# Security-Readiness Checklist
| Category | Requirement | Required | Recommended |
| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------- |
| Data Ownership | - Determine which data types are exposed by APIs and categorize accordingly.
- Ensure non-essential consumer profile data is not released.
- Ensure contracts restrict the usage of consumer data to agreed scenarios.
- Confirm TPP access is restricted to functions in their permissions matrix
- Design groupings for object permissions (if required) e.g. Lender's Profile may contain permissions for statements and balances only, Trader's profile may include payments and balances, but restrict statements.
- Ensure compliance with NDPR, 2019
| AP, TPP |
|
| Consent Framework | - Create the consent management data structure including Authentication, Authorizations and audit trail structures.
- Ensure consumer data access is based on authorized features as well as TPP permissions
- Design and Implement strong authentication channels according to desired flows and risk polices. At least one channel should be implemented.
- Implement user-channel options for controlling TPP access.
- Implement transcript reporting
| AP, TPP |
|
| General Requirements | - Obtain ISO 9001 and 27001 certifications or equivalent accreditations.
| AP | TPP |
| Transport Security | - Implement OBN general data security requirements including network DMZ, SSL certificates and secure file share channels.
| AP, TPP |
|
| Endpoint Security | | AP, TPP |
|
| Data Storage | - Create OLTP and OLAP processing systems with synchronization process and redundancies
- Audit database structures to ensure compliance with ownership framework
- Ensure non-essential and verbose information are limited especially in OLTP systems to reduce processing overhead.
- Configure retention policies for transactional, consent, audit and configuration records in line with indicated standards.
| AP, TPP |
|
| Data Security | - Comply with the data security guidelines enumerated above.
| AP, TPP |
|
\
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.openbanking.ng/standard/security-framework/security-readiness-checklist.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.