PR.DS-01.224

Is full disk encryption implemented on all user endpoints (laptops, desktops, mobile devices) that store company data?

Explanation

Full disk encryption protects all data stored on endpoint devices in case of loss or theft by making the data unreadable without proper authentication. This includes operating system files, temporary files, and user data that might contain sensitive information. Without encryption, lost or stolen devices can lead to data breaches even if the device is password protected. Evidence of implementation could include: screenshots of encryption status from device management software (like BitLocker status reports, FileVault status, or MDM console reports), a documented encryption policy specifying required encryption standards, and implementation logs showing encryption deployment across the organization's device fleet.

Implementation Example

Use full disk encryption to protect data stored on user endpoints

ID: PR.DS-01.224

Context

Function
PR: PROTECT
Category
PR.DS: Data Security
Sub-Category
The confidentiality, integrity, and availability of data-at-rest are protected

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron