Encryption Key Policy

Subscriber Content
Screenshot of the first page of Encryption Key Policy

This tool contains two sample policies that establish guidelines for use of encryption to secure company information assets and applications.

In these samples, keys will be securely distributed; keys will be securely stored within all applications; keys will be changed at least annually; old keys will be revoked and destroyed when data that was encrypted with the key no longer exists; dual control of keys will be required to create keys; preventive controls will be in place to prevent unauthorized substitution of keys; keys suspected of compromise will be suspended; and audit trails will be kept to show any time a key is created, modified or deleted.


Topics
Internal Controls
IT Controls
Data Security
IT Security
Privacy
IT Audit

Related Resources

Checklists & Questionnaires

Data Governance Questionnaire

Benchmarking Tools

Enterprise Security Key Performance Indicators (KPIs)

Audit Programs

PCI Review Audit Work Program

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It