DSP Operational Framework Consulting Services

We help software developers to understand their obligations under the DSP Operational Framework and comply with the security requirements for digital providers set by the ATO.

The Digital service provider (DSP) Operational Framework is part of ATO’s response to business risks and security implications stemming from online or digital record-keeping. The DSP Operational Framework establishes how ‘SBR-enabled’ software developers will provide access to and monitor the digital transfer of data through software.

Scope of the DSP operational Framework

If a DSP provides a software product or service that reads, modifies or routes any tax or superannuation related information, then that DSP is in scope of the Framework and will need to meet the requirements. This includes DSPs that use an intermediary (such as a gateway or sending service provider (SSP)) to interact with the ATO.

The requirements include but are not limited to:

Authentication
Encryption
Supply chain visibility
Certification (ISO 27001, iRap, SOC2 or OWASP ASVS3.0)
Data hosting
Personnel security
Encryption key management
Security monitoring practices

How Shearwater can help

The Framework utilises a risk based approach in determining the requirements needed for utilising the ATO’s APIs. It looks at factors such as the API risk rating, volume of accessible individual taxpayer or superannuation records and your operating model such as hosting and software delivery.

Identifying the requirements that are relevant to your business and meeting compliance obligations can be a daunting process. At Shearwater, we have expert security consultants available to guide you through all the necessary steps including:

Determining the requirements that are relevant to your business
Conducting a gap analysis and providing a roadmap for compliance
Remediation services including technology recommendation and implementation, policy development and setting up necessary controls
Identifying the certification standard that best aligns with your business goals and budget
Assisting in self assessment activities and in evidence of compliance submissions to the ATO

Request a Callback

How can we help?

1300 228 872

Request a Callback

Related Services

ISO 27001 Consulting

Information Security Consulting

Information Security Reviews

Testimonials

” The relationship with Shearwater and the two-way exchange of information, ideas, and feedback – has significantly helped us improve our own security and allowed us to stay abreast of changes in the security landscape.“

Calvin RowleyCEO, The Reach Agency

” Overall, we find Shearwater to be flexible, consultative, and delivering on their promise. They have a high level of understanding of the information security landscape and the threats that a financial services organisation has or may have in the future. They have demonstrated their capabilities and knowledge in suggesting and implementing suitable solutions.“

Head of Business ManagementLeading Australian Insurer

Why Shearwater? We offer outstanding customer service, fast response, on-time delivery, transparency and constant communication throughout all of our engagements.

Get in touch and let us help you achieve your security and compliance goals.

Get Started

Request a Callback

Get a service advisor to contact you, answer your questions, and understand your specific requirements.

Request a Callback

Get in touch

Get answers! Our service advisors are ready to take your call and offer you advice and insights

1300 228 872
Mon -Fri, 9am – 6pm

DSP Operational Framework Consulting Services

We help software developers to understand their obligations under the DSP Operational Framework and comply with the security requirements for digital providers set by the ATO.

Scope of the DSP operational Framework

How Shearwater can help

1300 228 872

Request a Callback

ISO 27001 Consulting

Information Security Consulting

Information Security Reviews

Get Started

Request a Callback

Get in touch

Compliance

Penetration Testing

Managed Services

Phishing Prevention

Company

Subscribe to Our Security Updates

Search for products or services