This article was sourced from ifebp.org

 

The Employee Benefits Security Administration (EBSA) updated its cybersecurity guidance by publishing Compliance Assistance Release 2024-01, clarifying applicability to all types of plans covered by the Employee Retirement Income Security Act (ERISA).

The Compliance Assistance Release applies to plan sponsors, fiduciaries, recordkeepers and plan participants to protect information and assets from cybersecurity risks. The compliance updates guidance released in 2021 and 2022 to ensure that all ERISA plans, including health and welfare plans and all employee pension benefit plans, are included.

In addition, EBSA updated the following documentation:

  • Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
  • Cybersecurity Program Best Practices: Assists plan fiduciaries and record-keepers in their responsibilities to manage cybersecurity risks.
  • Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts or other employee benefit plan information online basic rules to reduce the risk of fraud and loss.

News release

 

This information is not meant to be legal advice and is for consultative purposes only. Please contact Valerie Bruce Hovland, Salus Group’s V.P. of Compliance at [email protected] if you need additional information.