Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.

Data Encryption, Retention and Pseudonymization Guidelines for

Internal IT Infrastructure Services

VERSION 1.0

2018
This is a controlled document. Unauthorised access, copying and replication are
prohibited.
This document must not be copied in whole or in parts by any means, without the
written authorisation of the Infrastructure Services, TATA Consultancy Services
Limited.

TCS Internal Page 1

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

DOCUMENT RELEASE NOTICE

This Encryption and Retention Guidelines, Version 1.0, is released for use in Internal IT IS
with effect from Mar’18

This manual is subject to Internal IT IS Document Control Procedure.

Softcopy of the latest version of the document is available in the Process Document
Repository.

Comments, suggestions or queries should be addressed to the Quality Head - IS, using the
Feedback Form at the end of this manual.

Approved By: __________________________________Date:

(Quality Head- Internal IT IS)

Authorised By: __________________________________Date:

(Global Head- Internal IT IS)

TCS Internal Page 2

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

DOCUMENT REVISION LIST

Document Name: Encryption, Retention and Pseudonymization Guidelines for Internal IT

Infrastructure Services

Document Number: 1.0

Rev. Revision Revision Page Rationale Change

No Date Description No. for the Type
Change (add /
modify
/
delete)
1.0 Mar 2018 New release

TCS Internal Page 3

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

ABBREVIATIONS

IS Infrastructure Services

TCS Tata Consultancy Services

SAN Storage Area Network

NAS Network-Attached Storage

MPLS Multiprotocol Label Switching

CTIS Category, Type, Item, Summary

DES Disk Encryption System

AES Advanced Encryption Standard

RAID Redundant Array of Independent Disks

DLP Data Leakage Prevention

TCS Internal Page 4

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

TABLE OF CONTENTS

DOCUMENT RELEASE NOTICE 03

DOCUMENT REVISION LIST 04
ABBREVIATIONS 05
DATA ENCRYPTION GUIDELINES 07
RETENTION AND ERASURE GUIDELINES 11
PSEUDONYMIZATION GUIDELINES 13
ANNEXURE I: CTIS FOR SHARED FOLDERS 14
FEEDBACK FORM 16

TCS Internal Page 5

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

DATA ENCRYPTION AND PROTECTION

GUIDELINES
Purpose

This Guidelines are intended to establish the requirements for the application of encryption to data
and equipment as a means of protecting the confidentiality, integrity and availability of the TCS
Information. It also sets out any relevant standards which those controls must meet.

Scope

The Guidelines covers the application of encryption to IS Information Asset under the TCS Information
Classification. These resources are TCS Assets Managed by IS.

TCS Internal IT managed customer/ third-party locations or TCS asset at Client Location can use this
as a guideline if there is no Customer Policy / Guideline.

Guidelines

 In order to mitigate the risk of disclosure or tampering with Classified Information through
interception, loss or theft of data or equipment, IS must deploy appropriate Encryption
security controls in conjunction with Security procedures.
 Access control must be implemented to avoid unauthorised access of data from all IS
managed services and applications.
 Data Encryption and Data Protection must be done across Data life cycle (As depicted in the
below Table.).
o Active & Online
o Active & Rest
o Data in Transit
o Data at Rest

Sno Scenario Environment Data Encryption and Protection Guidelines

Applications / Tools Used Application level encryption should be

1 Data – Active & Online
for IS Services preferred.

Data present on Storage Devices (SAN & NAS)

2 Data – Active & Rest
Data – Active – Online /
3 Standalone Servers
Rest
4 Data in Transit
Storage Devices – SAN
& NAS
Portable Devices
must be configured with RAID level protection
[RAID 10 or RAID 5 or RAID 6 (Dual Parity) or
higher level protection, excluding RAID
1(Mirror)].
Data present in Standalone Servers must be
Encrypted for RAID 1 (Mirror) protection.
Data present in Standalone Servers must be
store on disk with RAID protection [RAID 10 or
RAID 5 or RAID 6 (Dual Parity) or higher level
protection, excluding RAID 1(Mirror)].
For Standalone servers without Raid and
Dynamic partitions other Encryptions solution is
to be used.
For data transfer within TCS Network, using
portable storage (Removable Media including
USB/CD/DVD), will be permissible using

TCS Internal Page 6

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

Secure Key based encryption within Data

Leakage Prevention solution.

