SPARK Forms Data Security Oversight Board to Adopt Common Criteria Certification for DC Market

At a time when all industries and government entities are facing unprecedented threats from cybercrime, The SPARK Institute has unveiled its plan to establish uniform data-management standards for the defined contribution market through its newly created Data Security Oversight Board.

“Data security is now one of the key issues for plan sponsors and consultants, who are engaged regularly to evaluate, select and recommend 401(k) and other defined contribution providers. As a result, the extra burden often falls on these consultants to ensure that recordkeeping systems and practices provide the necessary level of security. Given the complexity and the subjective nature of RFP evaluations, it’s often difficult to compare approaches, so we chose to act,” said Tim Rouse, Executive Director of the SPARK Institute. “To determine if there was an industry standard we should embrace, we met initially with cyber security experts,” Tim added.

SPARK’s newly formed Data Security Oversight Board will collaborate to establish uniform criteria for record keepers aimed at providing a baseline level of security across the retirement industry. Several plan consultants, who focus on serving retirement plan sponsors, including Cammack Retirement Group have already signed-on to participate.

Common Criteria Certification, as it is known, ensures that services purchased by organizations perform and are secure at the desired level of performance. It has emerged as a standard by which all industries can evaluate the security of IT and data systems.

With Common Certification Criteria, plan sponsors and their consultants will have an extra measure of confidence that a record keeper’s data security is at a level that meets established guidelines. Other industries, including healthcare providers, government agencies and other financial institutions have benefited from achieving a Common Certification Criteria.

“By participating in this Oversight Board, we hope to raise the bar on cyber security within the Defined Contribution market for the benefit of plan sponsors and participants,” according to Mike Volo, Senior Partner at Cammack Retirement Group, a leading investment advisor and consultant.

The first Data Security Board meeting will take place on June 21 in Washington DC, to coincide with SPARK’s National Conference. Board participation will be open to all industry members and plan sponsor consultants. Tim continues, “It will be up to the Oversight Board to set goals and criterion for the industry, working alongside cyber security experts, and to continually refine and refresh the SPARK Cyber Security Criterion to keep pace with the evolving cybercrime landscape.” The Oversight Board will also oversee annual certification of SPARK member organizations to ensure they meet the established data security criterion.

Cyber security will be key topic in a general session at the SPARK National Conference featuring Gregory J. Touhill the Deputy Assistant Secretary for Cybersecurity and Communications within the National Protections and Programs Directorate (NPPD) of the Department of Homeland Security (DHS).

For more information, please contact Tim Rouse at

About The SPARK Institute
SPARK Institute represents the interests of a broad-based cross section of retirement plan service providers and investment managers, including members that are banks, mutual fund companies, insurance companies, third party administrators, trade clearing firms and benefits consultants. Through the combined expertise of its member companies, the Institute provides research, education, testimony and comments on pending legislative and regulatory issues to members of Congress and relevant Government agency officials. Collectively, its members serve approximately 85 million participants in 401(k) and other defined contribution plans.

Back to news