Call Sales: 0845 470 4001Call Support: 0800 130 3365 | Support Portal Login

Securing Peace of Mind for Pension Schemes Trustees with Exponential-e.

Is your scheme ready for the TPR’s new regulation on cyber security?

Protect from cyber threats

Trustees’ duties and obligations
in a new digital world

The obligations and fiduciary duties trustees have to beneficiaries have materially changed with the rise of increasingly interconnected technologies and the proliferation of personal data transfers. This is the new world we work in, and the way we secure critical data must evolve accordingly.

The Pension Regulator’s General Code Of Practice is the foundation to predicate your scheme's strategy upon. An initial internal and external risk GAP analysis and readiness assessment for Cyber Essentials is a natural place to start working towards an accessible, low-cost accreditation for basic IT security. We can help your scheme achieve compliance for sections pertaining to cyber security and IT maintenance within the new General Code of Practice from the Pensions Regulator, working with you and your service providers to deliver a roadmap that protects the IT integrity of your scheme and the individual trustees who run it.

Exponential-e offers support in many other ways - but it must fit your scheme’s specific needs and strategy. We are non-prescriptive in our services and only advocate what is best for your scheme. Having a bespoke blend of appropriate and proportionate IT services, training and risk assessment will help your scheme defend, respond and operate effectively in the new digital world. We can work together, step by step, to mitigate your liability and guard the assets you dutifully protect.

When you are fighting against unknown unknowns and bad actors, it helps to have an experienced eye watching out for you and your beneficiaries.

And we will do just that.

Tools to Secure Your Scheme’s Future

How can you effectively protect yourself in a constantly evolving cyber threat landscape, mitigating liability and the risk of attack? We recommend utilising these five foundational solutions as the basis of your evolving cyber security ecosystem:

 Defend Against Cyber Threats with Exponential-e's Expert Incident Response Service.
A single cyberattack can have devastating consequences, including financial loss, data breaches, and reputational damage
That's why having a robust incident response plan in place is crucial.
Exponential-e offers a comprehensive cyber security incident response service that empowers organisations to effectively manage and mitigate the impact of cyberattacks.
Defend Against Cyber Threats with Exponential-e's Expert Incident Response Service
Exponential-e offers a comprehensive cyber security incident response service that empowers organisations to effectively manage and mitigate the impact of cyberattacks.

Cyber Security Consultancy (Maintenance of IT systems & Cyber Controls)

You should ensure sufficient understanding of your cyber risk.
_The Pensions Regulator

As prescribed by the Pensions Regulator, an initial gap analysis conducted by Exponential-e will help you build a mature risk assessment policy. This will help achieve best practice and deep industry experience around IT risk within your scheme’s internal and external operations and processes. We advocate performing a review to establish where you are today vs. where you need to be, in order to maintain compliance.

For internal aspects, Cyber Essentials is the industry-leading standard for basic cyber security, provided by the NCSC (National Cyber Security Centre). Exponential-e provides a comprehensive readiness assessment, conducted by an IT security expert, ensuring that your scheme will be 100% prepared to pass the Cyber Essentials self-assessment. Externally, we advocate using an industry expert, such as Exponential-e, to audit third parties, evaluating and documenting the risk presented.

Get started today

Consultancy deliverables include:

hover for further details.
ORA (Own Risk Assessment) compliance with TPR

Exponential-e will build a statement of works, tailored to your pension scheme, to identify where cyber security can be improved, aligned to codes ADM15 & ADM16.

hover for further details.
Internal risk mitigation, aligned to the Cyber Essentials accreditation.

Exponential-e will perform a readiness assessment that will prepare the scheme for the Cyber Essentials self-assessment that leads to certification.

hover for further details.
External risk
mitigation via audit of third-party providers.

The Capita breach demonstrated that there is risk to pension schemes within the supplier base. Exponential-e will evaluate how your scheme’s data is being managed and offer advice to mitigate the risk and minimise your personal liability.

hover for further details.
Documentation to support Effective System of Governance (ESOG).

