In April, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued cybersecurity guidance for employee retirement plans. Shortly thereafter, the DOL updated its audit inquiries to include probing questions for plan fiduciaries about their compliance with “hot off the press” agency guidelines. In short, the DOL is asking plan sponsors to produce: “all documents relating to any cybersecurity or information security programs that apply to the data of the Plan, whether those programs are applied by the sponsor of the Plan or by any service provider of the Plan.” The DOL fleshes out its general inquiry with a laundry list of items.
Source:
