Blog Post
Try this link for feedback to the ATO
https://softwaredevelopers.ato.gov.au/contact-us
I've sent the following email to the Standard Business Reporting enquiries email address.
Hi
I am contacting you as a frustrated business owner regarding the onerous requirements being implemented around access to programs such as MYOB. On top of mandatory multi factor authentication they have now told all users that periods of greater than 30 minutes of inactivity will result in screen locks and users having to input their password to unlock. MYOB have pointed disgruntled users to the following links as being the requirements forced on them as an SaaS provider.
https://softwaredevelopers.ato.gov.au/RequirementsforDSPs
https://softwaredevelopers.ato.gov.au/operational_framework/further-guidance-requirements
What authority does the ATO have to mandate the security procedures that my business decides to implement? The only interaction that we have with the ATO through MYOB is the periodic payroll reporting and that should be the limit of any access restrictions the ATO should be able to require. I imagine there are quite a number of businesses who use MYOB who don’t even have that level of interaction.
How do business owners and users of commercially available software object to this unacceptable intrusion into our business by the ATO?
Regards
Michael
Hi. The ATO have not mandated this change for end-users. The requirement is for software developers only. MYOB have clearly taken the cheapest option and implemented it for everyone. I am also certain that the ATO haven't only just released this requirement and MYOB would have been aware of it for some time. The fact is, it will cost MYOB more to implement an 'opt-out' solution so if we do get it, expect to pay more.