Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

General, risk-based encryption policy


Deciding on the need for encryption solutions is seen as part of an overall process that includes risk assessment and the definition of other management tasks.

The organization has established a general encryption policy that is always followed when protecting information using encryption.

Encryption policy defines:

  • general principles for using cryptographic controls throughout the organization
  • methods for determining the needed level of encryption on the basis of a asset risk assesment
  • the use of encryption on mobile devices
  • ways to protect encryption keys and recover encrypted data when keys are lost
  • roles and responsibilities related to encryption
  • the effects of encryption on other tasks of the security management system
Connected other frameworks and requirements:
10: Cryptography
ISO 27001
10.1: Cryptographic controls
ISO 27001
10.1.1: Policy on the use of cryptographic controls
ISO 27001
10.1.2: Key management
ISO 27001
I12: Salausratkaisut
No items found.