Member Update 6th December 19
Written on 05/12/2019


What age did the Centre for Social Justice report on the Future of Work propose the state pension age should rise to by 2035?

a) 75

b) 85

c) 70

d) 69

The correct answer is A.

FCA and PRA create self-assessment questionnaire on cyber resilience

On 21 November 2019, the FCA published a self-assessment questionnaire (CQUEST) relating to firms' cyber resilience capability. See download 

The questionnaire was created jointly by the FCA and PRA to help them and the firms themselves to understand their cyber capability at a high level. It consists of multiple-choice questions such as:

  • Whether the firm has a board-approved cyber security strategy.
  • How the firm identifies and protects its critical assets.
  • How the firm detects and responds to an incident, recovers the systems and learns from the experience.

it’s a good working document, and IFA firms worried about Cyber crime might do well to work through it, even though it is designed for bigger firms.  But large amounts make you feel decidedly uncomfortable, for a world based on the cloud.  

IFAC use Microsoft, BAT, Xero and HMRC and bank log ins to run our life.  All of these are applications over which we have little or no control.  Our data is provided to them and we trust their security.  Equally they too use hosting servers based elsewhere.  Ask Microsoft where your information is stored, and you’ll be shown the door. 

Its complex stuff, but not really our problem.  BAT’s policy on security is neatly compiled here but we too are only software developers, and we have no server room holding your data – no – it goes to a data centre with our host ISP.  

BAT is a private application, completely inaccessible without the right credentials and permissions. It is known as Software as a Service SaaS. That means we do not operate a platform, do not have the infrastructure of server rooms and do not store your information on site. A third-party provider hosts applications and BAT writes the code-script.

The risk likes in these underground bunkers and getting to the truth about how they are managed is a little bit like doing a risk assessment on your flight to Malaysia.  You can study the Boeing manuals all day long, but you’re unlikely to find that killer fault that forced the plan to descend into the sea.  We trust Boeing, and you’ll need to trust BAT that we take the right precautions on your data security.  But if you want to find out, see here 

We have tried to write it in the most understandable way, which brings me back to the unintelligible questionnaire at the start of this article.  Questions designed and delivered by staff with little knowledge of developing – most unsatisfactory.

All news