Skip to main content

Your browser is out of date, and unable to use many of the features of this website

Please upgrade your browser.


This website requires cookies. Your browser currently has cookies disabled.

IT functionality and maintenance

Functionality of IT systems

CDC code in force: 1 August 2022

The Regulations set out the matters we must take into account in deciding whether we are satisfied that a CDC scheme has sufficient IT systems to ensure that it is run effectivelyIF1. This applies to both the systems and processes and member communications authorisation criteria.

System functionality is important as it provides a basis for good administration and ensuring that members receive the correct benefits at the right time. It will be difficult for us to be satisfied that a scheme has sufficient IT systems to ensure it is run effectively if the required functionality is not in place and its effective use cannot be demonstrated.

We are more likely to be satisfied where the IT system has the following features:

Requirement Matters more likely to satisfy TPR

Transactions and annual events

  • The IT system can process transactions and annual events automatically and securely. Transactions include the processing of leavers, retirements, deaths and transfers. Annual events include the annual adjustment exercise and benefit statements.
  • The system can reconcile data against transactions and annual exercises.
  • The system can increase and reduce target and inpayment benefits on an annual basis.
  • There is a process for rectifying errors.
  • The administration system has segregated duties, with a junior level of clearance to input data and request payments or benefit changes, and a senior level to authorise changes and transactions.
  • The administration system has authorisation levels to prevent payments of certain sizes exceeding those allowed by the trustee mandate.

Member records

  • The IT system can record members’ benefits correctly, including:
    • basic member information; name, date of birth, address, pensionable service, pensionable salary, dependants’ information
    • all contributions
    • full record of target accrual and annual adjustments
    • full record of pension payments and annual adjustments
    • full record of periodic income during wind-up and adjustments made
  • Details of payments made into or out of the scheme including transfers, deaths and divorce. The IT system can extract the necessary data for the annual valuation using automated routines, including the ability to check data quality.
  • The IT system is capable of providing complete and accurate data to the Pensions Dashboards.
Administration system payments
  • The default is for all payments into and out of the scheme to be made electronically, and manual payments are made by exception.
  • The IT system can make monthly pension payments and calculate and deduct tax.
Member communications
  • The IT system can produce member communications automatically, including individual transactions and annual exercises.
  • The system can record members’ communication preferences.

Maintenance of IT systems

Having put the appropriate functionality in place, it is important that the IT system is maintained to reflect the scheme’s current needs and legal requirements, including the need to protect data appropriately. We are more likely to be satisfied where:

Requirement Matters more likely to satisfy TPR

Planning for change

  • Evidence is provided of how known changes to the system are planned and executed, and this is reflected in the governance plans, risk framework and estimates of costs for running the scheme.
  • If there is no system functionality in place at authorisation to calculate benefits under continuity option 1, evidence is provided on how and when this functionality will be developed and the costs of doing so. We will expect that the development of this functionality would not delay the progress of continuity option 1.
  • Evidence is provided to show that the system can be updated.
  • There is a robust methodology for releasing changes to systems, along with a portfolio of ongoing change to systems for a rolling five-year period.
  • There is an IT process for making scheduled and known changes, including annual updates and changes in tax thresholds.
  • There are adequate and sufficient resources, with appropriate skills, to carry out the work.
  • The IT system can meet the expected physical system requirements and the scheme has the funds to meet those requirements.
  • There are plans for how planned and potential future upgrades can be managed in the administration system and the trustees are satisfied that the system can be upgraded to meet the needs of the scheme.
  • There is a policy for maintaining, upgrading, and replacing hardware and software, and this is accounted for in the costs of running the scheme.

Protecting data

  • There are cyber-defence strategies, including firewalls and intrusion detection systems.
  • There are procedures and protocols for governance, identifying risks and breaches, and responding to cyber incidents.
  • There are roles assigned to manage these protocols and procedures.
  • Scheme, member and communications data are backed up at least daily, with backup servers at an external location and an offline backup.
  • There is a disaster recovery process with roles assigned, which is tested every six months.

Legal reference

IF1 Regulation 14 and Schedule 5 to the Regulations