DOL releases guidance on best practices for maintaining EBP cybersecurity
The Department of Labor has released new guidance for plan sponsors, plan fiduciaries, record keepers and plan participants on best practices for maintaining cybersecurity.
The DOL guidance complements EBSA's regulations on electronic records and disclosures to plan participants and beneficiaries. These include provisions on ensuring that electronic recordkeeping systems have reasonable controls, adequate records management practices are in place, and that electronic disclosure systems include measures calculated to protect Personally Identifiable Information (PII).
Plan auditors may want to make their clients aware of the DOL guidance.
The EBPAQC Cybersecurity and employee benefit plans: Questions and answers provides plan auditors with and understanding of cybersecurity risk in employee benefit plans, and to discuss cybersecurity risk, responsibilities, preparedness, and response with plan clients.