Deciding on the need for encryption solutions is seen as part of an overall process that includes risk assessment and the definition of other management tasks.
The organization has established a general encryption policy that is always followed when protecting information using encryption.
Encryption policy defines:
Our organization has defined policies for creating, storing, sharing, and deleting encryption keys.
Encryption key lengths and usage practices will be selected in accordance with best general practices by monitoring developments in the industry.
To reduce the likelihood of inappropriate use, activation and expiration dates are assigned to the encryption keys so that the keys can only be used for as long as is specified.