An Encryption Policy specifies standards on how encryption is to be implemented. This policy includes applicability of encryption technology, key management, minimum strength of encryption, and legal use.
An Encryption Policy does not specify what data should be encrypted, which is detailed in other policies, but rather company standards for use of encryption technology. A sound Encryption Policy will ensure consistent application of encryption standards across the company.
An Encryption Policy developed with the InstantSecurityPolicy.com application will include the following detailed sections:
4.1. Applicability of Encryption
4.1.1. Data While Stored
4.1.2. Data While Transmitted
4.2. Encryption Key Management
4.3. Acceptable Encryption Algorithms
4.4. Legal Use of Encryption
4.5. Applicability of Other Policies
7. Revision History
Available in the Gold Package only, this is a policy that is intended to be used by technical staff and management only.
Our security policies were written based on a cohesive and integrated approach using security best practices stemming from the C-I-A triad of confidentiality, integrity, and availability. This approach aligns with both real-world and industry standard-based objectives, resulting in an invaluable resource for your security policy management. An Encryption Policy developed with the InstantSecurityPolicy.com wizard will provide the foundation for a realistic, practical implementation of your IT security policy program.
Please contact us if you have any questions about this policy.
InstantSecurityPolicy.com has delivered thousands of IT Security Policies to companies from 5 to 50,000 employees. The management of InstantSecurityPolicy.com has over 20 years of successful experience in the field of information security.