The Pensions Administration Standards Association (Pasa) has produced new guidance for trustees on improving data security and governance.
This latest guidance is designed to offer practical advice and covers a range of areas, such as cyber resilience, third-party oversight, secure communications and responsible AI usage.
Pasa says the guidance — ‘Securing Tomorrow: Essential Steps for Trustees and Pension Providers to Protect Member Data’ — offers a toolkit for trustees at a time of growing digital risk.
This includes advice on implementing role-based access controls and multi-factor authentication, vetting and monitoring third-party providers, conducting regular security reviews and incorporating them into ESOG/ORA frameworks, developing incident response plans and data communication strategies, as well as preparation for risks related to emerging technologies.
The guidance comes at a time when trustees and providers are increasingly reliant on data for key scheme decisions and member services.
Pasa data working group chair Kristy Cotton (pictured) says: “Trustees and providers are custodians not only of member benefits, but of highly sensitive personal data. Data breaches and cyber-attacks are no longer abstract threats, they’re real, frequent and growing. This guidance equips schemes with the tools to assess, protect and respond to data security risks, while embedding a culture of awareness across all stakeholders.”
Pasa chair David Fairs adds: “The guidance is designed to help schemes be confident in their controls, knowing they are doing the right things, proportionately and proactively. It supports Pasa’s mission to raise practical standards, and we urge all trustees, administrators and service providers to use it as a foundation for better, safer data practices.”
‘Securing Tomorrow’ complements existing regulatory frameworks and references key sources such as The Pensions Regulator’s Cyber Security Guidance and the NCSC’s 10 Steps to Cyber Security.
It is the latest in a suite of Pasa Guidance designed to future-proof administration and support robust scheme governance.