Exponential-e will provide subsequent reports that will form part of your ESOG obligations to the Pensions Regulator.

vCISO & vDPO

If you don’t know where you are going, any road will get your there.
_Lewis Carrol

Schemes manage significant amounts of valuable data that traverses multiple organisations. The Pensions Regulator advises nominating a trustee to serve as a lead on data protection and the wider ramifications for policy, processes and IT security.

Our Virtual Chief Information Security Officer (vCISO) and Virtual Data Protection Officer (vDPO) services offer you direct access to the experience and expertise of a leading cyber security professional, who will take primary responsibility for your scheme’s compliance obligations and provide hands-on support around its data protection challenges, allowing you to stay ahead as new legal and regulatory developments impact your scheme’s operations.

Get started today
 Defend Against Cyber Threats with Exponential-e's Expert Incident Response Service.
A single cyberattack can have devastating consequences, including financial loss, data breaches, and reputational damage
That's why having a robust incident response plan in place is crucial.
Exponential-e offers a comprehensive cyber security incident response service that empowers organisations to effectively manage and mitigate the impact of cyberattacks.
Defend Against Cyber Threats with Exponential-e's Expert Incident Response Service
Exponential-e offers a comprehensive cyber security incident response service that empowers organisations to effectively manage and mitigate the impact of cyberattacks.

The vCISO/vDPO will deliver all the following for your scheme:

hover for further details.
Consult

Achieve and maintain compliance with all the IT and data protection regulations relevant to your scheme.

hover for further details.
Advise

Advise the trustee responsible for data privacy impact assessments, including incident response planning and coordination.

hover for further details.
Act

Act as single point of contact for you, the ICO and your stakeholders.

hover for further details.
Maintain

Maintain comprehensive, accurate records of processing operations.

 Defend Against Cyber Threats with Exponential-e's Expert Incident Response Service.
A single cyberattack can have devastating consequences, including financial loss, data breaches, and reputational damage
That's why having a robust incident response plan in place is crucial.
Defend Against Cyber Threats with Exponential-e's Expert Incident Response Service
Exponential-e offers a comprehensive cyber security incident response service that empowers organisations to effectively manage and mitigate the impact of cyberattacks.

Endpoint Device Security

If the device is smart, it’s vulnerable
_John Chambers (Former Cisco CEO)

The Pensions Regulator stipulates that the trustee responsible for a scheme’s IT is obligated to act to reduce the likelihood of cyber incidents and to detect when an incident occurs. A primary vulnerability of a scheme is the devices its trustees utilise.

Laptops, mobile phones, tablets, and any device that accesses scheme data are gateways for bad actors to execute malicious attacks. Exponential-e will provide the tools to minimise risk through appropriate and proportionate device and security solutions, delivering Peace of Mind as-a-Service to trustees, in compliance with the TPR’s section on Maintenance of IT Systems.

Get started today

Exponential-e’s Endpoint Device Security portfolio will deliver:

hover for further details.
Enterprise-grade device security solutions

Protect your existing laptops, mobile phones, and other devices from unauthorised access and malicious acts. Components of the solutions include multi-factor authentication, threat detection, anti-virus, monitoring and response software that is automatically updated in real-time, with no need for manual intervention.

hover for further details.
Multi-factor authentication

Combine robust passwords and access authorisation via a second device to mitigate the risk of identity theft or social engineering being used to access sensitive data via laptops and mobile devices.

hover for further details.
Laptop-as-a-service solutions

Provision of preconfigured laptops with the appropriate security software preinstalled, after which faults, thefts and losses are managed by Exponential-e, minimising both data loss concerns and administrative burdens, while helping comply with the TPR’s Maintenance of IT systems obligations: “Put a policy in place for maintaining, upgrading, and replacing hardware and software”.

Invest in your organisation's cyber security resilience:  empower your workforce to become a formidable defence against cyber threats.
Invest in your organisation's cyber security resilience: safeguarding your critical data, protecting your reputation.
Invest in your organisation's cyber security resilience.
Invest in your organisation's cyber security resilience:  ensuring business continuity can be maintained at all times.
Invest in Your Organisation's Cyber Security Resilience - empower your workforce to become a formidable defence against cyber threats.

