Encryption Key Protection Policy – PCI Updates

Description

This policy outlines the requirements for protecting encryption keys that are under the control of end users. These requirements are designed to prevent unauthorized disclosure and subsequent fraudulent use. The protection methods outlined will include operational and technical controls, such as key backup procedures, encryption under a separate key and use of tamper-resistant hardware. This policy references PCI, all the requirements marked as PCI only pertain to PCI assets.