# Security Given that the requests concern the entirety of a person's personal information within an organisation, the Open Data Rights API must be secure without question. To support continuous guarantees on security, practices need to be established in this area. Firstly, the security of the current proposal must be proven. Correspondingly, we strongly encourage a security audit to be completed in the near future. We consider this essential before a definitive v1 release is made. After completion, learnings should be incorporated in the further development process. Further, continuous security audits should be a regular staple of this development process. Secondly, a process needs to be established where critical vulnerabilities can be (confidentially) accepted and addressed within the smallest frame of time. This goes beyond a GitHub issues checklist for serious security issues. Secure infrastructure for this communication must be setup and monitored. Additionally, manpower must be made available to verify and accommodate these issues. Thirdly, common implementations on both front- and back-end should be regularly tested and scrutinised for particular implementation or security faults. We encourage the Data Rights API to not only take responsibility for specification, but implementations as well. These practices should increase the security of the ecosystem at large. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://whitepaper.open-data-rights.org/future-considerations/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.