LogoLogo
  • Introduction
  • Terms and Definitions
    • Terms And Definitions
  • Integration And Certification
    • Third-Party Provider Integration
    • Account Provider Certification
      • Pre-production Setup
      • Production Ready
      • Sandbox Testing
  • Developer Center
    • Open Banking API
    • API Architecture
    • Messaging Standard
    • Performance Monitoring
    • Hashmaps and Lookups
  • Open Banking Standard
    • Standard
  • Operational Guideline
    • Overview
    • Service Management
    • Front-Office
    • Back-Office
    • Operations-Readiness Checklist
  • Customer Experience
    • Overview
    • Authorization
    • Mobile App Interface Guidelines
  • Security Framework
    • Overview
    • Security-Readiness Checklist
    • Data Management and Exchange
    • Securing Consumer Information
  • References
    • References
Powered by GitBook
On this page
  1. Security Framework

Security-Readiness Checklist

Category
Requirement
Required
Recommended

Data Ownership

  • Determine which data types are exposed by APIs and categorize accordingly.

  • Ensure non-essential consumer profile data is not released.

  • Ensure contracts restrict the usage of consumer data to agreed scenarios.

  • Confirm TPP access is restricted to functions in their permissions matrix

  • Design groupings for object permissions (if required) e.g. Lender's Profile may contain permissions for statements and balances only, Trader's profile may include payments and balances, but restrict statements.

  • Ensure compliance with NDPR, 2019

AP, TPP

Consent Framework

  • Create the consent management data structure including Authentication, Authorizations and audit trail structures.

  • Ensure consumer data access is based on authorized features as well as TPP permissions

  • Design and Implement strong authentication channels according to desired flows and risk polices. At least one channel should be implemented.

  • Implement user-channel options for controlling TPP access.

  • Implement transcript reporting

AP, TPP

General Requirements

  • Obtain ISO 9001 and 27001 certifications or equivalent accreditations.

AP

TPP

Transport Security

  • Implement OBN general data security requirements including network DMZ, SSL certificates and secure file share channels.

AP, TPP

Endpoint Security

  • Enforced on API

AP, TPP

Data Storage

  • Create OLTP and OLAP processing systems with synchronization process and redundancies

  • Audit database structures to ensure compliance with ownership framework

  • Ensure non-essential and verbose information are limited especially in OLTP systems to reduce processing overhead.

  • Configure retention policies for transactional, consent, audit and configuration records in line with indicated standards.

AP, TPP

Data Security

  • Comply with the data security guidelines enumerated above.

AP, TPP

PreviousOverviewNextData Management and Exchange

Last updated 3 years ago