open it

The Digital Service Provider (DSP) Operational Security Framework (OSF) is part of the ATO’s response to the business risks and security implications presented by the growth of digital services across the digital economy. The DSP OSF was recently reviewed with the updated requirements released in August 2021.

If a DSP provides a software product or service that reads, stores, modifies or routes any taxation, accounting, payroll, business registry or superannuation related information, then that DSP is in scope of the OSF and will need to meet the specific security and business requirements.

DSPANZ members were heavily involved in the co-design and initial implementation of the DSP OSF and continue to be involved in the ongoing review and refinement of the framework.

All DSPs wanting to use ATO digital services will need to meet the relevant requirements which can include, but is not limited to:

  • Audit logging
  • Authentication
  • Certification
  • Data hosting
  • Encryption key management
  • Encryption at rest
  • Encryption in transit
  • Entity validation
  • Personnel security
  • Security monitoring
  • Supply chain
  • Third party add-ons

For more information about the DSP Operational Framework, please contact us or visit the ATO Software Developers website.

Online Forum

Get involved in the discussion! Post your comments and have your say!

Go To Forum

Member Directory

Browse through DSPANZ Members and learn more about them here.

Browse List