The Digital Service Provider (DSP) Operational Security Framework (OSF) seeks to protect taxation, accounting, payroll, business registry and superannuation related data and the integrity of the Taxation, Business Registry and Superannuation systems that support the Australian community.
This is achieved by setting out a minimum level of security requirements a DSP needs to meet to access ATO digital services that perform a functional role in the supply chain.
The DSP OSF has been established to respond to business risks and security threats presented by the continual expansion and growth of digital services across the ecosystem and will continue to evolve to respond to new and emerging risks.
The DSP OSF is a response to known examples of:
- information misuse (including identity theft, personal gain, or commercial advantage)
- financial system misuse (including tax refund fraud)
- destructive cyber behaviour (including individual or system hacks).
If you want to use our API’s or digital services you will need to complete and submit a DSP OSF Security Questionnaire (DOCX, 768KB).
Should you need help completing the questionnaire, or if you have questions about the requirements, you can contact the Digital Partnership Office (DPO) via Online services for DSPs.
Find out more
- Scope of the DSP Operational Security Framework
- Meeting the requirements
- Maintaining compliance
- Data breaches
- Requirements for products and services
- Further guidance on requirements
- Digital Service Provider Operational Security Framework Questionnaire (DOCX, 768KB)
- Australian Cyber Security Centre
- API risk ratings
- Australian Prudential Regulation Authority
- Essential 8
- Information Security Manual
- ISO standards
- OIAC Breach Notification
- Online services for DSPs
- Security Standard for Add-on Marketplaces (SSAM)
- SSL Labs
- Using our services