For data transfer outside TCS Network, using

Portable storage (Removable Media including
USB/CD/DVD) devices will be permissible only
with encryption using password based
encryption tool at minimum.

Data over TCS Intranet/MPLS may be

5 Data in Transit TCS Intranet / MPLS
Encrypted at Network level

6 Data in Transit Internet Data over Internet must be Encrypted.

7 Data at Rest Backup Storage (Disk) Data present in Backup Storage Devices (Disk
Based Backup Appliances) must be Encrypted,
8 Data at Rest Tapes Data present in Tapes must be Encrypted.

Data – Active & Online: Applications / Tools Used for IS Services

- All Data present in Application / Tool for Internal IT Services must be Encrypted at
Application / Tool Level if it is feasible

- Dynamic Data Masking can be applied as an Application level Encryption

- In case of databases, either of the following two approaches are to be followed

 Transparent Data Encryption (TDE) with Redaction on columns which are
having PII data. (Algorithm: Recommendation is to use AES 256 bits
algorithm. If AES 256 is not supported use AES-128)

 Column level encryption using DB functions (DB specific crypto function or

app level encryption)-Encryption Key should be physically isolated)

- Else configure and store application data on Storage or Servers with RAID level
protection storage [RAID 10, RAID 5 or RAID 6 (Dual Parity) or higher level
protection, excluding RAID 1(Mirror)]

- System configuration/logs transfer from one application/server to another

application/server must be over secured channel (SFTP). Example – Backup of
network devices, appliances etc.

- Access control must be implemented to avoid unauthorised access.

Data – Active & Rest: Storage Devices

- Data present in Storage Devices (SAN & NAS) must be configured with RAID level
protection [RAID 10 or RAID 5 or RAID 6 (Dual Parity) or higher level protection,
excluding RAID 1(Mirror)].

- Access control must be implemented to avoid unauthorised access.

Data – Active – Online / Rest: Standalone Servers

TCS Internal Page 7

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

- Partition Level Disk Encryption must be enabled with the help of McAfee DES Tool for
Data present in Standalone Servers mainly for RAID 1 protection.

- Data present in Stand Alone Servers must be store on disk with RAID protection
levels [RAID 10 or RAID 5 or RAID 6 (Dual Parity) or higher level protection,
excluding RAID 1(Mirror)].

- On Application level, Access control must be implemented to avoid unauthorised

access from both application and server end.

- For Standalone servers without Raid, McAfee DES (Disk encryption) solution is to be enabled
with pre-boot login option.

- Standalone Servers without Raid having Microsoft Windows operating system & Basic Disk
partition will be supported by McAfee DES (Dynamic partition will not be supported)

- Standalone Servers having Linux Operating system without RAID or RAID 1 (Mirror) has to be
encrypted by tools like LUKS (Open Source Linux Encryption tool) or Symantec PGP solution.

Data – Active – Online / Rest: MAC Laptops & Linux Laptops

- For MAC laptops certified by TCS Wintel team McAfee MNE solution must be used to manage
encryption key. Encryption will be done using Native MAC Encryption feature.

- McAfee DES solution does not support Linux Operating system deployed on Laptops.
Symantec PGP solution or LUKS (Open Source Linux Encryption tool) shall be used to encrypt
laptops having Linux OS (eg. RHEL, Ubuntu, Centos).

Data in Transit: Portable Devices

 Access to removable media (Pen Drive, External HDD, SD Card, etc.) will be
restricted & will be blocked using Active Directory policies. Device control tools likes
Symantec or McAfee must be deployed.

 Portable storage (Removable Media CD/DVD) devices will be permissible only with encryption
using password based encryption tool at minimum.

