Skip to main content
DraftIndicative placeholder for the section owner — amend, replace, or confirm as the first definitive version.

Doc owner: TBD

Encryption Policy

Seeded from legacy Allied Information Security Policy (HDD encryption, in-transit, removable media). Content carried over for review. Approved algorithms, key management, certificate management, and cryptographic exception handling are not covered in the legacy doc and need drafting.

Purpose

To define how Allied uses cryptography to protect the confidentiality and integrity of information at rest and in transit.

Scope

Applies to all Allied data, systems, and communications.

Roles and responsibilities

RoleResponsibility
TBD (policy owner)Maintains encryption standards and approved algorithms
System ownersApply encryption to data and communications under their control

Encryption at rest

  • Hard disk encryption must be turned on wherever possible. (Windows · macOS)
  • Sensitive data stored on removable media (USB drives, external disks, memory cards) must be encrypted and password-protected. See POL-ENT-008 Physical Security Policy for the full removable media controls.

Encryption in transit

  • Files must be encrypted in transit when shared with external organisations.
  • For Strictly Confidential material shared via Allied Gmail, 'Confidential mode' must be used.
  • If recipients require access to a file for their own records, the file must be password protected and the password transmitted by a different channel to the file.

Policy statements

TBD — gap analysis to add: approved algorithms and key sizes, key management lifecycle (generation, storage, rotation, destruction), certificate management, prohibition of weak ciphers, cryptographic exceptions process.