Encryption Policy for Rask AI

Brask Inc


This policy defines organizational requirements for the use of cryptographic controls, as well as the requirements for cryptographic keys, in order to protect the confidentiality, integrity, authenticity, and nonrepudiation of information.


This policy applies to all systems, equipment, facilities and information within the scope of

Rask AI information security program. All employees, contractors, part-time, and temporary workers, service providers, and those employed by others to perform work on behalf of the organization having to do with cryptographic systems, algorithms, or keying material are subject to this policy and must comply with it.


This policy defines the high level objectives and implementation instructions for Rask AI use of cryptographic algorithms and keys. It is vital that the organization adopt a standard approach to cryptographic controls across all work centers in order to ensure end-to-end security, while also promoting interoperability. This document defines the specific algorithms approved for use, requirements for key management and protection, and requirements for using cryptography in cloud environments.

Roles and Responsibilities

The Brask ML Infrastructure Department maintains and updates this policy. The CEO and legal department approve this policy and any changes.


Cryptography Controls

Rask AI protects individual systems and information using cryptographic controls as outlined below:

Governing Law

Organizationally-approved encryption must comply with relevant local and international laws, including import/export restrictions. The encryption used by Rask AI meets international standards and U.S. requirements, allowing for international use.

Key Management

Keys must be managed by their owners and protected against loss, change, or destruction. Appropriate access control and regular backups are mandatory.

Key Management Service

All key management must be performed using software that automatically manages key generation, access control, secure storage, backup and rotation of keys. Specifically:

  • The key management service must provide key access to specifically-designated users, with the ability to encrypt/decrypt information and generate data encryption keys.
  • The key management service must provide key administration access to specifically-designated users, with the ability to create, schedule delete, enable/disable rotation, and set usage policies for keys.
  • The key management service must store and backup keys for the entirety of their operational lifetime.
  • The key management service must rotate keys at least once every 12 months.

Secret Key

Secret (symmetric) keys must be securely distributed and protected at rest with stringent security measures.

Public Key

Public key cryptography uses public-private key pairs. The public key is included in a digital certificate issued by a certificate authority, while the private key remains with the end user.

Other Public Key

  • If keys are generated in software, users must create at least one secure backup.
  • Users must create an escrow copy of private keys for encryption and deliver it to the Infrastructure Team representative.
  • The Infrastructure Team does not escrow private keys for identity certificates.
  • All backups must be protected with a password or passphrase.