** FREE PREVIEW VERSION **

[organization logo] Commented [EUGDPR1]: All fields in this document marked

by square brackets [ ] must be filled in.
[organization name]

Commented [EUGDPR2]: Learn more here:

POLICY ON THE USE OF ENCRYPTION
How to use the cryptography according to ISO 27001 control A.10
http://advisera.com/27001academy/blog/2015/12/14/how-to-use-
the-cryptography-according-to-iso-27001-control-a-10/

Code: Commented [EUGDPR3]: The document coding system should

be in line with the organization's existing system for document
coding; in case such a system is not in place, this line may be
Version: deleted.

Date of version:

Created by:

Approved by:

Confidentiality level:

©2017 This template may be used by clients of Advisera Expert Solutions Ltd. in accordance with the License Agreement.
[organization name] [confidentiality level]

Change history
Date Version Created by Description of change

dd.mm.yyyy 0.1 EUGDPRAcademy Basic document outline

Table of contents
1. PURPOSE, SCOPE AND USERS ..............................................................................................................3

2. REFERENCE DOCUMENTS ....................................................................................................................3

3. USE OF ENCRYPTION ...........................................................................................................................3

3.1. ENCRYPTION CONTROLS ............................................................................................................................... 3

3.2. CRYPTOGRAPHIC KEYS ..................................................................................... ERROR! BOOKMARK NOT DEFINED.

4. MANAGING RECORDS KEPT ON THE BASIS OF THIS DOCUMENT .........ERROR! BOOKMARK NOT DEFINED.

5. VALIDITY AND DOCUMENT MANAGEMENT........................................ERROR! BOOKMARK NOT DEFINED.

Policy on the Use of Encryption ver [version] from [date] Page 2 of 3

©2017 This template may be used by clients of Advisera Expert Solutions Ltd. in accordance with the License Agreement.
[organization name] [confidentiality level]

1. Purpose, scope and users

The purpose of this document is to define rules for the use of encryption controls, as well as the rules
for the use of cryptographic keys, in order to protect the confidentiality, integrity, authenticity and
non-repudiation of information.

This document is applied to all data processing activities.

Users of this document are [job title].

2. Reference documents
 EU GDPR article 32 Commented [EU GDPR4]: Click here to read the full text of
GDPR Article 32:
 ISO/IEC 27001 standard, clauses A.10.1.1, A.10.1.2, A.18.1.5 https://advisera.com/eugdpracademy/gdpr/security-of-processing/
 IT Security Policy
 Information Classification Policy

3. Use of encryption
3.1. Encryption controls

According to the Information Classification Policy, as well as legal and contractual obligations, the
organization must protect individual systems or information by means of the following encryption
controls:

Name of system / type Encryption tool Encryption Key size Commented [EUGDPR5]: This also includes communication
channels, individual computers (especially laptops), etc.
of information algorithm

* Commented [EUGDPR6]: List everything that is regulated by

the Policy + legal and contractual obligations + all systems already
using encryption - e.g. connections with remote computers,
electronic payment, etc.

** END OF FREE PREVIEW **

To download full version of this document click here:

https://advisera.com/eugdpracademy/documentation/policy-on-the-use-of-encryption/

Policy on the Use of Encryption ver [version] from [date] Page 3 of 3

©2017 This template may be used by clients of Advisera Expert Solutions Ltd. in accordance with the License Agreement.