Show download pdf controls
  • Responsibilities for using Access Manager

    Access Manager allows you to manage who has electronic access to the tax information of the business. It's your responsibility to implement processes that allow you to regularly review and monitor who has access to the business records.

    Data about individuals and entities within Access Manager is confidential. You must ensure that unauthorised people do not compromise the integrity of that data. If your computer will be unattended, even briefly, you must log out from Access Manager or lock your computer.

    By logging into Access Manager, you agree to:

    • comply with the terms and conditions of the AUSkey
    • keep the AUSkey secure at all times
    • not disclose your password or share it with others.

    By providing others in the business with electronic access to the secure information of the business, through an AUSkey, as yourself or as an agent for tax purposes, you must understand the following.

    • User access and permissions – what level of access is provided to each type of user (Administrator, Standard, Device) and the transactions the users can undertake (see Access and permissions).
    • Business appointments – the nature of your relationship with any entities you have appointed as an agent for tax purposes and what transactions your agent can undertake (see Business appointments).
    • Legally binding actions – the actions these users and agents undertake through Access Manager are legally binding to your business.

    If you're using Relationship Authorisation Manager (RAM), see Access Manager via RAM for more information.

    Preventing unauthorised access to business information

    If you have allowed your staff access to your secure information on the Business Portal, Tax Agent Portal or BAS Agent Portal, we strongly recommend that you:

    • use Access Manager regularly to ensure that user's level of access to the portals is appropriate
    • cancel AUSkeys (in the AUSkey Manager) if staff no longer require them or the AUSkey has been compromised
    • immediately disable or remove a user's account in Access Manager if you have any concerns about their activities
    • ensure that each person who deals with us online on behalf of your business has their own security credential
    • keep passwords secure – they must not be shared.

    If you use a hosted (online) SBR software service, we strongly recommend that you limit access to stored business information to appropriate staff only. If you have any concerns, contact your software service provider for advice.

      Last modified: 16 Sep 2019QC 40983