APPS-2 Encryption Documentation

What is APPS-2 encryption documentation control about?

Procedures and documentation are critical for all organizations. The APPS-2 Encryption Documentation Control is about ensuring you have documented your organization’s unique use of encryption algorithms and keys. The encryption procedure should guide employees with step-by-step instructions on how documents are protected with cryptographic keys. Also, provide details on the keys and algorithms used. This document should be made available to all employees, especially those with a need to know, such as the engineering team members.

Available tools in the marketplace

Encryption Management Tools:

No tool recommendation is made for this section

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version: 

• Encryption document template.

Control implementation

NOTE: This control is automated by TrustCloud. Upload your policy or leverage TrustCloud’s built-in policy to enjoy the benefits of automation.

For a manual implementation,

• Define and document your encryption methodologies

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

• Provide the encryption procedure.

Evidence example

For the suggested action, an example is provided below:

• Provide the encryption procedure.

Examples from SANS

TrustCloud’s example:

The following screenshot shows TrustCloud’s encryption procedure document in Notion which is available to all employees, especially the engineering team.