The continued growth of our digital wholesale services increases productivity and community connectivity across the digital ecosystem. This connectivity offers a range of service opportunities for digital service providers (DSPs), as well as presenting business risks and security implications for us and the Australian community.
The DSP Operational Framework (‘the framework’) is part of our response to these risks, establishing a set of Requirements for DSPs that ensures security and confidence to protect our clients and their data when transacting through software.
The Digital Service Provider Operational Framework Security Questionnaire (DOCX, 895KB) is used by DSPs to demonstrate how a product or service meets the requirements.
All DSPs wanting to use our digital services will need to complete the questionnaire and meet the relevant requirements which can include, but is not limited to:
- Supply chain visibility
- Data hosting
- Personnel security
- Encryption key management
- Security monitoring practices.
The Digital Partnership Office (DPO) will support you to meet the requirements of the framework. For further information and to provide feedback contact the DPO via Online services for DSPsExternal link.
Operational Framework Review 2020
The independent review of the DSP Operational Framework started in June and has now been finalised. Outcomes of the review have been shared with the Operational Framework Review Working Group. The independent review identified 17 recommendations to explore opportunities to improve documentation and technical solutions.
The operational framework review working group has four focus groups commencing in November exploring:
- Fraud Detection & Monitoring
- Supply Chain & Payload Encryption
- Requirements & Lifecycle Management
Outcomes from focus groups will be published on the Software Developer website, with draft changes open to industry consultation. Once finalised DPO will hold an open information session to provide an update.
To develop the framework, a working group contributed to establishing and finalising the scope and implementation approach.
Focus groups assisted in establishing a position on each of the five issues identified during the DSP Operational Framework interim assessment. You can access details on each below:
- Multi-factor authentication focus group
- Certification and assessment focus group
- Onshore-offshore data hosting focus group
- Supply chain and encryption focus group
- Operational Framework working group
You can also access an overview of the positions established by the focus groups.