The continued growth of our digital wholesale services increases productivity and community connectivity across the digital ecosystem. This connectivity offers a range of service opportunities for digital service providers (DSPs), as well as presenting business risks and security implications for us and the Australian community.
The DSP Operational Framework (‘the framework’) is part of our response to these risks, establishing a set of Requirements for DSPs that ensures security and confidence to protect our clients and their data when transacting through software.
The Digital Service Provider Operational Framework Security Questionnaire (DOCX, 895KB) is used by DSPs to demonstrate how a product or service meets the requirements.
All DSPs wanting to use our digital services will need to complete the questionnaire and meet the relevant requirements which can include, but is not limited to:
- Supply chain visibility
- Data hosting
- Personnel security
- Encryption key management
- Security monitoring practices.
The Digital Partnership Office (DPO) will support you to meet the requirements of the framework. For further information and to provide feedback contact the DPO via Online services for DSPs or by emailing DPO@ato.gov.au.
The DSP Operational Framework has been in place now for almost three years, with a number of small changes implemented during this time. It is important the framework continues to evolve to keep pace with the rapid growth of the digital ecosystem and more importantly respond to the increased cybercrime and fraud activities.
In June 2020, we commenced a review of the framework to identify opportunities for improvement. The review will consider the current digital environment and scope of the framework, with an additional focus on customer identification practices of you and your clients. Initially our external consultant will undertake investigations including seeking insights from a sample of industry representatives and provide us with recommendations.
In July 2020 we will hold a range of consultation sessions to discuss the proposed recommendations including small focus groups and open information sessions. If you would like to participate in the focus group discussions, submit an expression of interest for the Operational Framework review.
To develop the framework, a working group contributed to establishing and finalising the scope and implementation approach.
Focus groups assisted in establishing a position on each of the five issues identified during the DSP Operational Framework interim assessment. You can access details on each below:
- Multi-factor authentication focus group
- Certification and assessment focus group
- Onshore-offshore data hosting focus group
- Supply chain and encryption focus group
- Operational Framework working group
You can also access an overview of the positions established by the focus groups.