Recent Posts



    News & Views

    Our latest news and blogs keep you in touch with our fast paced and ever changing industry.

    Are you aware of the security controls safeguarding your software?

    By Monica Cope on Saturday, April 18, 2015

    More and more organisations in the pensions industry are using software to streamline their core administration and actuarial functions. The emergence of cloud computing and web-based applications has created an abundance of benefits, including increased accessibility and agility, but there are associated security risks.  It is therefore important when assessing software options to consider, not just the functionality and practicality of the system, but the security controls in place to safeguard against security risks.

    Consider the information the software may be storing or processing: member names, dates of birth, National Insurance numbers, financial and bank account information…… 

    Pension scheme information is an extremely valuable asset, and the confidentiality, integrity and availability of the scheme’s information assets should be adequately protected.  However, with a lack of transparency around cloud security and software development controls from service providers, it can be challenging for trustees, employers and their advisers to be assured that an adequate information security management system is in place.  

    The biggest information security fears relating to Software as a Service (SaaS) include:

  • Unauthorised access to scheme data
  • Unauthorised data disclosure
  • Loss of data
  • Service disruption or degradation 

      ISO/IEC 27001:2013 is the international best practice standard for information security, covering all aspects of organisational security, including access controls, cryptography, change control, network security, information transfer, development controls, protection from malware and business continuity management (as well as HR, physical and environmental, supplier security and incident management).

      Organisations with ISO27001 certification have proven controls and procedures in place, and these are independently assessed to ensure they are effectively maintained.  It’s impossible for a SaaS provider to guarantee that your data will be 100% safe, but ISO27001 certification is a starting point to evaluate how mature a provider is and it’s certainly a step in the right direction.  

  • Comments
    Post has no comments.
    Post a Comment

    Captcha Image

    Back to News