Operational framework

This page provides information about our progress in developing the Operational framework and related consultation activities.


With increasing digital services and interactions between the community and government agencies, there is a need for guidance on security and storing client information digitally. Concerns have been raised about the responsibilities of developers, service providers and their clients.

As we provide access to more information through SBR and APIs, and as more clients move to cloud solutions, an Operational framework is being developed with a focus on:

  • registration of developers and service providers requesting access to information, specifications and assistance
  • system and product certification to allow access to our data services
  • the introduction of a monitoring and incident management capability.

The framework will provide guidance on these areas and will be developed in consultation with the software industry.


August 2016

An update was prepared following the discussion at the Technical Working Group (TWG) meeting. The latest version (0.8) of the instructions to assist SWD to complete the security operational questionnaire is now available.

July 2016

The draft minimum Third party products and services minimum security requirement and Third party products and services security policy requirements were shared at the 21 July 2016 Technical working group. Minutes are available.

Action items include:

  1. The ATO to confirm to developers it complied with the minimum security requirements.
  2. ATO General Counsel to advise whether the consultation papers represent a software developer indemnity.
  3. The ATO to publish a summary of the security review outlining the intent behind and recommendations to provide minimum security requirements to software developers.

April 2016

The Operational framework for developers and service providers (PDF, 724kb) is now available. Feedback can be provided to the Software Industry Partnership Office at any time.

Working group members

Consultation with the working group is complete. Broader consultation on specific elements of the framework will occur with the Software industry through the Technical working group and Strategic working group meetings.

Consultation (meetings, seminars, workshops)


  • 21 July – Technical working group
  • 3 March – ATO-SwD Partnership Event – framework discussion
  • 17 February – Phone meeting on proposed certification minimum requirements with working group
  • 19 January – Phone meeting on certification with the working group


  • 17 December – Initial phone meeting on registrations with the working group
  • 25 November – ABSIA representative at ATO workshop in Canberra


 For feedback and questions email Software Industry Partnership Office.