Stay connected with important business updates

  • Facebook - Black Circle
  • LinkedIn - Black Circle
  • Google+ - Black Circle

PO Box 4293, Baldivis WA  6171

  • White Facebook Icon
  • White LinkedIn Icon
  • White Google+ Icon

© 2018 Insightful Bookkeeping

ABN:   63 131 008 244

Website by 

0437 330 835

ATO Requirements for Software Companies – 2FA/MFA

March 19, 2018

If a Digital Service Provider (DSP) – best understood to be a software company – provides a software product or service that reads, modifies, or routes any tax or superannuation related information, then that DSP is in scope of the ATO Operational Framework This includes DSPs that use an intermediary (such as a gateway or sending service provider (SSP)) to interact with the ATO. This update is only about the 2FA (2 factor) or MFA (multi factor) authentication requirements. For the purpose of this document we will use the term “2FA”.

 

ATO Requirements

  1. If the product or service is hosted by the DSP (cloud, browser based, DSP hosted, accessible from any device type): 2FA is mandatory.

  2. If the product is hosted by the business (desktop, on premise, own server): 2FA is optional according to the ATO requirements.

 

Impact on the DSPs

 

Software that has the mandatory requirement must implement and mandate a 2FA solution for all users with access to tax or super related information.

 

The proposed implementation date for the DSP to have this option is:

  • For tax practitioners' products: available by 31st March, 2018 and mandated use by 30th June, 2018.

  • For products with access to large volumes of tax and super data: available by 30th June, 2018 and mandated use by 30th September, 2018.

  • All other mandated products: available by 30th September, 2018 and mandated use by 31st December, 2018.

 

Alternatively, they must provide assurances that sufficient controls are in place to mitigate the risk.

 

Moving into the future the government will develop the Trusted Digital Identity Framework (TDIF) which may alter (hopefully improve) the software and user experience as it replaces the Cloud Authentication & Authorisation solution (CAA) that is based around AUSkey, Access Manager and the Unique Software ID.

 

Impact on You

 

The burden is on the software companies to deliver this solution to us. If your software is unable to implement (or obtain an extension from the ATO) you may lose the ability to lodge tax and super information, or retrieve information back from the ATO through that software. MYOB, Xero, and Intuit QBO all have 2FA solutions available.

 

 

 

 

Share on Facebook
Share on Twitter
Please reload

Recent Posts
Please reload

Archive
Please reload

Search By Tags