What is OFDSS?
- The Open Finance Data Security Standard (OFDSS) is a next-generation compliance framework pioneered by Plaid, Flinx, Truework, and MX, with contributions from Vanta personnel and support from Vanta and other compliance partners. It will be used to validate that security controls are in place for FinTech organizations that may not be subject to PCI-DSS. In the future, OFDSS compliance will be requested by Plaid in addition to SOC 2 or ISO 27001.
Who should be OFDSS compliant?
- Companies that store, process, or transmit financial or credit card data
- Companies that work with organizations like Plaid, Flinx, or Truework
- FinTech companies for whom PCI is not a good fit or those that prefer to adopt a modern security framework that isn’t tied to credit card processing
What is the timeline for OFDSS compliance?
- Preparation will likely be 40 hours of prep time for each standard and 40 hours for compliance attestation.
What can Vanta automate?
- Document requests
Does OFDSS require a formal audit?
- OFDSS is a new standard. A formal certification scheme has not been developed. Organizations adopting OFDSS can either self-attest, utilize Vanta Trust Reports, or engage one of Vanta’s audit partners to perform a third-party attestation.