How does Eye-Able® ensure that encryption mechanisms and cryptographic keys are securely managed?
Ensuring secure management of encryption and keys, including policies, key rotation, deletion, auditability, and compliance with regulatory requirements
Eye-Able® operates a formalized cryptography and key management program, which is aligned with current industry standards (e.g., ISO/IEC 19790, NIST, BSI TR-02102) and regulatory requirements.
Cryptographic Procedures and Data Classification
All cryptographic procedures – both for stored and transmitted data – use certified libraries and are applied based on an approved data classification.
Key Management and Access Control
Keys are generated exclusively through controlled processes, rotate according to defined cryptoperiods, and are subject to a tiered access management with the least-privilege principle.
Access Controls and Process Regulations
Access to key material is technically restricted, and all key transitions, archiving, deactivations, and deletions are governed by documented processes.
Exception Procedures and Logging
Exception procedures (e.g., special use of compromised keys for decryption purposes) are secured by processes and auditable. All key status changes are logged, monitored in central systems, and regularly audited – especially after security-related events.
Key Retirement and Legal Processes
Key retirement and key destruction processes are legally compliant and include HSM-based keys.
Changes to Cryptographic Standards
Changes to cryptographic standards, algorithms, or procedures are risk-based evaluated, documented, and controlled when introduced.
Integration into ISMS
The key management is integrated into the overarching ISMS and meets the requirements for data confidentiality, integrity, and traceability at both the technical and organizational levels.