| Determine which data types are exposed by APIs and categorize accordingly. Ensure non-essential consumer profile data is not released. Ensure contracts restrict the usage of consumer data to agreed scenarios. Confirm TPP access is restricted to functions in their permissions matrix Design groupings for object permissions (if required) e.g. Lender's Profile may contain permissions for statements and balances only, Trader's profile may include payments and balances, but restrict statements. Ensure compliance with NDPR, 2019
| | |
| Create the consent management data structure including Authentication, Authorizations and audit trail structures. Ensure consumer data access is based on authorized features as well as TPP permissions Design and Implement strong authentication channels according to desired flows and risk polices. At least one channel should be implemented. Implement user-channel options for controlling TPP access. Implement transcript reporting
| | |
| Obtain ISO 9001 and 27001 certifications or equivalent accreditations.
| | |
| Implement OBN general data security requirements including network DMZ, SSL certificates and secure file share channels.
| | |
| | | |
| Create OLTP and OLAP processing systems with synchronization process and redundancies Audit database structures to ensure compliance with ownership framework Ensure non-essential and verbose information are limited especially in OLTP systems to reduce processing overhead. Configure retention policies for transactional, consent, audit and configuration records in line with indicated standards.
| | |
| Comply with the data security guidelines enumerated above.
| | |
