The Encryption Key Management System (CKMS) handles, manages, stores, and monitors encryption keys. The management system can be implemented as an automated tool or as a more manual implementation.
The organization must have the means to monitor and report on all encryption materials and their status using an encryption key management system. The cryptographic key management system should be used at least to:
The service provider has to be able to offer the customer a possibility for independently controlling storage and management of encryption keys that are used for the data they manage.
Details for this division of labor should be mentioned in service level agreements, terms of use or other similar documents.
The organization must have the ability to monitor and report on actions related to encryption and encryption key management.
When abnormal activity is detected it must be handled in accordance with incident management processes.