Open Finance Data Security Standard
OFDSS establishes a common framework for consumer data security, privacy and control that also supports innovation among new and emerging cloud-native, digital finance companies.
Improve data security for the digital finance ecosystem
Establish a strong, auditable framework for early stage, cloud-native companies
Foster innovation
Align with existing enterprise standards
Supporting Companies
Why OFDSS?
The financial services industry is undergoing a broad digital transformation, representing a significant change in how financial services are delivered, and the profile of companies that provide them. Existing data security standards were not designed specifically for modern, cloud-native delivery models or the resource constraints of early stage companies.
OFDSS was created to help raise the bar for data security across the digital finance ecosystem while also continuing to foster innovation. It creates strong, auditable data security guidelines that maintain alignment with common and relevant criteria found in other security frameworks such as SSAE18 TSC for Security and NIST CSF, while providing clear requirements optimized for cloud-native, startups and growth-stage companies.
Featured Documents
What OFDSS Covers
OFDSS establishes 79 individual security requirements across 13 control domains that address common data security risks. These requirements are contextualized with implementation guides, along with audit steps for ensuring compliance. These requirements will address security risks that are commonly encountered by emerging financial technology companies when processing or storing end user information.
Resource Allocation
Asset Management
Access Controls
Change Controls
SOFTWARE DEVELOPMENT LIFE CYCLE (SDLC)
Cryptography
Data Minimization
Auditing and Alerting
Incident Management
Network Security
Awareness and Training
Vendor Management
Independent Testing
Get Involved
The founding supporters of OFDSS welcome feedback and participation from the digital finance ecosystem. If you would like to learn more, contribute feedback to the standard, or apply to join the working committee, please contact us today.