Incident Response

The killer is being surrounded by a web of deduction, forensic science and the latest in technology.
_Inspector Clouseau, The Pink Panther

Cyber security is at the top of the Pensions Regulator’s agenda, and they recently issued guidance on how schemes should respond in the event of a cyber-related incident.

Exponential-e can offer support in the event your scheme is compromised by a cyber-attack, via a fast and effective incident response service. This is needed to establish the impact of the incident on your scheme’s functions and the resulting risk. Having an effective response that is documented and aligned to your scheme’s existing policies and controls can help mitigate personal liability and support effective reporting to the ICO and governing bodies, where required.

Get started today

What services does Incident Response include?

hover for further details.
Preparation

Planning to enable an agile, precise and comprehensive response to a breach.

hover for further details.
Threat containment

Eradication of the threat including support for various types of breach, including ransomware and network intrusion.

hover for further details.
Identification and preservation

Analysis of digital evidence at forensic level, with reporting of any suspected threats.

hover for further details.
Legal standards of e-discovery

Investigation management services, with formal standards of reporting by experts to aid your scheme when dealing with regulatory enforcement action.

hover for further details.
Subject matter expertise during litigation and reporting

Fulfilling data subject requests and responding to other requirements under GDPR and other data protection standards to governing bodies.

IT Security Training

If you know the enemy and know yourself, you need not fear the result of a hundred battles.
_Sun Tzu

IT Security Training is a highly effective option for organisations with a small number of people, but who own and operate high-value assets, such as pension funds.

We offer a universally accessible training course that enables your scheme’s trustees to clearly understand how the technology they use plays a key role in helping secure against the latest cyber threats. The training covers the methods attackers will leverage to exploit your scheme and the best practice to protect against cybercrime and bad actors.

Get started today
Invest in your organisation's cyber security resilience:  empower your workforce to become a formidable defence against cyber threats.
Invest in your organisation's cyber security resilience: safeguarding your critical data, protecting your reputation.
Invest in your organisation's cyber security resilience:  ensuring business continuity can be maintained at all times.
Invest in your organisation's cyber security resilience.
Invest in Your Organisation's Cyber Security Resilience - empower your workforce to become a formidable defence against cyber threats.

We fully tailor each training programme to each scheme:

hover for further details.
Bespoke IT training

Training directly aligned to trustees’ current level of cyber expertise, based on the initial GAP analysis conducted.

hover for further details.
Learn best practice

Training on device security, email security, and how to avoid the common strategies employed by bad actors.

hover for further details.
Phishing e-mail training

The practice of fooling recipients with malicious intent via email

Awareness training that emulates known tactics, techniques, and procedures, with simulations to test users.

hover for further details.
Hacking fundamental training

Training aimed at the scheme’s designated IT lead - Create a better understanding of the holistic threats presented to their scheme and how they can offer effective guidance through both policy and leadership.

ABOUT US

Exponential-e:
Who we are and what we do

The Exponential-e Group has over 62 years of experience, credentials, and capabilities in delivering critical infrastructure to both the public and private sectors. The combined skills and expertise of the three companies now make ‘military-grade’ solutions more accessible and available to our partners, underpinning their own customer solutions.

Exponential-e Cyber Security Heritage

2002

Word-first innovation in connectivity

Core foundation delivering...

  • Your application is as good as your network

  • Your data is as good as your network

  • Your Cloud is as good as your network

2002

2006

The UK's most secure carrier network

2006

Multiple services / true Layer 2/3 services anywhere

Delivering efficiency and enhanced secure data management

2006

2006

Worlds first Virtual Private LAN (VPLS)

Offering the next generation of secure data and application transfer

2010

World-first bandwidth management tool from the Cloud

Manage your application across your network

2010

2010

Your Cloud is only as good as your network

The complementarity of next-generation networks and virtualisation projects

2013

Core network investments

Secure Cloud and data centres

2013

2013

Launch of our 'Clean side of the firewall'

Resolving enterprise data security and privacy issues

2014

Cloud and Network innovation resolves enterprise issues with Cloud adoption

2014

2017

Launch of our Cyber Security product portfolio

2018

24/7 UK-based Cyber Security Operations Centre (CSOC)

