Bannerpayroll providersresized

Data security

Data security using Ozedi services

The data sent to Ozedi is secured at all times using various encryption and secure transport options.

STP submission to ATO

  • Data is prepared by the payroll system in the prescribed ATO bulk file format – currently this file is not signed or encrypted because the ATO does not accept encrypted/signed payloads (only signed AS4 messages)
  • When the ATO does accept end to end encryption, at that stage the STP data file will be compressed, encrypted using the ATO’s public key and signed using the employer’s AUSkey private key at the client data site
  • Data is transported to Ozedi via REST API which uses transport protocol TLS 1.2 - data is protected by SSL and secure in transit
  • Data received at Ozedi via API is written directly off the wire into an encrypted database. The encrypted database is further secured by residing on an encrypted filesystem and being strongly protected by database and operating system privileges.
  • The payload data is streamed from the encrypted database directly to the application that builds and sends the AS4 message. This streaming avoids the use of temporary files and means that the only time the data is at rest is in the encrypted database.
  • The AS4 message is signed using Ozedi’s AUSkey and submitted to the ATO using Ozedi’s AUSkey using ebMS3.0 AS4 messaging protocols – this provides security in transit.
  • When the ATO accepts an encrypted payload, after accepting the AS4 message, they will check signing of the payload for tampering using the employer’s AUSkey public key, then decrypt the payload using the ATO’s private key.

Retrieve STP response from ATO

  • Ozedi polls the ATO for the STP response and, when received, it writes it to the encrypted database and deletes the payload submission. This completes the cycle. Responses are maintained in the encrypted database for pickup via API or email distribution depending on method selected. NB ATO responses contain no employer or employee data (only error codes, description and DocumentID reference).


OZEDI places security at the forefront of all that we do. OZEDI is ISO27001 certified as well as being compliant under the SuperStream Gateway Network Governance Board’s audit regime which extends to the ASD essential 8, adding a further 106 controls in addition to ISO27001.