The Security Standard for Add-on Marketplaces (SSAM) is an extension of the ATO's Operational Framework and is intended to provide guidance for cloud based third party applications who integrate via API with Digital Service Providers (DSPs).
Co-developed by ABSIA and the ATO, the SSAM outlines a consistent set of rules, specifications and practices for both DSPs and third party developers who integrate with cloud based taxation, superannuation, payroll or accounting software via API.
The security requirements specified in the SSAM were modelled closely on Intuit's
QBO App Store guidelines.
If an app is currently certified by Intuit, then it will probably meet the SSAM requirements already.
It is expected that if a third party add-on can meet the security requirements outlined in the SSAM, they should have minimal difficulty self assessing and certifying their app against multiple DSP ecosystems including Xero, MYOB, Intuit etc.
The standard applies to third party app developers with more than 1,000 connections to Australian business customers of a DSP or those who are connected to the practice client list of an Australian tax or BAS agent (practice connection).
The SSAM also outlines the minimum self assessment, breach reporting and logging requirements that are expected by DSPs that operate an ecosystem.
The SSAM will increase the protection of client data as well as improving the portability of apps between different vendors. The creation of common security standards across multiple accounting API ecosystems is a world first, with the opportunity for them to expand or be adopted internationally.
You can download a copy of the standard (PDF) here: Security Standard for Add-on Marketplaces (SSAM). Last updated August 2019.
ABSIA is hosting a webinar with the ATO to officially introduce the Security Standard for Add-on Marketplaces (SSAM) on 2 October at 10am (AEDT).
Please register your interest in attending this webinar below.
SSAM at ABSIA's Annual Conference
At ABSIA's Conference Digital Business, Digital Economy, there will be an in depth session covering the SSAM with Matthew Prouse and various guests. For more information about the conference, continue reading here.