A written information security plan that addresses key management, cloud data security and the interplay of encryption with other security tools is integral to proper data security. This article, the third in a three-part series, sheds light on the process legal and compliance personnel must work through with the technology team to develop effective policies. The first article discussed the basics of encryption, when it should be used and challenges in implementing it. The second article analyzed the legal and regulatory framework surrounding encryption, including various federal and state laws. See “Overcoming the Challenges and Reaping the Benefits of Multi-Factor Authentication in the Financial Sector (Part One of Two)” (Jul. 26, 2017); Part Two (Aug. 9, 2017).