There are separate instructions for staff to use mobile devices. The instructions cover:
Laptops are protected by full-disk encryption.
When the confidentiality of backups is important, backups are protected by encryption. The need to encrypt backups may become highlighted when backups are stored in a physical location where security policies are unknown.
Deciding on the need for encryption solutions is seen as part of an overall process that includes risk assessment and the definition of other management tasks.
The organization has established a general encryption policy that is always followed when protecting information using encryption.
Encryption policy defines:
We use strong encryption during password transmission and storage in all services we develop.
Devices that support full-device encryption are selected as smartphones and tablets for work use, and encryption is turned on.
Storing confidential information on removable media should be avoided. When removable media is used to transfer confidential information, appropriate security is used (e.g., full disk encryption with pre-boot authentication).
The disk and file system of the servers is encrypted to manage the effects of physical theft of the servers.
When choosing the encryption methods to be used, take into account e.g. the following points:
The need for the advice of external experts is always considered when determining used cryptographic practices.