Some of you might already have heard of the changes coming later in 2018 (to be fully implemented by 1st Jan 2019) but the security system is quite complex behind the scenes so I will try to explain it from the RTO point of view.
To date, clients have needed to provide us with a device AUSkey which we effectively use to impersonate or act as an agent of their business. This was the only possible way to comply with the USI legislation but was deemed to be in breach of the privacy act and the terms and conditions of the AUSkey system, so it needed to change. The new system is used not just for the USI system in the VET sector, but to any situation where a software provider is acting on behalf of an AUSkey holder. In particular, it will also be used by tax agents who represent clients in dealing with the ATO using software interfaces.
There is a new database called “RAMS” which is used to record the relationship between the AUSkey holder (the RTO) and the software provider (us). We initiate the process by logging on using our own AUSkey and requesting that we be able to process USI data for your RTO (by ABN). The registered contact of that ABN receives notification of the request and click on a link to agree to the request (you must be authenticated by your own AUSkey when you do that).
Once that relationship is confirmed by both sides, we use our own AUSkey to interact with the USI system specifying which RTO we are representing and the system checks that we have a current valid relationship. Thus, no sharing of AUSkey’s is needed.
The relationship expires every 12 months and there will be an automated renewal process (we are not sure on the details of that yet). You can cancel the relationship at any time using your RAMS account. If you do so, or if the relationship expires, the USI verify function (for instance) will return an error message.
The system is in trials currently and is scheduled to be will be phased in from Jul-Dec 2018 with both systems being available during that time. From 1 Jan 2019, the old system will no longer work.
An overview of the new CAA solution can be found in PDF format here. The technical details of the new system are not yet public, but the USI team will be providing information and resources to providers once the system “goes live” on the USI web site provider page.