ISO 27001
Annex A.10- Cryptography
Get compliant with ISO 27001 – Annex A.10 and simplify compliance for your organisation.

Get compliant with ISO 27001 – Annex A.10 and simplify compliance for your organisation.
Cryptography is a term that refers to secure information and communication techniques that use mathematical concepts and a set of rule-based calculations known as algorithms to convert messages into difficult to interpret messages. In a few words, it is a safe way for a sender and receiver to communicate without an outsider hacking or reading its content.
Cryptography is important for an organisation, as it is used to secure transactions and communications, protect personal information, verify identity, prevent document manipulation, and build trust between users.
This annex ensures that cryptography is used correctly and efficiently to protect information’s privacy, authenticity, and integrity.
A policy on the use of cryptographic controls for protection of information should be developed and implemented.
When creating the policy, these should be considered;
When applying the cryptographic policy of the organisation, we should consider regulations and national restrictions that may relate to the use of cryptography techniques in different parts of the world and to issues relating to the trans-border flow of encrypted information.
A policy on the use of cryptographic controls is necessary to maximise the benefits and minimise the risk of using cryptographic techniques, and to avoid inappropriate or incorrect use.
Cryptographic keys should be protected against modification, loss and destruction. Private keys need to be protected against unauthorised access.
A management system should be based on an agreed set of principles, procedures and secure process to cover the following;
To reduce the risk of compromising use of keys, activation and deactivation dates for keys should be defined so that the keys can only be used for a limited period of time.
Want to learn more? Read our blog about cryptography
©Copyright Inverifi 2023, All rights reserved. Registered in England, No: 06959535, , +44 20 4574 9908