SSAM Review 2021
Following the recent review of the Operational Security Framework (OSF) DSPANZ, together with the ATO, will begin the first review of
the Security Standard for Add-on Marketplaces (SSAM).
The review will consist of a minimum three ninety minute workshops across August and September. We may also run a couple of short sessions looking at specific topics or issues raised in the workshop. Following the review, we will aim to host an industry playback session in mid October.
Find the schedule for the review below.
- Working Group Session 1 - 19 August 10am - 11.30am AEST
- Working Group Session 2 - 9 September 10am - 11.30am AEST
- Working Group Session 3 - 23 September 10am - 11.30am AEST
It is our intention to work with DSPANZ members and government partners to publish the updated Security Standard for Add-on
Marketplaces in mid November 2021.
Purpose of the Review
Since the SSAM was first published in 2019, we have seen an increase in digital activity and therefore a changed threat environment. There
has also been changes to the OSF and other industry standards that should be reflected in the SSAM.
Other sectors are also looking at the SSAM's applicability for their own ecosystems. The review will look to assess the gaps between the SSAM and existing standards in other sectors.
Scope of the Review
The review will cover the following areas:
- Review existing SSAM requirements against new industry practices and/or government market processes
- Align the SSAM with the updated DSP OSF requirements
- Assess and review the gap between the SSAM and CDR security requirements
- Assess and review the gap between the SSAM and e-invoicing security processes
Working Group Members
If you are interested in coming along to a session, please contact us.
Chair - Simon Foster (DSPANZ)
Meeting Host - Matthew Prouse (DSPANZ)
Technical Advisor - Diana Porter (Australian Taxation Office)
Secretary - Maggie Leese (DSPANZ)
|DSPs||Government & Observers|
Bogdana Ilieva (MYOB)
David Field (OZEDI)
David Martin (Intuit)
Erika Villanueva (AssuranceLab)
Estevan Chaves (Sage)
Ian Gibson (DSPANZ)
Mark Anderson (Microsoft)
Michael Wright (Sage)
Paul Murray (AccountKit)
Paul Salcombe (Business Automation Works)
Paul Wenham (AssuranceLab)
Philip Boadi (Class)
Regan Ashworth (Xero)
Rob Cameron (FYI Docs)
Simeon Duncan (Intuit)
Cristina Blumberg (Treasury)
Karen Spicer (ATO)
Kylie Johnston (ATO)
Maddison Gilmore (ATO)
Maria Gal (ATO)
Michelle Bower (GNGB)
Natalie Plumridge (ACCC)
Working Group Outcomes
Outcomes from each workshop will be hosted here.