Open Finance Data Security Standard (OFDSS)

Open Finance Data Security Standard

OFDSS establishes a common framework for consumer data security, privacy and control that also supports innovation among new and emerging cloud-native, digital finance companies.

Improve data security for the digital finance ecosystem

Establish a strong, auditable framework for early stage, cloud-native companies

Foster innovation

Align with existing enterprise standards

Supporting Companies

Anecdotes Logo
Codat Loto
Drata Logo
Flinks Logo
Laika Logo
MX Logo
Pinwheel logo
Plaid Logo
Secureframe Logo
Skyflow Logo
Truework Logo
Vanta Logo
Very Good Security

Why OFDSS?

The financial services industry is undergoing a broad digital transformation, representing a significant change in how financial services are delivered, and the profile of companies that provide them. Existing data security standards were not designed specifically for modern, cloud-native delivery models or the resource constraints of early stage companies. 

OFDSS was created to help raise the bar for data security across the digital finance ecosystem while also continuing to foster innovation. It creates strong, auditable data security guidelines that maintain alignment with common and relevant criteria found in other security frameworks such as SSAE18 TSC for Security and NIST CSF, while providing clear requirements optimized for cloud-native, startups and growth-stage companies.

Featured Documents

New V1.2 (updated)
Complete this form to receive the OFDSS.

What OFDSS Covers

OFDSS establishes 79 individual security requirements across 13 control domains that address common data security risks. These requirements are contextualized with implementation guides, along with audit steps for ensuring compliance. These requirements will address security risks that are commonly encountered by emerging financial technology companies when processing or storing end user information.

Resource Allocation

Asset Management

Access Controls

Change Controls

SOFTWARE DEVELOPMENT LIFE CYCLE (SDLC)

Cryptography

Data Minimization

Auditing and Alerting

Incident Management

Network Security

Awareness and Training

Vendor Management

Independent Testing

Slide
Trust is essential in the banking industry. Accordingly, data security is at the heart of the open finance ecosystem. The OFDSS plays an important role in supporting the creation and adoption of new services by providing a clear and rigorous security framework for market participants to follow. This is to the benefit of banks, fintechs, and the customers they serve.
Kieran Hines
Principal Analyst, Celent
Celent
Slide
OFDSS showcases our financial technology leaders' unwavering focus on consumers as the world of finance continues to evolve. We are proud to support this initiative, which will both modernize consumer data protection guidance and foster innovation among early- and growth-stage digital finance companies. This type of forward-thinking industry collaboration is essential to ensure we are positively shaping the future of finance.
Penny Lee
CEO, Financial Technology Association
FTA Financial Technology Association
Slide
The industry is rallying around OFDSS because it will help raise the bar for data security in the fintech ecosystem at a time when the pace of innovation is accelerating. It provides a strong framework that helps fintechs improve security while enabling innovation, gives banks reassurance about the companies connecting to their APIs, and, most importantly, helps protect consumers.
Shano Fonseka
Head of Risk, Plaid
Plaid
Slide
Vanta
Today, companies that store sensitive data must navigate a labyrinth of best practices, choose which ones to implement, and hope they are correct. OFDSS distills these confusing norms into clear guidelines that are easy to understand and simple to check. Vanta is excited to partner on this initiative because we believe that rules like these are the best way to improve and prove security – making everyone safer in the process.
Robbie Ostrow
Founding Engineer, Vanta
Vanta
Slide
Vanta
The sensitive nature of financial data makes building customer trust a major challenge for many companies. Yet frameworks like PCI-DSS have proven that industry-accepted standards can become the key to gaining and maintaining that trust in today’s security-conscious world. OFDSS is going to be a game changer in building a foundation of trust and we are glad that our customers will now be able to leverage their data through the anecdotes Compliance OS to do so.
Yair Kuznitsov
Co-founder and CEO, anecdotes
anecdotes
Slide
Vanta
Defining a cross-industry standard for data security is a critical part of ensuring Open Finance develops in a way that is fit for purpose and works to the benefit of small businesses. It’s refreshing to see that this standard has been created for the modern age. Rather than outdated requirements around on premise data management and other irrelevant controls, OFDSS focuses on the most important security considerations for a cutting edge financial technology firm.
Dave Hoare
CTO and Co-founder, Codat
anecdotes
Slide
Vanta
Skyflow built a data privacy vault so that companies can tackle privacy, security, and compliance without sacrificing utility or innovation. The fintech industry evolves at such a rapid pace, and we designed Skyflow to help fintechs prioritize the privacy of PII and sensitive payments data in a way that’s effective and intentional. OFDSS shares our vision of better privacy standards for the entire industry, and we’re looking forward to working together to help make that a reality.
Anshu Sharma
CEO, Skyflow
Skyflow
Slide
Vanta
Very Good Security (VGS) is proud to be a supporting member of the new Open Finance Security Standard (OFDSS) consortium. As serial fintech entrepreneurs in the payment and compliance space, VGS’ business foundation was built on the imperative need companies have for securing sensitive data. Raising the bar on security with these new security controls will expand innovation, enhance trust and establish a baseline for ensuring trusted parties in the fintech ecosystem.
Mahmoud Abdelkader
Co-founder and CEO, Very Good Security
Very Good Security
Slide
Vanta
At Pinwheel, security is at the core of what we do. We are excited to support the OFDSS, which will bolster security control guidance and foster innovation in the fintech space. OFDSS focuses on the most important security considerations for cloud-native fintechs and provides clear guidance that's easy to understand and audit.
Jeff Hudesman
Chief Information Security Officer, Pinwheel
pinwheel logo
previous arrow
next arrow

Articles

Get Involved

The founding supporters of OFDSS welcome feedback and participation from the digital finance ecosystem. If you would like to learn more, contribute feedback to the standard, or apply to join the working committee, please contact us today.