 All requirement of access to removable media to copy data will be based on approved
Change Request.

 Few additional fields will be captured in the CR. Eg. Type of data to be copied (Company
related Personal like salary slip etc, Project, System Data Backup)

Data Transfer within TCS

 Data encryption needs to enable using Forcepoint DLP solution. DLP client needs to
installed and registered with DLP servers.

 Other machines (where data has to be copied) should have same Forcepoint DLP
client registered with DLP servers, in this case user does not need to remember any
password. Data will not be retrievable from machines not having registered TCS
Forcepoint DLP client.

Data Transfer outside TCS

Note: - This will be applicable to but not limited to following scenario,

1) Locations where TCS Forcepoint DLP solution is not deployed due to local authority
approval pending.

TCS Internal Page 8

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

2) Users having exception approval (with CR) for not installing TCS DLP client

3) Data copy required for having presentation, RFP, Demonstration outside TCS office

 All Laptops / Desktops should be installed with McAfee FRP solution before enabling access
to removable media

 All removable media used for Data copy should be encrypted with McAfee FRP solution & no
data should be copied without encryption

 Authentication password will be defined by the user during device encryption & the
same will be required to decrypt the device

 For the locations having TCS DLP client deployed, any data copy on removable drive
will be monitored for data leakage purpose & will be encrypted using McAfee FRP
solution.

 If there is a requirement of Data copy without encryption then it should be done

through dully approved Change Request.

Data in Transit: TCS Intranet / MPLS

 Data in Transit over TCS Intranet / MPLS may be encrypted at Network level, if
feasible.

Data in Transit: Internet

 Network Level Encryption must be Enabled Data over Internet. Minimum 256 bit
encryption to be made available.

Data at Rest: Backup Storage (Disk)

 Data present in Backup Storage Devices (Disk Based Backup Appliances) may be
encrypted in case if backup data replication is in place if feasible. (having minimum
AES 256 bit Encryption)

Data at Rest: Tapes

 All Tape backups taken should be encrypted as per Standard Backup Tools like
Veritas NetBackup or any other Backup Utility (having minimum AES 256 bit
Encryption).

TCS Internal Page 9

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

RETENTION AND ERASURE GUIDELINES

DATA RETENTION
The backup should be retained for the duration specified as below.

Category Retention Period* Remarks

Generally for All Applications /

Data 1 Year Services

For Applications containing data

which is required to be maintained
Data 7 Years under Sarbanes-Oxley (SOX) Act

Logs 1 Year For All Application/Services

* This includes Data present in any stage i.e. Active, Transit and Rest

- Retention Period details should be captured in Data Records.

- In Case of any Deviation, same should be approved by IS Management and OU ISM

along with Business Justification.

Magnetic Tape Erasure

- All Data should be destroyed from all data stores such as Database, Tapes, Disk,
Backups, etc. after the retention period as defined in the “Data Record”. Appropriate
technology should be employed so that no data could be retrieved back after the
retention period is over.

- In Case of Tapes

 If they are reused after the Current Retention period is over, the Erasure
process should be such that deleted data cannot be retrieved and the Log for
the same is to be maintained

 If medias are not be reused immediately after the retention period is over it
should be overwritten by dummy data (should not include any PI or any
information) so that old data cannot be recovered, and the Log for the same
is to be maintained

 If they are at End of Life then they should be Degaussed and eWasted /
Shredded to ensure that no information can be retrieved back

TCS Internal Page 10

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

- Respective CRs, Tickets for the above process to be followed.

Magnetic and Flash Storage Drive / Solid State Drive Hard Disk
Retention
- Internal IT Infrastructure services to retain all types of faulty Hard Disk (Magnetic
Media or faulty Flash storage drive / Solid State Drive) from any form of devices
across all locations and ensure no faulty hard disk or magnetic media go outside.

- All above retained faulty Medias and consumable to be degaussed by Internal IT

Infrastructure services and handed over to Administration for disposal / eWaste.

