|
POLITICA DE ENCRIPTACIÓN IT-DOC-07 Versión: 1 Fecha de creación: 15/03/2021 Fecha de actualización: 11/05/2026 |
![]() |
Table of Contents
1. Scope
2. Definitions
3. Encryption Policy
4. Roles & Responsibilities
5. Non-Compliance
1. Scope
- Data must be encrypted as per MSC IT Colombia Data Classification Policy.
- Transmissions must be encrypted as per Network Policy.
- Every user computer must have bit locker enable for encryption
2. Definitions
- PHI - Personal Health Information
- PII - Personally Identifiable Information is data that can identify a specific individual.
- Ciphers: A cipher is an algorithm for encrypting and decrypting data
3. Encryption Policy
Cryptographic keys are used to encrypt information that is sensitive. When encryption is required for data or connections, it must be requested and approved by IT Leadership Committee or the Chief Security Officer.
- Mobile Devices, such as laptops, phones, USB or external drives that contain MSC data require encryption. Personal devices that may contain or access MSC data may be subjected to software installed which will manage the data on the device.
- Critical data drives must be encrypted, if leaving secured facility.
- Transmission Data must be encrypted from end to end using current standards and best practice.
4. Roles & Responsibilities
Matrix of Tasks and Responsible Groups.
|
Task |
IT team |
|
Cipher Selection and Approval |
X |
|
Implement Data Encryption on Devices |
X |
|
Key Administration |
x |
|
Manage Solution |
X |
5. Non-Compliance
Employees must adhere to the stated requirements. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
