Sanlam Umbrella Pension Fund
Sanlam Umbrella Provident Fund
Sanlam Unity Umbrella Fund
(hereinafter referred to as “the Fund”)
Implementation of robust cybersecurity and cyber resilience strategy
Compliance with legislation is one of the cornerstones of good governance within the Fund. As such, the Fund has put steps in place to ensure compliance with the Cybersecurity and Cyber Resilience Requirements Joint Standard 2 of 2024 (“Joint Standard”), which became effective from 1 June 2025. The Joint Standard is aimed at ensuring that retirement funds put a robust cybersecurity and resilience framework in place.
The term “cybersecurity” speaks to safeguarding member and stakeholder information, while “resilience” means the ability to continue doing business in the case of a cyber threat or event. At face value, the Joint Standard has quite a daunting set of requirements, however, the Board is excited and ready to work with all Fund stakeholders to ensure compliance with this important and necessary piece of legislation.
The Governance and Risks Committee, as a sub-committee of the Board, is responsible for overseeing the governance “roll-out” project in respect of the Joint Standard on behalf of the Board. Technical input and support was obtained from external cyber experts, and the following was already put in place to provide a strong cybersecurity and resilience governance structure:
- A Cyber Security Policy – this sets out the legislative framework and details what is required from the Board;
- a strategy, framework and action plan – this sets out the Board’s key objectives and actions, with timeframes;
- an Information asset register – the register of physical and digital assets held by the Fund; and
- an Incident management plan – this plan sets out the course of action should a cyber event occur and allows the Fund to act swiftly.
While the Fund is compliant on day one, we do note that cybersecurity and resilience is an ongoing process and requires ongoing monitoring. As part of the ongoing process, the Fund will continue to monitor and review not only their internal processes and policies but will also ensure that its service providers align with the Joint Standard. The risks pertaining to cybersecurity and resilience will also be regularly monitored and managed by the Board via its risk management process.
Finally, as members of the Fund, you can take comfort in the knowledge that the safeguarding of personal and financial information is one of the highest priorities of the Board.
Author: Governance and Risk Committee