The Department of Labor (DOL) is expected to provide a cybersecurity guidance package in the future. Guidance will center around cybersecurity questions plan sponsors should consider when hiring a third-party service provider, inclusive of security practices employed by retirement plan recordkeepers. Investigators want to see that record keepers conduct periodically scheduled risk assessments (at least annually) and independent audits of their cybersecurity practices, including a detailed assessment of the system’s risks and any vulnerabilities. Plan sponsors need to ensure that hired service providers have safeguarding systems, policies, and procedures in place.
www.pionline.com; October 31, 2020.