- All hard disk and magnetic media used by Internal IT Infrastructure for POC or taken
on loan from vendor/3rd party needs to be Blancco and followed by CR process for
handover back to vendor.

- Data on Desktops / Laptops should be formatted prior to reallocation.

- Data on Desktops / Laptops should be erased using Blancco Hard disk is going out of
TCS for any reason Or as per customer guidelines /requirements of ODC setup.

- Respective CRs, Tickets for the above process to be followed

Shared Folders such as File server and Secure File Transfer Protocol (SFTP) should not
be used for storing personal data. In Exceptional Cases which has appropriate Business
Justification and Management Approval, same can be availed with the help of CR CTIS.
(Refer Annexure I for CTIS details)

TCS Internal Page 11

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

DATA PSEUDONYMIZATION / MASKING

GUIDELINES
Pseudonymization is a procedure by which the most identifying fields within a data record are
replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a
collection of replaced fields or a pseudonym per replaced field. The purpose is to render the data
record less identifying and therefore lower customer or patient objections to its use. Data in this form
is suitable for extensive analytics and processing.

Do's for Data Pseudonymization / Masking

 Data when moved from production to non-production environment, the IS PII elements (DB
columns/Excel Columns/flat file content) should be masked.
 Should use a uniform method of masking across all environments. Must have a central
hosting service solution for IS teams to mask the IS PII data even while sharing them in the
form of spreadsheets over the mails or shared folders.
 Masking must not be reversible.

Don't for Data Pseudonymization / Masking

 Routinely copy sensitive or regulated production data into non-production environments

without Data Masking.

Masking shouldn't be a onetime process

TCS Internal Page 12

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

Annexure I: CTIS for Shared Folders

Creation of Shared Folder must follow CR Process (CTIS is as below) with consent
(Notification form is as below).

Accessing of Shared Folder must follow CR Process (CTIS is as below) with consent
(Notification form is as below).

Notification form – Change Summary (Access Rights-Access Rights and Access to location
NAS)

Notification Form

o I / We understand, agree and abide by the following:

o I / We will ensure that the access / privilege provided by the company is for my / our
official use only.
o I am / we are aware that I am / we are accountable and responsible for any misuse of
the accesses / privileges provided on my / our machine allocated to me /us.
o I am / we are aware that the access / privilege provided can be revoked anytime in
case it is misused / objectionable / rejected by the Approvers.
o I am / we are aware that in case violation to above case in any form, disciplinary
action as per TCS governed policies will be taken.
o I / We will ensure that when I / We move out from the project or leave the
organization, all access installed using my / our change requests or credentials will be
uninstalled prior to my / our departure.

I Agree

TCS Internal Page 13

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

Notification form for – Change Summary (Creation of Shared Folder)

Notification Form

o I / We understand, agree and abide by the following:

o I / We will ensure that the access / privilege provided by the company is for my / our
official use only.
o I / We will be the Owner of this Share Folder and data residing in this share will be my
/ our responsibility
o I am / we are aware that the access / privilege provided can be revoked anytime in
case it is misused / objectionable / rejected by the Approvers.
o I am / we are aware that in case violation to above case in any form, disciplinary
action as per TCS governed policies will be taken.
o I / We will be doing periodic reconciliation / updating the Access of the Users having
access to this Share Folder

I Agree

TCS Internal Page 14

Encryption, Retention and Pseudonymization Guidelines for Internal IT Infrastructure Services Version 1.0

FEEDBACK FORM

(This form QF1020 is available in Process Document Repository)

To: Quality Head –Internal IT IS

Tata Consultancy Services

Date:

Location / Centre:

From:

Project/Support Group/Other Functional Group:

_______________________________________________________________________
Feedback details (Comments / Suggestions / Corrections / Queries)

(Please use additional sheets, if necessary)

_______________________________________________________________________

For Quality Head - IS’s use

Action assigned to: Date assigned:

Details of action taken:

TCS Internal Page 15