Cryptographic Control and Encryption Policy Template
The purpose of this policy is to ensure the proper and effective use of encryption to protect the confidentiality and integrity of confidential information.
Confidential and personal information processed, stored or transmitted on or in company owned, managed and controlled systems and applications deemed in scope by the ISO 27001 scope statement.
Information is protected by controls based on classification as set out in IS 03 Information Classification and Handling Policy and based on risk assessment.
Only company approved encryption technology and processes are used.
The export of encryption technologies or encrypted data may be restricted by regulation. Personnel will seek guidance from the legal department should export of cryptographic technologies or encrypted data be required.
Cryptographic Control and Encryption Policy Template Contents
Document Contents Page 3
Cryptographic Control Policy 5
Encryption Algorithm Requirement’s 5
Mobile, Laptop and Removable Media Encryption 6
Email Encryption 6
Web / Cloud Services Encryption 7
Wireless Encryption 7
Card Holder Data Encryption 7
Backup Encryption 8
Database Encryption 8
Data in Motion Encryption 8
Bluetooth Encryption 9
Policy Compliance 10
Compliance Measurement 10
Continual Improvement 10