Achieve OFDSS Compliance

Secureframe can help you achieve OFDSS compliance

hero-image
G2 Crowd

G2 Crowd

Capterra

Capterra

Global InfoSec Awards

Global InfoSec Awards

Product Hunt

Product Hunt

Software Advice

Software Advice

OFDSS: Raise the bar for security in the Fintech ecosystem

The Open Finance Data Security Standard (OFDSS) is a framework of requirements that address the security risks most commonly encountered by emerging fintech companies that handle sensitive information. This new data standard was created to take modern, cloud-native delivery models into account, with auditable data security guidelines that maintain alignment across common criteria found in SSAE18 TSC for Security and NIST CSF.

OFDSS Compliance Involves:

  • Identifying and mitigating material security risks pertaining to systems, infrastructure, networks, business operations, and vendors
  • Inventorying and assigning accountability to all hardware and software assets relevant to the service
  • Provisioning and deprovisioning system access based on the principle of least privilege
  • Enforcing a formal change management process for governing software and application-related changes
  • Encrypting sensitive data-in-transit and at-rest
  • Retaining and deleting sensitive data in accordance with legal, regulatory, and contractual obligations
  • Collecting keys system and user logs, monitoring on key metrics, alerting on suspicious events, and responding to incidents
  • Segmenting trusted and untrusted networks and implementing network safeguards
  • Training personnel on security basics such as social engineering and phishing
compliance-involves