Encryption Key Management Standards
Encryption Key: A piece of information used to encode or decode data with a cryptographic algorithm
Encryption Keys and their backups must be:
- handled in a manner that permits properly designated University officials (Internal Audit, Information Security, and/or Campus Police) prompt access to all data, including for purposes of investigation and business continuity
- physically secured when stored or transmitted offline
- stored or transmitted separately from the data protected by the encryption key
- retained for the lifetime of the data being protected.
Approved by the Chief Information Officer, February 24, 2011.