This document provides guidelines for a security framework to address the implementation of security mechanisms in technical infrastructures designed for the provision of third-party payment (TPP) services in order to achieve the security objectives defined in ISO 23195. The security framework is intended to protect critical systems and objects within the TPP system environment, either under the direct control of the third-party payment service provider (TPPSP) or by another entity (e.g. a bank).

This document is applicable to the provision of any TPP service, including:

—     the TPP logical structural model;

—     the definition of the security framework;

—     the design principles, responsibilities and functional recommendations to support the security mechanism;

—     guidelines for applying the security framework defined in this document.