Issue - meetings
Governance and Communications Report including Cyber Security Review
Meeting: 25/04/2025 - Local Pension Board (Item 8.)
8. Governance and Communications Report 
PDF 233 KB
Report by, Mukhtar Master, Head of Governance and Communications
The Board are invited to review the Governance and Communications Report as presented to the Committee at their meeting on 7 March 2025. The report includes a log of all regulatory and data breaches.
Additional documents:
- PFC20250307R09 - Governance & Communication Report APPENDIX 1, 07/03/2025 Pension Fund Committee, item 8.
PDF 28 KB
- PFC20250307R09 - Governance & Communication Report APPENDIX 2, 07/03/2025 Pension Fund Committee, item 8.
PDF 667 KB
Meeting: 07/03/2025 - Pension Fund Committee (Item 9)
9 Governance and Communications Report including Cyber Security Review PDF 233 KB
11.00
This report covers the key governance and communication issues for the Fund, including a report on any breaches of regulation in the last quarter. The report also covers the recent Cyber Security review undertaken by the Fund.
The Committee is RECOMMENDED to:
i) Note the Fund’s update on the Pension Regulator’s General Code of Practice.
ii) Note the Fund’s annual review of Cyber Security.
iii) Note the latest quarter’s breaches for the fund.
iv) Note the communications update
Additional documents:
- PFC20250307R09 - Governance & Communication Report APPENDIX 1, item 9
PDF 28 KB
- PFC20250307R09 - Governance & Communication Report APPENDIX 2, item 9
PDF 667 KB
Minutes:
Mukhtar Master, Governance and Communications Manager presented the report of the Executive Director for Resources and Section 151 Officer which covered the key governance and communication issues for the Fund, including a report on any breaches of regulation in the last quarter. The report also covered the recent Cyber Security review undertaken by the Fund.
He provided an update on the progress made regarding the General Code of Practice, which was coming to an end, and advised the Committee that these would be completed by the end of the financial year, and an independent compliance review would be carried out by Hymans Robertson against all 51 modules.
He also advised the Committee of the first annual review of Cyber Security undertaken by all fund staff, with mock phishing exercises run by OCC IT and quarterly update meetings to ensure that the fund are regularly briefed and updated on all the latest developments within the specialist area. He also advised of a decrease in breachers for the period October to December 2024 and provided additional context to the data breaches that had occurred in that quarter. It was noted that none of the breaches were materially significant and as such were not reported to either The Pensions Regulator or the Information Commissioner.
In response to a query from the Committee regarding the number of repeat contribution and data breaches recorded, which was not shown in the report. Vicki Green, Pension Services Manager advised that these had been identified as smaller employers and the Fund was working with those to rectify those issues and was covered in more detail in the Administration Report. She advised that these contribution breaches would be escalated, because although they were very small employers which only related to 12 members, it was highlighted as a concern.
In response to query regarding the use of OCC IT to review the Fund’s cyber security processes, it was noted that the use of an external reviewer would be more beneficial and would explore whether OCC use an external provider when reviewing all cyber security processes within the Council, and would it be picked up under that.
The Committee RESOLVED to:
i) Note the Fund’s update on the Pension Regulator’s General Code of Practice.
ii) Note the Fund’s annual review of Cyber Security.
iii) Note the latest quarter’s breaches for the fund.
iv) Note the communications update.