The basis of any successful business relationship is trust. But trust isn’t always so easy to build. One way businesses can set the foundation to gain that coveted trust is by adopting relevant Security Compliance frameworks and adhering to regulations which reflect the standards to which the organization holds themselves.
Different verticals employ specific standards and regulations depending on the need – credit card industry players must adhere to PCI-DSS, entities holding personal medical information must meet HIPAA requirements, and now, financial data has the Open Finance Data Security Standard - or for short - OFDSS. (And, oh yeah, we’re excited to share that anecdotes is a supporting member of the OFDSS along with Flinks, MX, Plaid, Truework and additional security Compliance vendors.)
In this blog, we’ll dive into everything you need to know about OFDSS; What it is, what it covers, and what to do to get started.
If your company is looking to grow and be successful in the financial services arena, you know that protection of consumer information is paramount. Chances are, you probably already go to great lengths to keep that information protected (and, if not, um, you should get on that like ASAP). However, companies in this industry were lacking a designated framework, one that would help them communicate their commitment to security and privacy, and enable them to build a foundation of trust with their customers and partners. Until today, that is.
OFDSS is a new common financial data governance framework for consumer data security, privacy, and control, designed to support digital finance companies that handle sensitive information.
The first draft of OFDSS was published in November 2021, and the latest version of the framework (version 1.2) now includes 79 individual security requirements that address common data security risks encountered by scaling financial technology companies when processing or storing sensitive data.
The OFDSS was designed as a living document that will evolve to meet the shifting needs of the industry, so what it covers will inherently change over time. But for now at least, the framework establishes 79 individual security requirements across 13 control domains that address common data security risks encountered by modern, cloud-native digital finance companies. These include Software Development Life Cycle (SDLC), Incident Management, Cryptography, Data Minimization, and more.
The requirements are all contextualized and include implementation guides, along with high-level audit steps for ensuring Compliance with the framework.
If your company deals with sensitive financial data, by now you’ve probably realized that this framework is going to be a key component of your Compliance program going forward – and of anyone else in the Open Finance space, as we want to continue to raise the bar on security Compliance and data protection.
The plan was that initial pilot programs would begin in Q4 of 2022. Lucky for you, if you maintain a mature security Compliance posture, you are likely already meeting the requirements captured in OFDSS so all you need to do is cross-map the new framework’s controls with your existing one. If you are just getting started, OFDSS will help ensure strong, consistent requirements from the beginning.
We are excited about implementing the OFDSS framework with a variety of pilot partners. If you are interested in learning more about how the OFDSS can help you communicate an atmosphere of trust to your clients, you can reach out to one of our experienced team members for a chat.