What is OFDSS?

  • The Open Finance Data Security Standard (OFDSS) is a next-generation compliance framework pioneered by Plaid, Flinx, Truework, and MX, with contributions from Vanta personnel and support from Vanta and other compliance partners. It will be used to validate that security controls are in place for FinTech organizations that may not be subject to PCI-DSS. In the future, OFDSS compliance will be requested by Plaid in addition to SOC 2 or ISO 27001.

Who should be OFDSS compliant? 

  • Companies that store, process or transmit financial or credit card data
  • Companies that work with organizations like Plaid, Flinx, or Truework
  • FinTech companies for whom PCI is not a good fit, or those that prefer to adopt a modern security framework that isn’t tied to credit card processing

What is the timeline for OFDSS compliance?

  • Preparation will likely be 40 hours of prep time for each standard and 40 hours for compliance attestation. 

What can Vanta automate? 

  • Tests
  • Document requests 

Does OFDSS require a formal audit? 

  • OFDSS is a new standard. A formal certification scheme has not been developed. Organizations who adopt OFDSS can either self-attest, utilize Vanta Trust Reports, or can engage one of Vanta’s audit partners to perform a third-party attestation.