Virginia Retirement System for Employers
Voya Sponsor Web myVRS Navigator
VRS Logo
April 2026
Decorative. A man's professionally dressed torso and hands on the far right are seated at a desk with potted houseplants on the far left. He types on his laptop computer. SUperimposed between him and the screen is a graphic of a page of text with icons and a larger icon of a check mark in a circle with five starts in an arc around the top of the circle. This indicates success.

Each year, employers are required to complete a security review in myVRS Navigator. The review helps ensure that only current, authorized staff have access to employer data and that user contact information remains accurate.

Annual Security Review Timeline

Beginning next month and continuing through the summer, Security Administrators will receive a message from VRS outlining the steps and deadline for completing the annual security review. Once the message is sent, employers have 30 days to complete the online review.

What You’ll Do During the Review

1. Access the security review.

  • Log in to myVRS Navigator.
  • Open the Employer Security Review Workflow from the Work Pool panel.

2. Review non-administrative contacts.

  • In the Contacts panel, inactivate any non-administrative contact who no longer needs system access.
  • Add an end date for roles, if applicable.
  • Select each non-administrative contact and confirm or update demographic information.

3. Review administrative contacts.

  • Review demographic information and all active roles for administrative contacts.
  • If only demographic updates are needed, the Primary Administrative Authority (PAA) may document the changes on organizational letterhead and email them to employersupport@varetire.org.
  • Administrative contacts cannot be inactivated through the online review.

4. Submit certification.

  • Generate and submit the Primary Administrative Authority Certification Form to VRS.

Best Practices to Keep in Mind

  • Although the security review is completed once a year, security best practices require updating roles and contact information as soon as personnel changes occur.
  • Do not share login credentials. Each user must have individual access.
  • To add, replace or inactivate administrative contacts, the PAA must submit a new Authorization of Administrative Contacts (VRS-67A).

Need Help?

April 2026 Articles