The DSP Operational Framework is part of the ATO’s response to the business risks and security implications presented by the growth of our digital services across the digital economy.
If a DSP provides a software product or service that reads, modifies or routes any tax or superannuation related information, then that DSP is in scope of the Framework and will need to meet the specific security and business requirements.
DSPANZ members were heavily involved in the co-design and initial implementation of the DSP Operational Framework.
All DSPs wanting to use ATO digital services will need to meet the relevant requirements which can include, but is not limited to:
- Supply chain visibility
- Data hosting
- Personnel security
- Encryption key management
- Security monitoring practices.