Thank you for participating in this assessment of the cyber resilience of your pension scheme. The assessment consists of around 50 questions and is expected to take around 30 minutes to complete. Questions have been designed so that they can be completed by a typical pension scheme trustee or pensions manager. They do not need detailed technical and cyber knowledge.

Please note that if you are completing this on behalf of a Local Government Pension Scheme then a scorecard specifically for LGPS schemes can be found at

In a number of sections we have asked what arrangements you currently have in place.  In many of these areas there is a spectrum of approaches, from the very basic to the very robust, and responses will be subjective.  As a suggestion, please only answer "Yes" to confirm that you have something in place if it is of a standard that you would be comfortable to share and justify to the Pensions Regulator.

The assessment has been designed with a single scheme in mind.  If you run multiple schemes with different approaches, providers and procedures then each scheme should complete a separate assessment.  Inevitably such an assessment cannot capture all of the nuances of different schemes.  We have therefore also left a space at the end of the assessment for freeform comments, for you to add anything else which you feel is relevant.

Please also note that the assessment needs to be completed in one sitting, it currently does not have the facility to save your responses to come back to later. However, feel free to skip through the questions on your first visit and come back to complete it later if you prefer.

In the first section we have asked for some basic information so that we can compare schemes of different characteristics, as well as your contact information so we can provide you with the results of the assessment. None of the information that you provide will be shared other than with the person completing the survey, although we do ask your permission to collate your response with those of other schemes to generate benchmark information that we can share with you and others. In doing that your data will never be identifiable and any analysis of subsets of data (eg by size or sector) will only be released if there are sufficient numbers that individual responses cannot be identified. Further details of how we maintain your privacy can be found in our Privacy Policy.

Question Title

* Please tick this box to confirm that we can collate your information in this way