Protection of consumer information is paramount to any company operating in financial services, and to the financial ecosystem as a whole. We are excited to announce that Pinwheel has joined as a supporting member of the Open Finance Data Security Standard (OFDSS) along with a consortium of leading financial technology and security compliance companies.
In November 2021, the first draft of OFDSS was published, establishing a common framework for consumer data security, privacy and control that also supports innovation among emerging cloud-native, digital finance companies that handle sensitive information. The framework is currently in development with plans to begin initial pilot programs in Q4 of 2022.
A new version of the framework (version 1.2) is updated to include 79 individual security requirements across 13 control domains that address common data security risks. These requirements are contextualized with implementation guides, along with audit steps for ensuring compliance. This update enhances the existing framework with application security controls that secure a company’s software development lifecycle.
Pinwheel is joining as a supporting member of OFDSS alongside other supporting members like fintech infrastructure providers Codat, Flinks, MX, Plaid and Truework, and security compliance companies anecdotes, Drata, Laika, Secureframe, Skyflow, Vanta, and Very Good Security.
As a leading income and employment data API platform and Consumer Reporting Agency we believe that giving consumers control over their financial data, will ultimately lead to a stronger ecosystem in Open Finance. To achieve that vision, every company in the space must continue to raise the bar on security and data protection. OFDSS will help ensure strong, consistent requirements from the beginning.
If you are interested in learning more, please reach out to firstname.lastname@example.org
What does OFDSS cover?
The OFDSS is designed to be a living document that will evolve over time to meet the needs of the industry, incorporate new technology, and mitigate against emerging risks. Currently, it establishes 79 individual security requirements across 13 control domains that address common data security risks encountered by early-stage digital finance companies. The requirements are contextualized with implementation guides, along with high-level audit steps for ensuring compliance.
They are not intended to exhaustively address all data security risks that may be material to any particular organization. However, these requirements address security risks that are commonly encountered by emerging financial technology companies when processing or storing sensitive information. Companies with mature and audited information security programs that have the ability to provide reasonable assurance about the effectiveness of those programs, are likely already meeting the requirements captured in this standard.