APPS-2 Encryption Documentation

What is this control about?

The APPS-2 Encryption Documentation control is about making sure you have documented your organization’s unique use of encryption algorithms and keys. Procedures and documentation are critical to all organizations. The encryption procedure should provides guidance to employees with step-by- step instructions on how documents are protected with cryptographic keys and details on the keys and algorithms used. This document should be made available to all employees especially those with a need to know such as the Engineering team.

Available tools in the marketplace

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• Encryption document template

Control implementation

Note: This control is automated by TrustCloud. Upload your policy or leverage TrustCloud build-in policy to enjoy the benefit of automation

For a manual implementation, define and document your encryption methodologies.

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

• Provide the encryption procedure

Evidence example

From the suggested action above, an example is provided below:

1. Provide the encryption procedure

Examples from SANS

TrustCloud’s own example:

Our encryption procedure is a document in Notion and is available to all employees, especially the engineering team.