Home Compliance & Certification Data At Rest / In Motion Encryption Guide

Data At Rest / In Motion Encryption Guide

Last updated on Dec 18, 2025

1. Purpose of This Guide

This guide helps you show that business-critical and sensitive data is protected by encryption, both:

  • At rest (when stored), and

  • In motion (when transmitted)

Encryption ensures that even if data is accessed without authorisation, it remains unreadable and unusable. This artefact proves you’re protecting data properly — not just relying on passwords or good luck.

2. What You Will Submit

You will submit evidence showing encryption is enabled, such as:

  • Screenshots showing:

    • Full disk encryption enabled on devices

    • Database or storage encryption settings

    • TLS / HTTPS enabled for applications or services

  • Configuration pages from:

    • Cloud storage services

    • Databases

    • Email or file transfer systems

Multiple screenshots are perfectly acceptable.

3. How to Collect / Obtain / Generate This Evidence

Part A: Encryption at Rest

Collect one or more of the following:

Endpoints (Windows / macOS)

  • Screenshot showing:

    • BitLocker (Windows) enabled, or

    • FileVault (macOS) enabled

Servers / Databases

  • Screenshots showing:

    • Disk or volume encryption enabled

    • Database encryption at rest turned on

Cloud Storage

  • Screenshots showing:

    • Server-side encryption enabled

    • Managed keys (or customer-managed keys, if used)

Part B: Encryption in Motion

Collect screenshots showing secure data transmission, such as:

Web Applications

  • Browser address bar showing https://

  • Certificate details (padlock icon)

Email / File Transfer

  • TLS enabled in mail server settings

  • Secure transfer protocols (e.g. SFTP, HTTPS)

APIs or Services

  • Configuration pages showing TLS enabled for endpoints

4. Evidence Format

Accepted file types

  • PNG

  • JPG

  • PDF

Suggested naming format
YourCompanyName_DataEncryption_AtRest_InMotion_Date

Example
AcmePteLtd_DataEncryption_2025-07-01.pdf

5. What “Good” Looks Like

Your evidence is strong if it shows:

  • Visible element: Encryption enabled at rest
    Why it matters: Protects stored data from unauthorised access

  • Visible element: Secure protocols in use for data in motion
    Why it matters: Prevents interception or tampering during transfer

  • Visible element: Recognised encryption technologies
    Why it matters: Demonstrates industry-accepted protection methods

  • Visible element: Applies to business-critical or sensitive data
    Why it matters: Shows protection where it matters most

6. Tips from Sir Stonk 🛡️

  • Screenshots beat statements. Show the toggle switched on.

  • Redact keys, certificates, or secrets — auditors don’t need those.

Locks on doors are good.
Locks and encryption? That’s how you keep the treasure safe.