2018

2018

BS10012-PIIS standard for data management

2018

Exponential-e approved as HSCN, Stage 3 CNSP, since 2018

2018

2019

DDOS service across our infrastructure

2021

SOC 2 Type 2

2021

2021

Operate within List X facility (Top Secret)

2022

Biggest Cyber Security Vault solution in Europe

2022

2022

All staff background checked . 50+ staff developed, vetted and ten with top secret clearance

Image
Image

Accreditations and Frameworks


Environmental Management
Certificate number: EMS 648194


Environmental Management
Certificate number: EMS 648194


Cloud Security
Certificate number: STAR 6073412


Quality Management
Certificate number: FS 545046


Information Security Management
Certificate number: IS 545047


Service Management
Certificate number: ITMS 562540


Business Continuity Management
Certificate number: BCMS 6073420


2017 Data protection
Certificate number: PIMS 686040

soc-logo.webp
cyber-essentials-plus-logo.webp
pci-dss-compliant2x-8.webp
safecontractor-accreditation.webp

Our Cyber Security Ecosystem

far fa-compass

Cyber Security Advisory

GRC Audit

Virtual Security Teams

Incident Response Preparation

Risk Assessments and Advisory

Regulatory and Compliance

fab fa-connectdevelop

Managed Services

Secure WAN

Secure WAN

Managed DDOS

Managed IPS / IDS

Managed Remote Access

fas fa-desktop

Endpoint Protection

Anti Malware & Device Protection

Asset Cycle Management

Build and Maintenance

Device Encryption

MDM

fas fa-fingerprint

Identity & Access Management

Multi-factor Authentication

Multi-factor Authentication

Access Management

Cloud Access Management

Cloud Access Management

fas fa-cloud-meatball

Cloud Security

Encryption at Rest

Encryption in Transit / Motion

Email Protection

Web Filtering and Protection

Vulnerability Remediation

Cyber Security Advisory

CSOC - Cyber Security Operation Centre

SIEM - Security Incident & Event Management with Forensics & Remediation

Managed Vulnerability Scanning

Threat Monitoring & Intelligence

Simulated Phishing Attacks
with Training & Awareness

Penetration, Red Team
and Purple Team Testing

Get in touch

Applying our customer-first philosophy to the contact centre

Rolling 3 month average. Industry average: 17

Our commitment to delivering excellence

The world’s first real-time NPS - part of our longstanding customer service promise.

Through our own customer service platform, our customers are able to give us feedback quickly and easily, with a click of a button. Our Customer Support teams are immediately notified of feedback so they can respond instantly, in order to quickly closing the loop on any feedback that is less than excellent.

Our Technology Partners

AlienVault
CATO Networks
Cisco
CommVault
Dell
Fortinet
KnowBe4
Mimecast
Microsoft
Netskope
Nokia
Okta
Outpost24
Paloalto
radware
SentinelOne
Sophos
Thales
AlienVault
CATO Networks
Cisco
CommVault
Dell
Fortinet
KnowBe4
Mimecast
Microsoft
Netskope
Nokia
Okta
Outpost24
Paloalto
radware
SentinelOne
Sophos
Thales
Get in touch
Image

GET IN TOUCH

Are you ready to retake control of your cyber security and IT infrastructure?

Fill out the form to schedule your assessment and start building a more resilient, efficient, and secure digital foundation for your business.

Contact Sales: 0845 470 4001
Service & Support: 0800 130 3365
Contact Sales: 0845 470 4001
Service & Support: 0800 130 3365
London Head Office

100 Leman Street, London, E1 8EU

Manchester Office

1 Spinningfields, Quay Street, Manchester, M3 3JE

Sales: 0845 470 4001
Support Portal Login
Service & Support: 0800 130 3365

 

*Calls to 0845 numbers will cost 7p p/m plus your phone company’s access charge. All inbound and outbound calls may be recorded for training or quality purposes.

*Calls to 0845 numbers will cost 7p p/m plus your phone company’s access charge.
All inbound and outbound calls may be recorded for training or quality purposes.