DOL Cybersecurity Readiness Checklist for TPAs
Score your firm against all 12 EBSA cybersecurity best practices. Answer Yes, Partial, or No for each — your score updates as you go.
The Department of Labor’s Cybersecurity Program Best Practices (opens in new tab) define 12 controls EBSA expects from plan service providers — including TPAs. With cybersecurity a formal National Enforcement Project since January 2026 (opens in new tab), this is the checklist an EBSA investigator’s document request will effectively test you against.
Scoring: Yes = fully implemented and documented. Partial = in progress or undocumented. No = not in place. Click any practice name for implementation guidance.
How to read your score: 10–12 Yes = strong posture. 7–9 Yes = gaps exist that a plan-sponsor questionnaire or DOL examiner would surface. Fewer than 7 Yes = your firm is carrying meaningful regulatory and fiduciary risk.
What to Do with Your Gaps
Every Partial or No is an item EBSA investigators, plan-sponsor due-diligence questionnaires, and cyber-insurance underwriters can ask you to explain. Our DOL Cybersecurity Compliance Guide covers what each practice requires and how to implement it in a TPA environment, and our plan sponsor questionnaire guide shows how to present your posture to clients.
Common Questions
Is this checklist based on official DOL guidance?
Yes. Each of the 12 items maps directly to EBSA’s Cybersecurity Program Best Practices, first issued in April 2021 and confirmed to apply to all ERISA plans and service providers by Compliance Assistance Release 2024-01 (September 2024).
Does the DOL actually check these items for TPAs?
Yes. Cybersecurity has been a formal EBSA National Enforcement Project since January 15, 2026. During investigations, EBSA requests documents such as cybersecurity policies, risk assessments, third-party audit reports, training records, and incident response plans — the same items on this checklist.
Can I get this checklist as a PDF?
Yes — download the printable one-page PDF version (opens in new tab) to score your firm on paper or share with your leadership team.
Want a Second Set of Eyes on Your Answers?
Book a free IT & cybersecurity assessment and we’ll validate your self-assessment against DOL expectations—no obligation.
Book Free IT & Cyber Assessment (opens in new tab)