open it
close it

The Operational Security Framework (OSF) applies to software products or digital services that read, store, modify or route any taxation, accounting, payroll, business registry or superannuation data that connects directly or indirectly to the ATO. 

It may also apply to the following:

  • DSPs or users of software who customise key components of a commercial product
  • Non-commercial / in-house products or services
  • Products or services producing a .CSV file


API Risk Rating

The OSF is divided into five categories based on the service a DSP is providing and the risk of the APIs that they are accessing. The risk rating of the ATO's APIs can be found here.

Category A
  • Commercial products or services controlled by DSPs that are accessing low to high risk APIs with greater than 10,000 unique client records
  • Sending Service Providers 
Category B
  • Commercial products or services controlled by DSPs that are accessing medium to high risk APIs with less than 10,000 unique client records
Category C
  • Commercial products or services controlled by DSPs that are accessing low risk APIs with less than 10,000 unique client records or no risk APIs regardless of unique client records
Category D
  • Commercial products or services controlled by clients that are accessing low, medium or high risk APIs regardless of unique client records
  • In-house products or services controlled by clients accessing low risk APIs only with greater than 10,000 unique client records
Category E
  • Commercial products or services controlled by DSPs or the clients that are accessing no risk APIs regardless of unique client records
  • In-house products or services controlled by clients that are accessing low risk APIs only with less than 10,000 unique client records or no risk APIs regardless of unique client records


The OSF requirements apply differently depending on which categories your products or services fall under, which APIs they access and the number of unique client records. Please refer to pages 12 - 14 of the OSF requirements document for more information.

← Industry Standards

Online Forum

Get involved in the discussion! Post your comments and have your say!

Go To Forum

Member Directory

Browse through DSPANZ Members and learn more about them here.

Browse List