Information Security Self Assessment and Attestation
We provided a submission to the Australian Competition and Consumer Commission's (ACCC) consultation on the Consumer Data Right
sponsored accreditation - information security self assessment and attestation on 8 November 2021.
In our response we provided broad feedback on sponsored accreditation and the Schedule 2 requirements. We outlined the concerns that DSPs who operate app stores have around possibly having to sponsor 20,000 to 30,000 apps which will not be feasible. Here we suggested that better model to regulate DSPs under the CDR rules it to recognise both the Operational Security Framework (OSF) and the Security Standard for Add-on Marketplaces (SSAM).
We also provided feedback on needing alternative accreditation pathways, providing support to business seeking CDR accreditation and how the costs involved in CDR may present a barrier to entry for DSPs who often provide free and public APIs.
A full copy of this submission can be accessed here.