Updated DSP Operational Framework Requirements

Original Published Date: 

19/11/2018 - 02:30pm


  • Current

Tax Category: 

  • Payroll
  • Tax preparation
  • Business accounting
  • Superannuation
  • Investment bodies

Resource Type: 

  • Draft information
  • Guides and instructions


We are seeking your feedback on the updated Digital service provider (DSP) Operational Framework Requirements.

The DSP Operational Framework (the Framework) addresses the shared risks presented by the growth of our digital services across the digital economy.

The requirements have been updated to take into consideration, our key learnings, the experiences of over 200 DSPs working with the Framework, as well as feedback from direct consultation with the superannuation sector.

Key changes include:

  • Guidance provided on multi-factor authentication requirements
  • Refined definition of an in-house DSP
  • Refined scope in the context of large and/or diverse organisations
  • Updated the definition of client hosted to client controlled
  • Alternate controls to protect data at rest (encryption at rest)
  • Intent, examples of evidence and further guidance notes for each requirement

The updated requirements document is available in the ‘Resource Attachments’ below. Email DPO@ato.gov.au by Friday 30 November 5.00pm AEDT, to provide your feedback.

Resource Attachments

All Versions

   No previous versions available.