SPARK Releases Updated Data Security Best Practices & New Plan Sponsor & Advisor Guide to Cybersecurity

The SPARK Institute updated its Industry Best Practices for Cybersecurity and released a new Plan Sponsor & Advisor Guide to Cybersecurity, to accompany it, a ready reference guide to its recently released Data Security Best Practices and seventeen Control Objectives.

Developed by its Data Security Oversight Board (DSOB), SPARK’s Data Security Best Practices and seventeen Control Objectives establish a base of communications between recordkeepers and the public through third-party audits of cybersecurity Control Objectives. This is the latest milestone in the SPARK Institute’s ongoing effort to strengthen cybersecurity throughout the retirement industry.

“Plan sponsors have an important role in working with service providers so that they have controls in place that are following cybersecurity best practices. The revised SPARK Data Security reporting standard helps in that regard.” said Dennis Lamm, Senior Vice President / Head, Customer Protection at Fidelity Investments a member of SPARK’s DSOB. “SPARK’s retirement industry cybersecurity leaders drew on their deep expertise in an unprecedented collaborative effort to come up with an action plan to help recordkeepers communicate the full capabilities of their cybersecurity systems to plan consultants, clients and prospects.”

SPARK Institute Executive Director Tim Rouse noted that the seventeen Control Objectives are consistent with and in alignment with the Department of Labor Cybersecurity Program Best Practices released last year. “They also satisfy the requirements for Reliable Annual Third-Party Audit of Security Controls for recordkeepers,” Rouse added. “From recent surveys of members, all DSOB members developed controls that build on current industry guidance and practices in an effort to better protect retirement assets against criminal cyber activity and enable plan sponsors and advisors better manage their fiduciary responsibility,” he concluded.

For more information, please contact Tim Rouse at or 508-838-1919

About SPARK Institute
The SPARK Institute is a member-driven, non-profit organization and leading voice in Washington, DC for the retirement industry. SPARK helps shape national retirement policy by developing and advancing positions on critical issues that affect plan sponsors, participants, service providers, and investment providers. Collectively SPARK Institute’s members serve approximately 100 million participants in 401(k) and other defined contribution plans.

SPARK Institute’s Data Security Best Practices and seventeen Control Objectives are not intended to provide a recommended level of cyber protection or a guarantee against a data breach or loss.

Back to news