Governance - IT issues
Trustee Meetings Handbook
Published October 2020
The IT world is constantly evolving and with it the issues which trustees must think about. We touch on cyber security and electronic filing systems as examples of issues to consider but there will be others.
Cyber security
The Pensions Regulator says that the cyber risk can be “broadly defined as the risk of loss, disruption or damage to a scheme or its members as a result of the failure of its information technology systems and processes. It includes risks to information (data security) as well as assets, and both internal risks (e.g. from staff) and external risks (e.g. hacking)”.
The Regulator’s view is that trustees should take steps to build their cyber resilience – the ability to assess and minimise the effect of a cyber incident, and also the way to recover after such an incident.
The Regulator has published guidance on cyber security for pension schemes.
Cyber security controls, processes and response plans need to be kept under review with the aim of ensuring that they remain fit for purpose.
The Pensions Administration Standards Association (PASA) has also published cyber security guidance for trustees which we recommend you read. This can be found at https://www.pasa-uk.com/wp-content/uploads/2019/10/PASA-Cyber-Security-Guidance-FINAL.pdf.
Electronic filing systems
Many advisers (Barnett Waddingham included) offer electronic portals where minutes, meeting packs and key scheme documents can be stored securely. Documents can be accessed quickly and easily and are less easily lost.
Even if files are stored electronically, minutes/meeting papers can still be printed out and then mislaid, leading to data protection issues. It therefore makes sense for minutes and meeting papers not to refer to members by names or other data items by which they can be identified.