Encryption Policy
Purpose
This policy outlines the encryption standards implemented by the Skpr hosting platform.
Scope
This policy applies to:
- All data classified as confidential, client-sensitive, or regulated.
- All systems managed by the Skpr hosting platform.
- All employees and third-party contractors with access to such data.
Encryption Standards
Data at Rest
All sensitive or client-related data must be encrypted using at least AES-256 encryption.
Encryption must be applied to:
- Amazon Relational Database Service (RDS)
- Amazon Elastic File System (EFS)
- Amazon ElastiCache (Redis and Valkey)
- Amazon Elastic Block Store (EBS)
- AWS Backup
Data in Transit
All data in transit over public networks is encrypted using TLS 1.2 or higher.
This includes:
- Requests to the Skpr APIs and web consoles
- Web requests (HTTPS)
- Outgoing email (via AWS SES)
Encryption Key Management
Keys must be centrally managed in AWS KMS.
Roles & Responsibilities
- Skpr platform team - Oversees implementation and compliance with this policy.
- PreviousNext Operations Lead - Responsible for the enforcement and auditing of this policy.
Review & Updates
This policy will be reviewed annually or upon significant changes in technology or regulation.