Security is fundamental to the success of any Open Banking Strategy. All Participants must implement the Open Banking Security Standard and through systematic and disciplined approach, put in place process that helps the them accomplish its business objectives through the proactive identification and assessment of information and technology related risks, the design and implementation of effective risk mitigation policies, strategies and initiatives, and effective continuous monitoring, analysis, and reporting of key risk indicators.
Some of the general principle to be adhered with but not limited to are:
- Align your existing security practices with standard certification bodies such ISO 27001, PCI-DSS, ISO 22301 etc
- Have an effective and functional Security Operational Centre
- Manage third party relationships by applying controls such as non-disclosure agreement, limited access privileges, indemnity, strongly worded contract with security clauses, are applied to administer supplier access to any information processing facilities and asset
- Engagement of competent and proven technical partners to conduct periodic network penetration tests of infrastructure and asset
- Proper incidence handling and response aligned with best practice framework