open it

The Digital Service Provider (DSP) Operational Security Framework (OSF) was first established in 2017 in response to the business risks and security implications presented by the growth in digital services across the digital economy. Today, the OSF covers over 600 DSP products. 

What the OSF Has Achieved

2017 - Before Implementation

  • Two reported software breaches resulted in 49,600 compromised TFNs
  • DSPs had no obligation to report breaches and it is likely other breaches went unreported

2020 - After Implementation

  • 19 software breaches resulted in 1065 compromised TFNs/ABNs
  • DSPs are now required to report all breaches to the ATO


Across 2020 and 2021, the first review of the OSF took place to review and update the requirements with one new requirement, entity validation, added to the framework. DSPANZ was heavily involved in the review working group and in drafting the new requirements document. We look forward to supporting our members in meeting the revised requirements. 

Future of the OSF

The OSF is a constantly evolving and maturing framework. DSPANZ works closely with the ATO on the OSF to ensure that it is meeting expectations of DSPs whilst still providing the right levels of security for those accessing ATO APIs. 

Online Forum

Get involved in the discussion! Post your comments and have your say!

Go To Forum

Member Directory

Browse through DSPANZ Members and learn more about them here.

Browse List