About Us

 
About Us

Learn more about our story and mission

Career Opportunities

 
Career Opportunities

Explore career opportunities and apply today

Certifications

 
Certifications

Industry-leading certifications and education

        

Community

 
Community

See how we give back to the community

Events

 
Events

Upcoming conferences and webinars

Meet the Team
Meet the Team

Meet our executive team of experts

        

Press Releases

 
Press Releases

Major company news and announcements

Request a Speaker

 
Request a Speaker

Request our experts to speak at your event

Testimonials

 
Testimonials

Hear what others have to say about us

Cybersecurity Services

 
Cybersecurity Services

Identify and address the vulnerabilities and threats associated with your people and technology

Compliance Services

 
Compliance Services

Achieve and maintain compliance with the state, federal, and industry regulations and frameworks required for your organization

Risk Management Services

 
Risk Management Services

Assess your organization’s present risk level and develop policies, procedures, and programs to mitigate the risks identified

Financial Services

 
Financial Services

Banks, credit unions, insurance, processors

Gaming

 
Gaming

Casinos, lottery services, online gambling

Government

 
Government

State, local, and tribal government agencies

        

Healthcare

 
Healthcare

Hospitals, clinics, pharmaceuticals

Higher Education

 
Higher Education

Colleges, universities, online schools

Hospitality

 
Hospitality

Hotels, restaurants, entertainment, tourism

        

Manufacturing

 
Manufacturing

Transforming materials into finished products

Nonprofit

 
Nonprofit

Charities, museums, religious institutions

Retail

 
Retail

Brick-and-mortar stores, online shopping

        

Technology

 
Technology

Technology-based products and services

Utilities

 
Utilities

Electricity, gas, water, sewage, transportation

        

Case Studies

 
Case Studies

In-depth investigations into our engagements

Datasheets

 
Datasheets

Detailed summaries of the services we offer

eBooks & Checklists

 
eBooks & Checklists

Downloadable files to help mitigate your risks

        

Glossary of Terms

 
Glossary of Abbreviations

Industry abbreviations listed and described

Industry News

 
Industry News

Recent cybersecurity and compliance news

Webinars & Videos

 
Webinars & Videos

Video content produced by our experts

About Us

 
About Us

Learn more about our story and mission

Career Opportunities

 
Career Opportunities

Explore career opportunities and apply today

Certifications

 
Certifications

Industry-leading certifications and education

        

Community

 
Community

See how we give back to the community

Events

 
Events

Upcoming conferences and webinars

Meet the Team
Meet the Team

Meet our executive team of experts

        

Press Releases

 
Press Releases

Major company news and announcements

Request a Speaker

 
Request a Speaker

Request our experts to speak at your event

Testimonials

 
Testimonials

Hear what others have to say about us

Cybersecurity Services

 
Cybersecurity Services

Identify and address the vulnerabilities and threats associated with your people and technology

Compliance Services

 
Compliance Services

Achieve and maintain compliance with the state, federal, and industry regulations and frameworks required for your organization

Risk Management Services

 
Risk Management Services

Assess your organization’s present risk level and develop policies, procedures, and programs to mitigate the risks identified

Financial Services

 
Financial Services

Banks, credit unions, insurance, processors

Gaming

 
Gaming

Casinos, lottery services, online gambling

Government

 
Government

State, local, and tribal government agencies

        

Healthcare

 
Healthcare

Hospitals, clinics, pharmaceuticals

Higher Education

 
Higher Education

Colleges, universities, online schools

Hospitality

 
Hospitality

Hotels, restaurants, entertainment, tourism

        

Manufacturing

 
Manufacturing

Transforming materials into finished products

Nonprofit

 
Nonprofit

Charities, museums, religious institutions

Retail

 
Retail

Brick-and-mortar stores, online shopping

        

Technology

 
Technology

Technology-based products and services

Utilities

 
Utilities

Electricity, gas, water, sewage, transportation

        

Case Studies

 
Case Studies

In-depth investigations into our engagements

Datasheets

 
Datasheets

Detailed summaries of the services we offer

eBooks & Checklists

 
eBooks & Checklists

Downloadable files to help mitigate your risks

        

Glossary of Terms

 
Glossary of Abbreviations

Industry abbreviations listed and described

Industry News

 
Industry News

Recent cybersecurity and compliance news

Webinars & Videos

 
Webinars & Videos

Video content produced by our experts
Compliance Services

Department of Labor

Department of Labor Cybersecurity Program Best Practices Services

The U.S. Department of Labor has announced guidance for plan sponsors, plan fiduciaries, record keepers and plan participants on best practices for maintaining cybersecurity, including tips on how to protect the retirement benefits of America’s workers. This is the first time the department’s Employee Benefits Security Administration (EBSA) has issued cybersecurity guidance. This guidance is directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act (ERISA), and plan participants and beneficiaries. ERISA requires plan fiduciaries to take appropriate precautions to mitigate the risks of both internal and external cybersecurity threats.

The Employee Benefits Security Administration has prepared the following best practices for use by recordkeepers and other service providers responsible for plan-related IT systems and data, and for plan fiduciaries making prudent decisions on the service providers they should hire. Plans’ service providers should:

  1. Have a formal, well documented cybersecurity program.
  2. Conduct prudent annual risk assessments.
  3. Have a reliable annual third party audit of security controls.
  4. Clearly define and assign information security roles and responsibilities.
  5. Have strong access control procedures.
  6. Ensure that any assets or data stored in a cloud or managed by a third party service provider are subject to appropriate security reviews and independent security assessments.
  7. Conduct periodic cybersecurity awareness training.
  8. Implement and manage a secure system development life cycle (SDLC) program.
  9. Have an effective business resiliency program addressing business continuity, disaster recovery, and incident response.
  10. Encrypt sensitive data, stored and in transit.
  11. Implement strong technical controls in accordance with best security practices.
  12. Appropriately respond to any past cybersecurity incidents.

How Can Compass IT Compliance Help?

Compass IT Compliance is extremely well-versed in assisting plan sponsors, plan fiduciaries, record keepers and plan participants in mitigating their cybersecurity risks. Our team of industry experts will perform a risk assessment to the Department of Labor Cybersecurity Program Best Practices. Your organization will be assessed in the 12 areas listed above to determine compliance with each discipline. Our assessment will help to uncover gaps in controls and will outline a clear and prioritized remediation strategy.  Contact us today to discuss your unique situation. Secure. Comply. Save.

Related Resources

NIST Cybersecurity Framework

Vendor Management

Virtual CISO

Cloud Security Risk Assessments

Compliance Blog Posts

Contact Us

Compass IT Compliance, LLC

Corporate Office:
2 Asylum Road
North Providence, RI 02904
 
Phone: (401) 353-3024
 

Recent Posts

Subscribe to Our Blog!
Copyright © 2022 Compass IT Compliance, LLC. All Rights Reserved.