General, risk-based encryption policy

Critical
High
Normal
Low

Deciding on the need for encryption solutions is seen as part of an overall process that includes risk assessment and the definition of other management tasks.

The organization has established a general encryption policy that is always followed when protecting information using encryption.

Encryption policy defines:

  • general principles for using cryptographic controls throughout the organization
  • methods for determining the needed level of encryption on the basis of a asset risk assesment
  • the use of encryption on mobile devices
  • ways to protect encryption keys and recover encrypted data when keys are lost
  • roles and responsibilities related to encryption
  • the effects of encryption on other tasks of the security management system
Connected other frameworks and requirements:
I12: Salausratkaisut
10.1.1: Policy on the use of cryptographic controls
ISO 27001
10.1: Cryptographic controls
ISO 27001
10: Cryptography
ISO 27001
10.1.2: Key management
ISO 27001
No items found.