CreditorWatch officially a digital service provider

The ATO performed its security due diligence on CreditorWatch, assessing the company’s data security procedures and uptime against the government agency’s DSP Operational Security Framework before granting certification of compliance.

The DSP Operational Security Framework was established to respond to business risks and security threats presented by the continual expansion and growth of digital services across the ecosystem. The framework seeks to protect taxation, accounting, payroll and superannuation-related data and the integrity of the taxation, business registry, and superannuation systems that support the Australian community.

It does this by setting out the requirements a DSP needs to meet in order to access ATO digital services that perform a functional role in the supply chain. The requirements reduce the risk of identity theft, tax refund fraud and system hacks, providing controls to protect the confidentiality and integrity of providers’ client data.

DSPs wanting to use ATO’s digital services are required to complete and submit a DSP OSF Security Questionnaire (DOCX, 804KB). The questionnaire requires evidence of the following:

• Audit logging
• Authentication
• Certification
• Data hosting
• Encryption key management
• Encryption at rest
• Encryption in transit
• Entity validation
• Personnel security
• Security monitoring
• Supply chain
• Third-party add-on

Patrick Coghlan, chief executive officer of CreditorWatch, said CreditorWatch is proud to be the first credit reporting bureau in Australia to achieve the digital service provider certification under the Operational Security Framework.

“The market is acutely aware of the importance of security and privacy, and the protection of financial and personal data, given recent events that have impacted both Australian businesses and consumers alike,” he said.

“The certification is a reflection of CreditorWatch’s gold-standard data security procedures, including ISO 27001 and 27017. It also acknowledges our market-leading uptime, whereby we’ve maintained 99.95 per cent uptime over the past three years.”