ISO 27001 Encryption is a way of scrambling information so that it can’t be read by just anyone. Think of it like a secret code. You use a key to lock the information, and only someone with the right key can unlock it to see the original message.
Examples
- Sending a private message to a friend online. The app uses encryption to make sure only your friend can read it.
- Protecting your credit card details when you shop on a website. The website uses encryption to keep your information safe.
Context
In the world of ISO 27001, which is about keeping information safe, encryption is a key tool. It helps companies protect their important information, like customer details or business secrets, from being seen by people who shouldn’t see it. It’s a way of making sure that even if someone gets the information, they can’t understand it.
Relevant ISO 27001 Controls
The following controls from the ISO/IEC 27001:2022 standard are related to encryption:
- ISO 27001:2022 Annex A 5.14 Information Transfer
- ISO 27001:2022 Annex A 5.33 Protection Of Records
- ISO 27001:2022 Annex A 8.7 Protection Against Malware
- ISO 27001:2022 Annex A 8.25 Secure Development Life Cycle
- ISO 27001:2022 Annex A 8.28 Secure Coding
- ISO 27001:2022 Annex A 8.34 Protection of Information Systems During Audit Testing
