Show download pdf controls
  • Digital service provider Operational Framework

    The DSP Operational FrameworkExternal Link outlines what is required of digital service providers (DSPs) that access and use our digital wholesale servicesExternal Link via Standard Business Reporting (SBR).

    The DSP Operational Framework requirements reduce the risk of identity theft, tax refund fraud and system hacks. It comprises of a range of controls which include but are not limited to:

    • data encryption – to protect the confidentiality and integrity of client data
    • multi-factor authentication and audit logging for users who can access tax or superannuation related information of other entities or individuals
    • default onshore data hosting – to limit the risk of non-authorised access to client data.

    We will update and change the DSP requirements over time, to mitigate any emerging risks in our digital environment.

    These requirements do not affect software product users, except for products that use multi-factor authentication (an additional step to log in to verify a user's identity).

    We are committed to protecting your data, and we will restrict or de-whitelist DSP products (PDF 743KB)This link will download a file that fail to conform to the DSP Operational Framework.

    See also:

    Last modified: 31 Mar 2020QC 62007