Encryption Key Management Policy

Subscriber Content
Screenshot of the first page of Encryption Key Management Policy

This sample policy outlines procedures for creating, rotating and purging encryption keys used for securing credit card data within company applications.

Sample steps in this policy policy includes rotating keys yearly or when there is suspicion that a key has been compromised, re-encrypting the credit card numbers in the associated systems using the new key, discontinuing the use of the old key, entering specific information into the system when logging key creations, implementing preventative controls to prevent unauthorized substitution of keys, and suspending keys suspected of compromise.

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.