ato logo
Search Suggestion:

Appendix

Last updated 21 March 2021

Attachment A: Special access permissions

Special access permissions (also known as a ‘Gold pass’) are designed for large agents or intermediaries, with authorisation to act on behalf of an employer, to validate an employee’s TFN details without formal business appointments in Access Manager.

Only those entities approved by the Commissioner will be granted the special permission. The permission only applies to the use of the EmployerTICK service to validate an employee’s TFN details.

The criteria used in making a decision on whether an intermediary will be granted this special permission include, but are not limited to whether:

  • the entity has an established relationship with us. This may include criteria such as the intermediary's      
    • length of operating history
    • lodgment of income tax returns and other reporting obligations
    • payment history
    • related entities
  • the entity represents more than 500 employers
  • the entity will use machine credentials, with sufficient security controls and audit logging to identify any user of the service within the business
  • the entity has a business purpose, or undertakes activities that specifically relate to processing contributions on behalf of employers in compliance with the data standards
  • the entity will only use the service on behalf of employers who have provided them with written authority
  • the entity will provide written evidence to the Commissioner declaring they have been duly authorised (in the approved form) to represent their client employers for the purpose of using EmployerTICK and an acknowledgement that the Commissioner may request evidence of written authorities to verify appropriate use of the service.

The special permission will expire two years from the date of approval. Intermediaries must register their interest or apply for a gold pass by emailing Superstreamstandards@ato.gov.au.

The written agreement between the intermediary and employer must provide sufficient certainty to the Commissioner that authority to use the service is in an approved form. This written agreement could be formalised through terms and conditions, or built into the registration process when a new employer signs on with the intermediary.

Attachment B: Glossary

Employer – you employ a person under a verbal or written employment contract on a full-time, part-time or casual basis (definition for super guarantee purposes).

Machine credentials – allows you to transact with government online services through Standard Business Reporting (SBR)-enabled software. If you use desktop or locally hosted SBR-software, you will need to create a machine credential through Relationship Authorisation Manager.

Matched – this means a match has been found for the TFN supplied. Also known as a ‘valid’ response.

Member – a member of a super fund, the depositor of an approved deposit fund, the holder of an RSA or a member of an SMSF.

myGovID – is an app you download to your smart device that lets you prove who you are when logging into government online services

Relationship Authorisation Manager (RAM) – is an authorisation service that allows you to act on behalf of a business with government online services when linked with your myGovID. You'll use your myGovID to log into RAM.

Super fund – an APRA-regulated super fund, an approved deposit fund, or an RSA provider.

SuperStream data standards – data standards that are part of the government's Super Reform package. These standards provide a consistent, reliable electronic method of transacting linked data and payments for super. The goal is to improve the efficiency of the super system, improve the timeliness of processing of rollovers and contributions, and reduce the number of lost accounts and unclaimed monies.

The standards are a set of minimum conditions for data and payment transmission including a minimum set of prescribed data. Broadly, there are five aspects:

  • a standard set of business terms and definitions (the 'definitional taxonomy')
  • a standard set of data message formats (the 'reporting taxonomy' set out in relevant message guides)
  • a messaging services standard which sets out requirements for message packaging, transport, security and receipting of messages
  • a standard format for electronic payments
  • enabling services (also referred to as 'validation services').

Unmatched – this means a match has not been found for the TFN supplied. Also known as a ‘not valid’ response.

Attachment C: Security guidelines

EmployerTICK is a secure service protected by our online security credentials.

We recommend you review the latest security guidelines regularly. These are updated as we become aware of issues and relevant information, to help you maintain the highest levels of security.

Security credentials

A security credential is an electronic file and/or software used for identification purposes when transacting over the internet.

A security credential is used to establish a secure environment for online transactions. This provides you with assurance that your online transactions with us are safe by letting us know we are interacting with the right person for each transaction.

Modern security credentials make fraud very difficult. For someone to gain access to our online services as you, they would have to be using a computer on which the credential is installed and they would have to know your password.

Every person associated with your organisation who wants to deal with us online on behalf of the entity will need their own security credential.

See also:

Looking after your security credential

The security of the information you want to guard through the use of a credential is only as good as the care you take to keep this credential protected.

Never disclose your password to anyone, including our staff or the provider of your credential.

When deciding on a password, ensure it is sufficiently complex. Your password must:

  • be at least eight characters long
  • contain numeric as well as alphabetic characters
  • have a mix of upper and lower case alphabetic characters
  • have at least one special character (for example, !, @, #).

Your role in securing your information

Technology and computers cannot safeguard information automatically. You need to protect your own and the employee’s information related to use of this service.

We strongly recommend that you:

  • never disclose your credential password to anyone, including us or the credential's issuer
  • do not download your credential to general use computers. Access Online services for business only from computers to which you have exclusive use, or that you share under one of the following conditions      
    • the computer is configured for multiple users
    • each person has a unique account
    • other users are individuals you can trust
  • keep your computer software up-to-date, especially with security upgrades and patches – these are usually available from the licenser of the software
  • ensure your anti-virus software is current and running on your computer at all times – scan new programs or files for viruses before opening, running, installing or using them
  • ensure you have anti-intrusion software (commonly referred to as a ‘firewall’) to provide added security around your information and protection from misuse of your identity
  • avoid opening, running, installing or using programs/files you have obtained from a person or organisation unless you are positive that you can trust them
  • conduct secure disposal practices such as cleansing of the hard disk on disposal of your computer.

What to do if someone obtains your password or your device is stolen

This situation should be treated with the same degree of urgency that you would give to the loss of a credit card.

If you are aware or suspect someone has inappropriately accessed your personal information in myGovID, you need to report this immediately.

Contact the myGovID support line on 1300 287 539 (select option 2 for myGovID enquiries) between 8.00am and 6.00pm AEST, Monday to Friday.

International callers can contact us by phoning our switchboard on +61 2 6216 1111 between 8.00am to 5.00pm AEST and request your call be transferred to the myGovID support line.

If you are aware or suspect that your machine credential has been compromised, we recommend that you log into RAM and revoke the compromised machine credential. If required, you can then create a new machine credential for that device.

See also:

QC81890