PASA publishes cyber security guidance for pension schemes

13 June 2019


The Pensions Administration Standards Association (PASA) the independent body dedicated to driving up standards in pensions administration, has announced the publication of its cyber security guidance for pension schemes.


Cyber security is becoming an increasingly regular topic for pension schemes.  The introduction of the General Data Protection Regulation (GDPR) reaffirms the need for pension schemes and trustees to have an active cyber security review.  This is supported by the Pensions Regulator’s (TPR) statement that pension scheme trustees need to take active steps to protect members and assets against cyber risk.  These reviews should be completed on a proportionate basis and a number of key areas require careful consideration.


The guidance from PASA provides practical support for trustees in formulating a robust and effective review of how they safeguard their scheme from cyber security issues. It covers five main sections:


  • Risk Assessment
  • Governance
  • Risk Management
  • Controls
  • Incident Management

The National Cyber Security Centre also provides information such as the ‘10 steps to cyber security’ to help organisations protect themselves.



Chris Connolly, Chair of PASA’s eAdmin Working Group said:


“The lead up to the General Data Protection Regulations, introduced in 2018, saw cyber risk taking a steep hike up the trustee agenda. New technology and innovations present opportunity for increased efficiency, but also mean the potential security risks are growing in volume and sophistication. It’s important for trustees to have a clear view of these potential danger areas and actively reassess them over time. Our guidance has been designed as a practical means to help identify where all risks and responsibilities lie, enabling schemes to put together a robust and effective plan of action to be taken should the worst unfortunately happen.”


The guide can be found here and is accessible to all.