The basis of any successful business relationship is trust. But trust isn’t always so easy to build. One way businesses can set the foundation to gain that coveted trust is by adopting relevant Security Compliance frameworks and adhering to regulations which reflect the standards to which the organization holds themselves.
Different verticals employ specific standards and regulations depending on the need – credit card industry players must adhere to PCI-DSS, entities holding personal medical information must meet HIPAA requirements, and now, financial data has the Open Finance Data Security Standard - or for short - OFDSS. (And, oh yeah, we’re excited to share that anecdotes is a supporting member of the OFDSS along with Flinks, MX, Plaid, Truework and additional security Compliance vendors.)
In this blog, we’ll dive into everything you need to know about OFDSS; What it is, what it covers, and what to do to get started.
What is OFDSS?
If your company is looking to grow and be successful in the financial services arena, you know that protection of consumer information is paramount. Chances are, you probably already go to great lengths to keep that information protected (and, if not, um, you should get on that like ASAP). However, companies in this industry were lacking a designated framework, one that would help them communicate their commitment to security and privacy, and enable them to build a foundation of trust with their customers and partners. Until today, that is.
OFDSS is a new common framework for consumer data security, privacy, and control, designed to support digital finance companies that handle sensitive information.
The first draft of OFDSS was published in November 2021, and the latest version of the framework (version 1.2) now includes 79 individual security requirements that address common data security risks encountered by scaling financial technology companies when processing or storing sensitive data.
What does OFDSS cover?
The OFDSS was designed as a living document that will evolve to meet the shifting needs of the industry, so what it covers will inherently change over time. But for now at least, the framework establishes 79 individual security requirements across 13 control domains that address common data security risks encountered by modern, cloud-native digital finance companies. These include Software Development Life Cycle (SDLC), Incident Management, Cryptography, Data Minimization, and more.
The requirements are all contextualized and include implementation guides, along with high-level audit steps for ensuring compliance with the framework.
Sounds great - how do we get started?
If your company deals with sensitive financial data, by now you’ve probably realized that this framework is going to be a key component of your Compliance program going forward – and of anyone else in the Open Finance space, as we want to continue to raise the bar on security Compliance and data protection.
The framework is currently in development with plans to begin initial pilot programs in Q4 of 2022. Lucky for you, if you maintain a mature security Compliance posture, you are likely alreading meeting the requirements captured in OFDSS so all you need to do is cross-map the new framework’s control’s with your existing one. If you are just getting started, OFDSS will help ensure strong, consistent requirements from the beginning.
As Q4 is just around the corner, we are getting excited about implementing the OFDSS framework with a variety of pilot partners. If you are interested in learning more, you can find additional information here or you can reach out to us.
About the author
Take the Leap and Enjoy Smart Compliance
Get started with anecdotes in minutes.
