We make achieving ISO 27001 easy. Achieve Annex A.10 compliance
Annex A.10.1 is about Cryptographic controls. The objective in this Annex A control is to ensure proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information.
It’s an important part of the information security management system (ISMS) especially if you’d like to achieve ISO 27001 certification. Lets understand those requirements and what they mean in a bit more depth now.
Encryption and cryptographic controls are often seen as one of the key weapons in the security arsenal, however, on its own it is not the “silver bullet” that solves every problem. Incorrect selection of cryptographic technologies and techniques or the poor management of cryptographic material (e.g. keys and certificates) can create vulnerabilities themselves.
Encryption can slow processing and transmission of information down so it is important to understand all of the risks and balance out the controls to an adequate level whilst also still meeting performance goals.
A policy on the use of encryption can be a good place to identify the business requirements for when encryption must be used and the standards that are to be implemented. Consideration must also be given to the legal requirements around encryption.
A good control describes how a policy on the use and protection of Cryptographic Keys should be developed and implemented through their whole lifecycle. One of the most important aspects is around the creation, distribution, changes, back up and storage of cryptographic key material through to its end of life and destruction.
Management of key material is often the weakest point for encryption and attackers may seek to attack this rather than the encryption itself. It is therefore important to have robust and secure processes around it. Dealing with compromised keys is also important and where appropriate should be tied into Annex A.16 Security Incident Management too.
ISMS.online offers some guidance and tips towards a good policy for encryption however this is one of the few areas where it is unique to your business and the operational activities where you’d use encryption.
We do have a list of partners who provide specialist advice and products around encryption so if this is an area you need help with during your implementation let us know and we can put you in touch with trusted experts too.
Download your free guide to fast and sustainable certification
We just need a few details so that we can email you your guide to achieving ISO 27001 first-time
Download your free guide now and if you have any questions at all then Book a Demo or Contact Us. We’ll be happy to help.
We’re so pleased we found this solution, it made everything fit together more easily.
The ISMS.online platform makes it easy for you to ensure proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information.
Easily collaborate, create and show you are on top of your documentation at all times
Find out moreEffortlessly address threats & opportunities and dynamically report on performance
Find out moreMake better decisions and show you are in control with dashboards, KPIs and related reporting
Find out moreMake light work of corrective actions, improvements, audits and management reviews
Find out moreShine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers
Find out moreSelect assets from the Asset Bank and create your Asset Inventory with ease
Find out moreOut of the box integrations with your other key business systems to simplify your compliance
Find out moreNeatly add in other areas of compliance affecting your organisation to achieve even more
Find out moreEngage staff, suppliers and others with dynamic end-to-end compliance at all times
Find out moreManage due diligence, contracts, contacts and relationships over their lifecycle
Find out moreVisually map and manage interested parties to ensure their needs are clearly addressed
Find out moreStrong privacy by design and security controls to match your needs & expectations
Find out moreTake 30 minutes to see how ISMS.online saves you hours (and hours!)
Book a meeting