Neil Buxton, Technical Specialist - Pension Fund Policy and Governance, presented this report which provided an update on the risks facing the administration of the pension service and actions taken to manage them. Risks related to the coronavirus pandemic had been reviewed, based on the experience of the service to date which had resulted in a slightly lower risk score. Officers had also begun to look at the risks presented by the appointment of an external administrator and the associated impact on existing risk factors.
The Chair sought further information regarding cyber security which had received a relatively high rating. Neil Buxton noted that this reflected the position for the whole industry, due to the emphasis placed on cyber security by The Pensions Regulator for both public and private pension funds. He advised that the Cyber Security Policy was due to be presented to the Board in February 2022. The service was reliant upon Warwickshire County Council infrastructure for cyber security which provided a degree of comfort and conversations were ongoing with colleagues in ICT to conduct penetration testing, scenario testing and an external audit. Risks in relation to the transfer of administrative activity to West Yorkshire Pension Fund would need to be addressed. Vicky Jenks, Pensions Admin Delivery Lead, advised that the transfer was at the mobilisation stage and significant liaison was taking place with the information security team. A security risk assessment would need to be completed to ensure that West Yorkshire Pension Fund had sufficient policies in place to manage the cyber risk and would be able to meet the Pension Fund’s security criteria.
The Board welcomed the cautious approach and noted the report.