PASA, the independent body dedicated to raising standards in pensions administration, has today published new Guidance, ‘Securing Tomorrow: Essential Steps for Trustees and Pension Providers to Protect Member Data’.
With trustees and providers increasingly reliant on data for key scheme decisions and member services, this Guidance provides practical, accessible advice on improving data security and governance. Covering areas such as cyber resilience, third-party oversight, secure communications, and responsible AI usage, the Guidance offers a vital toolkit for strengthening data management at a time of growing digital risk.
Kristy Cotton, Chair of the PASA Data Working Group, said: “Trustees and providers are custodians not only of member benefits, but of highly sensitive personal data. Data breaches and cyber-attacks are no longer abstract threats, they’re real, frequent and growing. This Guidance equips schemes with the tools to assess, protect and respond to data security risks, while embedding a culture of awareness across all stakeholders.”
The Guidance offers practical actions, including:
- Implementing role-based access controls and multi-factor authentication
- Vetting and monitoring third-party providers
- Conducting regular security reviews and incorporating them into ESOG/ORA frameworks
- Developing incident response plans and data communication strategies
- Preparing for risks related to emerging technologies such as AI
David Fairs, PASA Chair, added: “The Guidance is designed to help schemes be confident in their controls, knowing they are doing the right things, proportionately and proactively. It supports PASA’s mission to raise practical standards, and we urge all trustees, administrators and service providers to use it as a foundation for better, safer data practices.”
‘Securing Tomorrow’ complements existing regulatory frameworks and references key sources such as The Pensions Regulator’s Cyber Security Guidance and the NCSC’s 10 Steps to Cyber Security. It’s the latest in a suite of PASA Guidance designed to future-proof administration and support robust scheme governance.
The Guidance is available to download now.
