Policy Name:
Data Encryption Policy (DEP)
Department:
Information Technology (IT)
Department Head:
Subaila Zia
Initial Policy Effective Date:
November 8th, 2023
Applicable Departments:
All
Revised Policy Effective Date:
June 5th, 2024
Subject:
The Telemedora Encryption Policy outlines the principles and guidelines for the use of encryption technologies to secure data across our organization.
POLICY STATEMENT
Telemedora is committed to safeguarding sensitive information, maintaining data integrity, and protecting the privacy of our employees, clients, and stakeholders.
SCOPE
This policy applies to all employees, contractors, and third-party vendors who access, transmit, or store sensitive information on behalf of Telemedora.
POLICY OBJECTIVES
* To protect sensitive data from unauthorized access, disclosure, alteration, or theft.
* To ensure compliance with legal and regulatory requirements related to data protection.
* To establish guidelines for the appropriate use of encryption technologies.
* To maintain the integrity and confidentiality of data in transit and at rest.
POLICY GUIDELINES
Data Classification
* Data must be classified based on its sensitivity level.
* Encryption requirements will be determined based on the data classification.
Encryption in Transit
* All data transmitted over public networks, including the internet, must be encrypted using secure and approved encryption protocols.
* Encryption should be employed for email communication containing sensitive data.
* Virtual Private Networks (VPNs) should be used for secure remote access to the organization's network.
Encryption at Rest
* All sensitive data stored on electronic devices, servers, and storage media must be encrypted.
* Full-disk encryption (FDE) is mandatory for portable devices (laptops, tablets, and smartphones) and removable media.
Encryption Key Management
* Encryption keys must be securely generated, stored, and managed.
* Access to encryption keys should be restricted to authorized personnel.
* A secure and auditable key management process must be in place.
Third-Party Vendors
* Third-party vendors and cloud service providers handling company’s data must adhere to encryption standards that align with this policy.
Compliance and Auditing
* Regular audits will be conducted to ensure compliance with this policy.
* Any non-compliance issues will be addressed promptly.
Incident Response
* In the event of a security breach or suspected data compromise, the company will follow its Data Breach Response Plan, including notifying affected parties and relevant authorities, as required by law.
REVIEW AND REVISION
This Encryption Policy will be reviewed annually and updated as necessary to adapt to changing technologies, regulations, and organizational needs.
POLICY ACCEPTANCE
All employees, contractors, and third-party vendors are required to acknowledge their understanding and acceptance of this Encryption Policy.
Date Policy Issued:
November 7th, 2023
Date Initial Policy Approved:
November 7th, 2023
Date Last Revised:
June 5th, 2024
Date Revised Policy Approved:
June 5th, 2024
Responsible Executive for Revised Policy:
Chief Executive Officer – Subaila Zia
Responsible Office for Revised Policy:
Information Technology (IT)
Chief Executive Officer (Name):
Subaila Zia
This policy is effective immediately and supersedes all previous editions.
Employee Name
Employee email
Date
Send
Skip to content
Open toolbar
Accessibility Tools
Accessibility Tools
Increase Text
Increase Text
Decrease Text
Decrease Text
Grayscale
Grayscale
High Contrast
High Contrast
Negative Contrast
Negative Contrast
Light Background
Light Background
Links Underline
Links Underline
Readable Font
Readable Font
Reset
Reset