The Operational Security Framework (OSF) is a simplified ISO27001 aligned security review process developed for digital service providers wanting to work with our gateway services.
We use the OSF to review if providers have security measures in place to protect the integrity of Inland Revenue and taxpayer information.
The framework follows a tiered approach, based on the level of risk associated with the systems that a provider has integrated with.
We’ll update the framework as required, to respond to changes in the digital ecosystem.
We’re committed to safeguarding our information to protect providers, our customers, and the New Zealand community in general.
Initial OSF assessment
When you first register with us as a digital service provider, you’ll complete an initial OSF assessment questionnaire as part of the registration process.
About the gateway customer support portal and the developer portal
All digital service providers working with us need to meet our specifications.
What you need to know to integrate with us
Annual OSF review
We’ll send you an OSF review to complete every year. The review will indicate if your security measures are current and effective.
Where to get help
We’re here to support you through the OSF process.
If you’ve not yet registered, you’ll find helpful information in our ‘Getting started’ section.
If you’ve already registered, you can get support:
- through our Gateway Customer Support Portal
- by contacting your external relationship manager.