Aon Cyber Scorecard

Thank you for participating in this assessment of the cyber resilience of your pension scheme. The assessment consists of around 60 questions and is expected to take around 30 minutes to complete. Questions have been designed so that they can be completed by a typical pension scheme trustee or pensions manager. They do not need detailed technical and cyber knowledge.

In a number of sections we have asked what arrangements you currently have in place.  In many of these areas there is a spectrum of approaches, from the very basic to the very robust, and responses will be subjective.  As a suggestion, please only answer "Yes" to confirm that you have something in place if it is of a standard that you would be comfortable to share with, and justify to, the Pensions Regulator.

The assessment has been designed with a single scheme in mind.  If you run multiple schemes with different approaches, providers and procedures then each scheme should complete a separate assessment.  Inevitably such an assessment cannot capture all of the nuances of different schemes.  We have therefore also left a space at the end of the assessment for freeform comments, for you to add anything else which you feel is relevant.

There is a facility to save the assessment part way through and return to it if you wish.  An option to “Save and continue later” will appear at the top right of the screen once you start to complete the assessment.  This will ask you for an email address, and you will be sent a link that you can use to return to the assessment.  All questions are optional, so feel free to skip through the questions on your first visit and come back to complete it later if you prefer.

In the first section we have asked for some basic information so that we can compare schemes of different characteristics, as well as your contact information so we can provide you with the results of the assessment. None of the information that you provide will be shared other than with the person completing the survey, although we do ask your permission to collate your response with those of other schemes to generate benchmark information that we can share with you and others. In doing that your data will never be identifiable and any analysis of subsets of data (eg by size or sector) will only be released if there are sufficient numbers that individual responses cannot be identified. Further details of how we maintain your privacy can be found in our Privacy Policy.