What does it take to be an ATO Digital Service Provider?
The ATO insists on a specific range of security measures for those who want to enjoy the benefits of direct access to ATO services via APIs
The Australia Taxation Office (ATO) has re-approved Aurion as a fully compliant Digital Service Provider (DSP). As an ATO DSP Aurion can offer time and money-saving services like automated STP lodgement through our own dedicated ATO Gateway.
This is achieved through an application programming interface (API), which allows systems, applications and devices to share data and align their capabilities, regardless of where the data resides or in what format.
By creating seamless connections among different online services, APIs have become indispensable to the digital economy, which relies on ‘ecosystems’ of related but separate entities, like Aurion, our customers and the ATO, to deliver services to the end user with minimum fuss and processing.
To manage the inherent business risks and security implications of integrated digital services, the ATO assesses the systems and security of DSPs like Aurion against a range of factors, including the:
- API risk rating
- volume of taxpayer or superannuation records
- number of elements in our operating model (such as where highly confidential customer information is stored).
For our staff, this means:
- appropriate processes and procedures for hiring, managing and terminating employees and contractors
- audit logging to trace user access and actions
- multi-factor authentication (MFA) for staff with access to taxation or superannuation-related information.
For our systems and data management, we maintain:
- an approved cryptographic protocol and algorithm
- onshore data hosting (customer data stay in Australian jurisdiction)
- ISO27001 certification for an information security management system (ISMS).
Aurion also has ISO9001:2015 certification for a quality management system and is ASAE3402 accredited for controls at a service organisation – we rigorously adhere to strict security management practices.
Our cost-effective cloud solutions are hosted by AWS domestically, and in partnership with AWS, Aurion continually implements the additional security features of AWS technology.