A.7.11 Supporting Utilities
What is this control?
ISO 27001 control A.7.11 Supporting Utilities ensures supporting utilities including electricity, telecommunications, water supply, and HVAC are adequately protected, monitored, and provided with redundancy to prevent interruption to operations. For cloud-native organisations, this includes cloud infrastructure utility monitoring via Azure Service Health alerts, data centre redundancy via Zone and Geo-Redundancy, on-premises UPS protection, and network redundancy via SD-WAN automatic failover.
How to implement in Microsoft 365
Implement A.7.11 by configuring Azure Service Health alerts to notify administrators of platform issues affecting Azure and Microsoft 365 services. Verify Microsoft’s data centre redundancy documentation via annual SOC 2 Type II and ISO 27001 certificate reviews. Confirm Zone Redundancy and Geo-Redundancy configuration for critical data in Exchange, SharePoint, and OneDrive.
Ensure all critical network equipment is connected to UPS with minimum 30-minute runtime. Schedule quarterly UPS self-tests and annual battery health assessments. Implement SD-WAN with redundant internet connections including primary fibre and secondary 4G or 5G backup with automatic failover.
What an auditor looks for
Auditors will verify Azure Service Health alert configuration screenshot showing at least one alert rule enabled. They will check Microsoft SOC 2 and ISO 27001 certificate from Service Trust Portal. Auditors will review data resilience documentation showing ZRS and GRS configuration for Exchange and SharePoint.
They will verify UPS maintenance log showing quarterly self-tests and annual battery assessments. Auditors will check network topology diagram showing redundant ISP connections with SD-WAN configuration. They will review documented failover test report with timestamps.
Related controls
M365 capabilities that implement this control
Microsoft-managed fire protection, water damage protection, emergency power, and environmental controls