119 requires that cables in TOP SECRET areas are fully inspectable for their entire length to enable detection of tampering or compr... | |
| ISM-1130 | ISM-1130 requires that, in shared facilities, cables are run in an enclosed cable reticulation system to reduce the risk of tampering or ... | |
| ISM-1133 | ISM-1133 requires that, in shared facilities, TOP SECRET cables are not run in party (shared) walls to reduce the risk of compromise from... | |
| ISM-1164 | ISM-1164 requires that, in shared facilities, cable conduits/duct front covers, floor and ceiling cable trays, and associated fittings ar... | |
| ISM-1718 | ISM-1718 mandates that SECRET cables are identified by a distinctive salmon pink colour | |
| ISM-1821 | ISM-1821 requires TOP SECRET cables to be bundled or run in conduit exclusively (i.e., not sharing bundles/conduit with other cables) to ... | |
| sync_alt Partially overlaps (3) expand_less | ||
| ISM-0213 | ISM-0213 mandates that SECRET and TOP SECRET cables be terminated on individual patch panels to prevent cross-connection and mitigation o... | |
| ISM-0250 | ISM-0250 requires IT equipment to comply with electromagnetic interference/electromagnetic compatibility (EMI/EMC) standards to prevent i... | |
| ISM-1639 | Annex A 7.12 requires protection of cabling from interference or damage and seeks to reduce opportunities for unauthorised interaction wi... | |
| handshake Supports (6) expand_less | ||
| ISM-0181 | Annex A 7.12 requires cables carrying power or data to be protected from interception, interference, or damage | |
| ISM-0206 | ISM-0206 requires organisations to develop, implement and maintain cable labelling processes and supporting procedures so cables can be r... | |
| ISM-1095 | Annex A 7.12 requires organisations to protect cables and supporting information services from interception, interference or damage | |
| ISM-1296 | Annex A 7.12 requires cables carrying power or data to be protected from interception, interference, or damage | |
| ISM-1640 | ISM-1640 requires cables for foreign systems installed in Australian facilities to be labelled at defined inspection points so personnel ... | |
| ISM-1719 | ISM-1719 requires TOP SECRET cables to be coloured red so they can be rapidly and reliably identified as highly sensitive cabling | |
| link Related (2) expand_less | ||
| ISM-1102 | Annex A 7.12 requires organisations to protect cables carrying power or data from interception, interference or damage | |
| ISM-1122 | Annex A 7.12 requires that power and data cabling is protected from interception, interference or damage | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
school
Want to implement this control?
Mindset Cyber runs PECB-accredited ISO/IEC 27001 training that maps directly to the controls in this library.