Operational Framework

The growth of our digital wholesale services increases productivity and community connectivity across the digital economy. This connectivity presents a range of service opportunities, business risks and security implications for the organisation and the Australian community.

The Operational Framework is part of our response to these risks and establishes how we will provide access to and monitor the digital transfer of data through software.

We have developed an interim assessment approach to provide us the confidence and certainty we need of your products. This assessment is multi-dimensional and takes into account the risk of each API against the level of confidence we have in the consumer of that API. It also establishes the obligation for joint security monitoring. The Operational Framework questionnaire (DOCX, 38.7KB) is a key part of this assessment and needs to be completed by digital service providers (DSPs) wanting to consume our services.

Refer to the Operational Framework information pack (PPTX, 438KB) for more information.


Consultation enables us to collaborate with you in developing the elements of the Operational Framework.

We want to ensure the requirements for using our services are practical but sufficiently protect the integrity of the taxation and superannuation system.

Our consultation groups for the Operational Framework include:

See also:

Latest news

24 October 2017

We have recently updated the ATO Service registry (SR) on sbr.gov.au to include a 'Risk profile' section where services have been allocated to the appropriate risk category.

Categorisation is based on the characteristics and potential fraud that could occur through consumption of each of our services and include:

  • P - pending
  • 1 - no risk
  • 2 - low risk
  • 3 - medium risk
  • 4 - high risk

These risk categories are used as part of our interim assessment for digital service providers wanting to consume our services.

August 2017

Since September 2016, work has been underway to develop the elements of the framework. We are currently working closely with a number of digital service providers, industry associations and across Government to address five issues identified through our interim assessment:

  • Registration and assessment (including transitioning digital service providers to the updated process)
  • Multi-factor authentication.
  • Onshore/offshore hosting arrangements.
  • Supply chain visibility.
  • Encryption in transit.

We are working with ABSIA and other industry associations on ensuring our requirements are practical but sufficiently protect the integrity of the taxation and superannuation system.

Contact us

For further information and to provide feedback email the DPO mailbox.