Achieve OFDSS Compliance
Secureframe can help you achieve OFDSS compliance
OFDSS: Raise the bar for security in the Fintech ecosystem
The Open Finance Data Security Standard (OFDSS) is a framework of requirements that address the security risks most commonly encountered by emerging fintech companies that handle sensitive information. This new data standard was created to take modern, cloud-native delivery models into account, with auditable data security guidelines that maintain alignment across common criteria found in SSAE18 TSC for Security and NIST CSF.
OFDSS Compliance Involves:
- Identifying and mitigating material security risks pertaining to systems, infrastructure, networks, business operations, and vendors
- Inventorying and assigning accountability to all hardware and software assets relevant to the service
- Provisioning and deprovisioning system access based on the principle of least privilege
- Enforcing a formal change management process for governing software and application-related changes
- Encrypting sensitive data-in-transit and at-rest
- Retaining and deleting sensitive data in accordance with legal, regulatory, and contractual obligations
- Collecting keys system and user logs, monitoring on key metrics, alerting on suspicious events, and responding to incidents
- Segmenting trusted and untrusted networks and implementing network safeguards
- Training personnel on security basics such as social engineering and phishing
How it works
OFDSS compliance involves 60+ security requirements across 12 control domains that address common data security risks. We simplify the process into a few key steps by automating security requirements and providing a step-by-step process to meet multiple operational controls. Our platform can save you time automating compliance while upholding best-in-class OFDSS standards.