Enterprise Encryption Standards
To provide information about the security, method(s) and usage of encryption on Kelly Services technology assets.
II. Persons Affected
All full-time, part-time, or temporary employees for Kelly Services issued or who access a Kelly Services technology asset.
Kelly Services recognizes that in order to meet compliance, customer and privacy requirements the usage of encryption to protect confidential, private, non-public data is required.
Kelly’s standards are outlined by technology asset type (e.g. laptop, mobile device, email, etc…); and reference any other applicable standard that supports or supersedes the encryption standard requirements.
III a. Mobile Device Encryption:
In order for employees to be eligible to utilize their mobile device on Kelly Services email platform the device must be compliant with the Mobile device standard and participant agreement document. Devices listed within the Mobile device standard support at a minimum:
III b. Email Encryption [S-MIME]:
In order for employees to securely process and email confidential information; employees will be required to utilize e-mail based encryption.
III c. Email Encryption [PGP]:
In order for employees to securely process and email confidential information to customers who require the utilization of PGP encryption.
III d. Email Encryption [Department of Defense ECA Digital ID]:
In order for employees to securely process and email confidential information to DoD and other government related customers.
III e. USB Device Encryption:
For employees to securely process and transfer confidential information using USB Storage Devices; users who are required by customer agreement or are legally required to by law such as Massachusetts Data Privacy.
III f. Laptop Storage Encryption:
For employees who are required by customer agreement or are legally required to by law such as Massachusetts Data Privacy to have all customer related data encrypted at rest while using a portable device such as a Kelly Services issued Laptop.
III g. File Transfer Encryption:
In order for employees to be eligible to utilize the central Kelly Services File Transfer Service for business and customer needs the transfer process must be compliant and approved per the Kelly Services File Transfer Request Form document. All file transfers must be encrypted at a minimum using at least one of the following forms:
III g. Web Site SSL Encryption:
In order for employees and customers and other individuals to securely interact with Kelly Services different web based applications in a secure fashion, protecting data entered in to web based applications sessions should utilize SSL to encrypt the data.
Kelly Services reserves the right to audit, review and take action necessary on any device found to be in violation to both the Kelly Services AUP and this standard.