The organization's personnel are offered a solution to protect unclassified confidential information with encryption when information is transferred outside of physically protected areas via the network. The solution has no known vulnerabilities and, according to the information received from the manufacturer, it supports modern encryption strengths and settings.
The staff's competence in the safe use of the encryption solution has been ensured (for example, instructions, training and supervision).
The organization has to execute data transfers in public network using encrypted or otherwise protected data transfer connection or procedure, if the data is confidential.
The data transfer also has to be set up in a way where recipient can be identified securely enough before recipient can access any confidential data.
Our organization has defined policies for creating, storing, sharing, and deleting encryption keys.
Encryption key lengths and usage practices will be selected in accordance with best general practices by monitoring developments in the industry.