open it

SSAM Review 2021

Following the recent review of the Operational Security Framework (OSF) DSPANZ, together with the ATO, will begin the first review of the Security Standard for Add-on Marketplaces (SSAM). 

The review will consist of a minimum three ninety minute workshops across August and September. We may also run a couple of short sessions looking at specific topics or issues raised in the workshop. Following the review, we will aim to host an industry playback session in mid October. 

Find the schedule for the review below.

  • Working Group Session 1 - 19 August 10am - 11.30am AEST
  • Working Group Session 2 - 9 September 10am - 11.30am AEST
  • Working Group Session 3 - 23 September 10am - 11.30am AEST

It is our intention to work with DSPANZ members and government partners to publish the updated Security Standard for Add-on Marketplaces in mid November 2021. 

Purpose of the Review

Since the SSAM was first published in 2019, we have seen an increase in digital activity and therefore a changed threat environment. There has also been changes to the OSF and other industry standards that should be reflected in the SSAM. 

Other sectors are also looking at the SSAM's applicability for their own ecosystems. The review will look to assess the gaps between the SSAM and existing standards in other sectors. 

Scope of the Review

The review will cover the following areas:

  • Review existing SSAM requirements against new industry practices and/or government market processes
  • Align the SSAM with the updated DSP OSF requirements
  • Assess and review the gap between the SSAM and CDR security requirements
  • Assess and review the gap between the SSAM and e-invoicing security processes


Working Group Members

If you are interested in coming along to a session, please contact us.

Chair - Simon Foster (DSPANZ)
Meeting Host - Matthew Prouse (DSPANZ)
Technical Advisor - Diana Porter (Australian Taxation Office)
Secretary - Maggie Leese (DSPANZ)

DSPs Government & Observers
Bogdana Ilieva (MYOB)
David Field (OZEDI)
David Martin (Intuit)
Erika Villanueva (AssuranceLab)
Estevan Chaves (Sage)
Ian Gibson (DSPANZ)
Mark Anderson (Microsoft)
Michael Wright (Sage)
Paul Murray (AccountKit)
Paul Salcombe (Business Automation Works)
Paul Wenham (AssuranceLab)
Philip Boadi (Class)
Regan Ashworth (Xero)
Rob Cameron (FYI Docs)
Simeon Duncan (Intuit)
Cristina Blumberg (Treasury)
Karen Spicer (ATO)
Kylie Johnston (ATO)
Maddison Gilmore (ATO)
Maria Gal (ATO)
Michelle Bower (GNGB)
Natalie Plumridge (ACCC)


Working Group Outcomes

Outcomes from each workshop will be hosted here. 





Online Forum

Get involved in the discussion!
Post your comments and have your say!


Go To Forum



Member Directory

Browse through DPSANZ Members and learn more
about them here.


Browse List