secure system development life cycle

ERISA-covered plans hold millions of dollars or more in assets and maintain a large amount of personal data on participants, therefore, such plans can be tempting targets for cyber-criminals. Recognizing this, the Employee Benefits Security Administration (EBSA) of the U.S. Department of Labor issued its first-ever cybersecurity guidance concerning employee benefit plans this spring.  Further, in June 2021, just two months after issuing the guidance, government investigators began seeking information from plan sponsors about cybersecurity policies and procedures.  While such requests thus far have been limited to ongoing audits, plan sponsors and fiduciaries would be wise to review EBSA’s guidance and implement its suggestions as appropriate.

The EBSA guidance, which is directed to plan sponsors and fiduciaries as well as recordkeepers and plan participants, is set forth in three separate publications.
Continue Reading Department of Labor Focuses on Cybersecurity for Benefit Plans