Updated DSP Operational Framework Requirements

Original Published Date
Tax Category
Tax preparation
Business accounting
Investment bodies
Resource Type
Draft information
Guides and instructions

We are seeking your feedback on the updated Digital service provider (DSP) Operational Framework Requirements.

The DSP Operational Framework (the Framework) addresses the shared risks presented by the growth of our digital services across the digital economy.

The requirements have been updated to take into consideration, our key learnings, the experiences of over 200 DSPs working with the Framework, as well as feedback from direct consultation with the superannuation sector.

Key changes include:

  • Guidance provided on multi-factor authentication requirements
  • Refined definition of an in-house DSP
  • Refined scope in the context of large and/or diverse organisations
  • Updated the definition of client hosted to client controlled
  • Alternate controls to protect data at rest (encryption at rest)
  • Intent, examples of evidence and further guidance notes for each requirement

The updated requirements document is available in the ‘Resource Attachments’ below. Email DPO@ato.gov.au by Friday 30 November 5.00pm AEDT, to provide your feedback.

File Size Upload date
DRAFT DSP Operational Framework Requirements (PDF) 447.6 KB 19 Nov 2018

No previous versions available.

Last modified date