View all Articles

US DOL Has Begun Cybersecurity Audits

As we previously reported, the US Department of Labor (DOL) issued cybersecurity guidance for retirement plan sponsors, plan fiduciaries, recordkeepers and plan participants regulated by the Employee Retirement Income Security Act (ERISA) which addresses best practices for maintaining cybersecurity which includes:

Next Steps for Employers

At the time the guidance was issued there was speculation that the DOL may begin audit initiatives of employers’ cybersecurity practices, and it can now be confirmed the DOL has been moving quickly to audit cybersecurity practices. The Agency has begun issuing information and document requests under this new initiative, and the requests are probing and indicate serious inquiry by the DOL. As a result, plan fiduciaries and service providers should consider acting on the DOL’s recent guidance. Plan fiduciaries that fail to act promptly on this guidance risk being surprised by the comprehensive nature of the cybersecurity audit requests being issued by the DOL.

Employers who become the subject of such an audit should reach out to their labor attorney, in consultation with the plan sponsor and plan service providers to obtain all documents in the DOL’s request.

HR Works, headquartered in Upstate New York, is a human resource management outsourcing and consulting firm serving clients throughout the United States for over thirty years. HR Works provides scalable strategic human resource management and consulting services, including: affirmative action programs; benefits administration outsourcing; HRIS self-service technology; full-time, part-time and interim on-site HR managers; HR audits; legally reviewed employee handbooks and supervisor manuals; talent management and recruiting services; and training of managers and HR professionals.