He is probably talking about ASSC and want to know when those keys need to be managed:
Click Menu | Configuration | Server Settings, select Security Keys from the Setting Categories list, then click Edit. The Edit Security Keys page appears.
Don't these keys have to be backed up ? I am assuming every encrypted device has it's own key. What happens if a device's key becomes corrupt for one reason or another ? or the database is lost, is there a way to recover ?
If you loose ePO SQL database then you are in a deep s.
There are plenty of documents available describing how to prevent it from happening.
I'm suprised that you are unaware of them.