Attention for IT and information security has rapidly increased in the previous years. Attention from the pension funds themselves, but also the supervisors. Besides that, pension organizations are becoming more and more dependent on IT for execution. The risk regarding information security is increasing. For instance due to outsourcing, new (cloud) solutions, and new possibilities for participants to report changes.
As IT is receiving more attention, more and more points of improvement come to light. The supervisor is investing heavily in this and has therefore created an extensive framework, which is based on the ‘Algemene Auditstandaard’ for IT CoibIT. Pension funds are often surprised by DNB’s findings, or unsure about the findings if the DNB investigation has not been finished yet.
In this snapshot, we demonstrate that attention to IT and information security is important and important steps need to be taken for improvement. However, the solutions are not always as complex and expensive as is often implied.
- CobIT (and also the DNB IT framework) is a handy but very generic tool, which is meant for very big and complex organizations.
- Organizations focus on IT for themselves and therefore must choose a solution that fits the organization.
- Decide on deepening and priority per topic to prevent a solution that is too extensive and expensive.
- Make use of what is already in the organization and align the new policies and regulations with this.
- Often, it is unnecessary to start long and expensive procedures for pulling IT and information security to the right level.
In case you are interested in having a change of thoughts about these topic, please find the contact details of our consultants below.