![hero-two-bg](/_next/image?url=%2Fimages%2Fhero-two-bg.jpg&w=3840&q=75)
Achieve OFDSS Compliance
Secureframe can help you achieve OFDSS compliance
![hero-image](https://images.prismic.io/secureframe-com/0dd1253b-1719-4ebd-9207-99cf8261c222_Hero%402x.png?auto=compress%2Cformat&fit=max&w=3840)
OFDSS: Raise the bar for security in the Fintech ecosystem
The Open Finance Data Security Standard (OFDSS) is a framework of requirements that address the security risks most commonly encountered by emerging fintech companies that handle sensitive information. This new data standard was created to take modern, cloud-native delivery models into account, with auditable data security guidelines that maintain alignment across common criteria found in SSAE18 TSC for Security and NIST CSF.
OFDSS Compliance Involves:
- Identifying and mitigating material security risks pertaining to systems, infrastructure, networks, business operations, and vendors
- Inventorying and assigning accountability to all hardware and software assets relevant to the service
- Provisioning and deprovisioning system access based on the principle of least privilege
- Enforcing a formal change management process for governing software and application-related changes
- Encrypting sensitive data-in-transit and at-rest
- Retaining and deleting sensitive data in accordance with legal, regulatory, and contractual obligations
- Collecting keys system and user logs, monitoring on key metrics, alerting on suspicious events, and responding to incidents
- Segmenting trusted and untrusted networks and implementing network safeguards
- Training personnel on security basics such as social engineering and phishing
![compliance-logo](https://images.prismic.io/secureframe-com/509a9870-c042-43e8-b560-8238f64c054d_Comply-Benefits-Compliance%402x.png?auto=compress%2Cformat&fit=max&w=3840)
How it works
OFDSS compliance involves 60+ security requirements across 12 control domains that address common data security risks. We simplify the process into a few key steps by automating security requirements and providing a step-by-step process to meet multiple operational controls. Our platform can save you time automating compliance while upholding best-in-class OFDSS standards.