Encryption Policy
Purpose
This policy establishes the requirements for encryption of data at Build to ensure the confidentiality and integrity of sensitive information.
Scope
This policy applies to all data stored, processed, or transmitted by Build systems and employees.
Data Encryption Standards
Data at Rest
- All production databases use AES-256 encryption
- File storage systems employ full-disk encryption
- Backup data is encrypted using the same standards as production data
Data in Transit
- All external communications use TLS 1.2 or higher
- Internal service communications use mutual TLS authentication
- VPN connections required for administrative access
Key Management
- Encryption keys are stored in a dedicated key management service
- Keys are rotated annually or upon suspected compromise
- Access to encryption keys is restricted and audited
Implementation Requirements
- All new systems must implement encryption by default
- Legacy systems must be upgraded to meet encryption standards
- Regular audits verify encryption implementation
Exceptions
Any exceptions to this policy must be approved by the Chief Security Officer and documented with compensating controls.