Following the recent review of the Operational Security Framework (OSF) DSPANZ, together with the ATO, will begin the first review of the
Security Standard for Add-on Marketplaces (SSAM).
The review will consist of a minimum three ninety minute workshops across August and September. Following the review, we will aim to host an industry playback session in mid October. Catch up on the SSAM webinar held at Webinar Week here. Summaries from each of the workshops can be found below.
Purpose of the Review
Since the SSAM was first published in 2019, we have seen an increase in digital activity and therefore a changed threat environment. There
has also been changes to the OSF and other industry standards that should be reflected in the SSAM.
Other sectors are also looking at the SSAM's applicability for their own ecosystems. The review will look to assess the gaps between the SSAM and existing standards in other sectors.
Scope of the Review
The review will cover the following areas:
- Review existing SSAM requirements against new industry practices and/or government market processes
- Align the SSAM with the updated DSP OSF requirements
- Assess and review the gap between the SSAM and CDR security requirements
- Assess and review the gap between the SSAM and e-Invoicing security processes
Working Group Members
Chair - Simon Foster (DSPANZ)
Meeting Host - Matthew Prouse (DSPANZ)
Technical Advisor - Diana Porter (Australian Taxation Office)
Secretary - Maggie Leese (DSPANZ)
|Government & Observers
Bogdana Ilieva (MYOB)
David Field (OZEDI)
David Martin (Intuit)
Erika Villanueva (AssuranceLab)
Estevan Chaves (Sage)
Ian Gibson (DSPANZ)
Mark Anderson (Microsoft)
Michael Wright (Sage)
Paul Murray (AccountKit)
Paul Salcombe (Business Automation Works)
Paul Wenham (AssuranceLab)
Philip Boadi (Class)
Regan Ashworth (Xero)
Rob Cameron (FYI Docs)
Simeon Duncan (Intuit)
Cristina Blumberg (Treasury)
Karen Spicer (ATO)
Kylie Johnston (ATO)
Maddison Gilmore (ATO)
Maria Gal (ATO)
Michelle Bower (GNGB)
Natalie Plumridge (ACCC)
Working Group Outcomes
- Review Session 1 Summary & Outcomes
- Review Session 2 Summary & Outcomes
- Review Session 3 Summary & Outcomes
Following the conclusion of the workshops, we worked to put together a report covering the history of the SSAM, the insights from the surveys and the results from the 2021 review.
You can read the full report here.
During the review, DSPANZ ran two surveys and conducted interviews with developers to better understand the experiences of both DSPs and add-ons when implementing and complying with the API security standards included in the SSAM.
Below is a quick summary of the survey outcomes and you can read more about the survey results here.