scope:

This guidance applies to:

• System support organisations, such as TfL's Technology & Data (T&D) directorate¹, which support each TfL information system. Particularly:

o T&D Networks & Hosting, which is responsible for the maintenance of many of TfL's networks.

o Information System (IS) Assurance, which is responsible for defining build standards for T&D-supported technology.

• Those responsible for information security within TfL (including but not limited to Cyber Security and Information Owners).

This document applies to all information systems and services owned, operated or supported by (or on behalf of) TfL.

Purpose

This guidance document identifies:

• The encryption algorithms that it is acceptable to use to encrypt data that is stored or processed by TfL information systems and services
• How encryption is implemented technically
• How encryption keys are managed

¹ TfL's information systems are not supported by the T&D directorate exclusively. A given system may thus be supported by a support organisation other than TfL T&D. Readers should therefore read T&D as T&D (or equivalent support organisation for the system or service concerned, where different)' throughout this document.