With the Department of Labor (DOL) focusing on cybersecurity, I think it’s prudent for plan sponsors to put policies in place to cover it. On a DOL audit, I’m sure the auditor investigating your plan, will ask for it.
What your policy should cover:
- Access controls and identity management for online systems
- The processes for responding to a cybersecurity breach
- A due diligence process for reviewing the cybersecurity protocols of plan providers
- Cybersecurity awareness training for staff
- The encryption of sensitive information transmitted, stored, or in transit
