POLITICA DE ENCRIPTACIÓN

IT-DOC-07

Versión: 1

Fecha de creación: 15/03/2021

Fecha de actualización: 11/05/2026

 

                       

 

Table of Contents

1. Scope 

2. Definitions 

3. Encryption Policy

4. Roles & Responsibilities 

5. Non-Compliance 

 

 

 

1. Scope

  • Data must be encrypted as per MSC IT Colombia Data Classification Policy.
  • Transmissions must be encrypted as per Network Policy.
  • Every user computer must have bit locker enable for encryption

 

2. Definitions

  • PHI - Personal Health Information
  • PII - Personally Identifiable Information is data that can identify a specific individual.
  • Ciphers: A cipher is an algorithm for encrypting and decrypting data

 

3. Encryption Policy

Cryptographic keys are used to encrypt information that is sensitive.   When encryption is required for data or connections, it must be requested and approved by IT Leadership Committee or the Chief Security Officer.  

  • Mobile Devices, such as laptops, phones, USB or external drives that contain MSC data require encryption.   Personal devices that may contain or access MSC data may be subjected to software installed which will manage the data on the device.
  • Critical data drives must be encrypted, if leaving secured facility.
  • Transmission Data must be encrypted from end to end using current standards and best practice.

 

4. Roles & Responsibilities

Matrix of Tasks and Responsible Groups.

Task

IT team

Cipher Selection and Approval

X

Implement Data Encryption on Devices

X

Key Administration

x

Manage Solution

X

 

5. Non-Compliance

Employees must adhere to the stated requirements. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.