On this page:

• What the ICO Says
• Encrypted USB Sticks
• Encryption Software

What the ICO Says

The ICO’s guidance is clear: 'All personal information – the loss of which is liable to cause individuals damage and distress - must be encrypted. Encryption is one of the most basic security measures and is not expensive to put in place - yet we continue to see incidents being reported to us. This type of breach is inexcusable and is putting people’s personal information at risk unnecessarily.' Sally Anne Poole, Enforcement Group Manager, The ICO

Encryption should be applied to laptops, USB sticks and any other portable media that might contain personal data. Encryption should meet at least the FIPS 140-2 standard and, for laptops, the encryption software should provide whole disk encryption and require pre-boot authentication - i.e. it should force you to enter the decryption password before you can log on to the laptop.

FIPS 140-2 stands for Federal Information Processing Standard Publication 140-2, and it is a US government standard for accrediting cryptographic modules on all sorts of media. Even though the standard was last updated in 2002, it has been adopted around the world as a clear, credible and internationally recognised standard. It is applied both to laptops and to USB sticks.

We have identified appropriate laptop encryption software, which we can supply directly to indivduals and to organisations. We have also identified, and can supply in single units or in bulk, USB sticks which are appropriately encrypted and meet CESG security requirements.

Encrypted USB Sticks

We have identified five USB sticks that would be appropriate for most organisations, and these are available singly or in larger quantities (bulk discounts available). They all use 256-bit AES hardware encryption and are designed for enterprise deployment. Optional enterprise features, available with some models as identified below, include remote-wipe, password reset, group policy enforcement, etc.

• Kanguru Defender Basic AES Hardware Encrypted USB Drive - 256-bit encryption, from 2GB to 128GB, prices start at £26.95 each
• Kanguru Defender V2 AES Hardware Encrypted USB Drive - FIPS 197-certified, with optional enterprise features, from 2GB to 128GB, prices start at £34.95
• Kanguru Defender Elite AES Hardware Encrypted USB Drive - FIPS 140-2 certified, with optional enterprise features, from 1GB to 128GB, prices start at £39.95
• SafeXs (FIPS 197, CESG-approved) - as used across the UK NHS - from 2GB to 32GB, prices start at £48
• SafeXs (FIPS 140-2) - with optional enterprise features, from 4GB to 32GB, prices start at £76.50

Encryption Software

IT Governance offers a leading range of laptop, desktop and mobile device encrytion software. Working with partners such as Sophos and Symantec (PGP), we are sure we have a solution to meet every need. To find out more information on encryption software, please see our Security Products page or email us requesting further information.

• Basel II/III
• Business Continuity Management
• BS25999
• CGEIT
• CISA
• CISM
• CISSP
• CLAS
• Cloud Computing
• COBIT
• Codes of Connection
• Compliance
• CRISC
• Cyber Security
• Data Governance
• Data Protection
  • BS10012
  • DPA Consultancy
  • Data Protection Act (DPA) Penalties
  • Encryption and DPA
• Enterprise Architecture
• Green IT
• Information Security
• ISO 20000
• ISO 22301
• ISO 27001
• ISO 31000
• ISO 38500
• ISO 50001
• IT Audit
• IT Governance
• IT Management Frameworks
• ITIL
• IT Service Management
• Knowledge Management
• M_o_R
• MoV
• MSP
• N3
• P3O
• PCI DSS
• Penetration Testing
• PMBOK
• PRINCE2
• Privacy
• Project Governance
• Risk Management Frameworks
• Security Hardware/Software
• SLAs
• Social Media Governance
• Soft Skills
• Management System Standards
• Technical Services
• TickITplus