PENSION SCHEMESCyber SecurityComplianceTrustee ChecklistCyber security presents a serious risk to pension schemes, with thepotential implications of a cyberattack resulting in loss of memberdata, pensioners not getting paid and risk to investments.This document provides a checklist of tasks to ensure trusteesmeet minimum standards with regards to managing cyber risk.The Essential Foundations are fundamental steps which all trusteesshould implement as part of their cyber risk management. Thesesteps form part of our Cyber Security Package offering, and wehave template documents that we can offer clients at a fixed fee.The next steps, Best Practice Building Blocks, provide trusteeswith an indication of practices they should be aiming to adopt toensure that cyber risk management is a priority. We can providepractical help and guidance with implementing these steps.If you would like more information about our CyberSecurity Package offering then please get in touch.Initial Steps – Essential FoundationsCyber Security PolicyThis comprehensive document sets out how the pension scheme manages and mitigates itscyber risk. It should be reviewed and updated at least annually.Cyber SecurityIncident ResponsePlanThis plan sets out how trustees will respond to a cyber security incident, including whatsupport trustees will need and where it would come from. It should be reviewed andupdated at least annually.Cyber Security BestPractice Frameworkand AssessmentThis document supports trustees in building their pension scheme’s cyber resilience in linewith best practice. It then enables them to assess and monitor their pension scheme’s cyberresilience. It should be reviewed and updated at least annually.Cyber Hygiene QuickReference GuideThis is a quick reference guide which:• Provides an overview of the pension scheme’s approach and key cybersecurity documents;• Sets out practical tips which trustees can refer to on a day-to-day basis; and• Contains contact details for key advisers and stakeholders in the event of a cybersecurity incident.It should be updated as and when necessary.Basic Cyber SecurityTrainingTrustees should receive regular cyber security training, to ensure they understand the natureand impact of cybercrime and its evolving threats. Trustees should be aware of and familiarwith tPR’s guidance on cyber security principles.
Loading...
Loading...
Follow Us
LinkedIn
Twitter