Key Custodian Agreement

From an evaluation perspective, the assessor will work with your human resources department to find out who is responsible for key management. We will ask for an artifact in which they have read and understood their responsibilities as key guardians in your surroundings. By signing a formal document in which important custodians sign that they understand and accept their responsibilities, they have a better chance of engaging in their role. Their primary custodians need to understand the seriousness of the work they have accepted and evaluators need to see some kind of recognition for it. If major custodian banks don`t do their job properly or safely, it will affect your entire business, as it can lead to breaches and breaches. Someone in your organization should be responsible for managing the encryption of your environment and accept the importance of this role. For this reason, PCI requirement 3.6.8 states that « cryptographic key custodians must formally acknowledge that they understand and accept their responsibility to the key custodian. Key Custodians are one of the most important tasks of your company. You are responsible for creating encryption keys, changing keys, restoring keys, rotating keys, distributing keys, managing keys, and much more. You manage every aspect of encryption in your environment. Important guardians have the keys to your kingdom. Someone should be responsible for managing the encryption of your environment.

The people we generally identify as your primary custodians. These people have to sign a document – that signature can be electronic or written – but what we really need is confirmation by these people that they really understand the seriousness of the work they have agreed to and that they understand all the policies and procedures and that they are good with it. The purpose and underlying intention is to understand that these individuals really have the keys to your kingdom. Your work is, in my professional opinion, one of the most important jobs in your entourage. If they don`t do their job well or don`t do it properly or safely, it can actually compromise your environment. We have all seen what violations have done to organizations in the past. Your email address will not be published. Required fields are marked with *.

. . .

Comments are closed.