DOL Cybersecurity Guidance and Assessments

Protecting the integrity of retirement benefits from cybersecurity risks.

Talk to an expert

Jon Powell
Jon PowellPartner
Candace Jackson
Candace JacksonPartner

The Moore Colson Cybersecurity Practice Area offers customized solutions to plan sponsors, plan fiduciaries and record keepers to assess the threat landscape of your benefit plans and remediate any risk factors to your plan participants. Our solutions provide the resources you need to enhance your benefit plan’s cybersecurity program from start to finish.

contact an expert»


DOL Cybersecurity Best Practices

On April 14, 2021, the U.S. Department of Labor (DOL) announced new guidance for plan sponsors, plan fiduciaries, record keepers and plan participants on best practices for maintaining cybersecurity, including tips on protecting the retirement benefits of America’s wor

kers. These best practices were the first time the DOL’s Employee Benefits Security Administration issued guidance around cybersecurity. The DOL divided the guidance into three categories: Tips for Hiring a Service Provider, Cybersecurity Program Best Practices and Online Security Tips.

The DOL summarized, in their April 2021 guidance, the 12 Cybersecurity Best Practices that service providers should implement and maintain:

1. Have a formal, well-documented cybersecurity program.

2. Conduct prudent annual risk assessments.

3. Have a reliable annual third-party audit of security controls.

4. Clearly define and assign information security roles and responsibilities.

5. Have strong access control procedures.

6. Ensure that any assets or data stored in a cloud or managed by a third-party service provider are subject to appropriate security reviews and independent security assessments.

7. Conduct periodic cybersecurity awareness training.

8. Implement and manage a secure system development life cycle (SDLC) program.

9. Have an effective business resiliency program addressing business continuity, disaster recovery, and incident response.

10. Encrypt sensitive data stored and in transit.

11. Implement strong technical controls in accordance with best security practices.

12. Appropriately respond to any past cybersecurity incidents.

request a proposal»

DOL Cybersecurity Program Assesments

Moore Colson has created (and performed) an assessment program to determine the level of compliance with the 12 best practices for each service provider within the benefit plan ecosystem. The assessment includes reviewing and testing relevant controls within each service provider’s environment.  A formal report is generated summarizing risks across the ecosystem and within each service provider.

icon-team-high-five Moore Colson Cybersecurity and Employee Benefit Plan Teams

The Moore Colson Cybersecurity team is comprised of experts in information security and cybersecurity. Our firm is also a member of the AICPA’s Employee Benefit Plan Audit Quality Center. Together, our professionals are equipped to analyze and validate your cybersecurity program against the DOL’s latest guidance. We will provide your business with a full-service risk assessment solution to ensure your plans are secure and protected.

contact an expert»

Contact Us

  • This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • This field is for validation purposes and should be left unchanged.

AJC TWP 2022 Award Ribbon
AJC TWP 2022 Award Ribbon