Security Requirements

Security requirements for integration with Reckon Products

Reckon is required, as a component of our security obligations, to meet the ATO Operational Framework for our accounting and tax products. Reckon therefore has a responsibility to ensure that any development partner providing an integration to a Reckon product conforms to the DSPANZ (Digital Service Providers Australia and New Zealand) Security Standard for Add-on marketplaces.

The security requirements which your application must meet is determined by two factors:

  • The amount of active customer connections your application has to the Reckon ecosystem; and
  • Whether the Reckon application is from the APS or Elite range of products (eg. Contacts Plus)

Below is a list of the current APIs available, and at what point you must meet the security standard:

If your application integrates with more than one Reckon product, whichever has the lower threshold before a review is required, is what applies. For example if your application integrates with both Reckon One and APS Contacts Plus, as Contacts Plus requires the security review to be completed before a production release, that is the application which will apply.

API Name

Requirement

Reckon Accounts Desktop

No specific requirement.

Reckon Accounts Hosted

Once your application nears 1,000 active subscribers integrated you must inform Reckon and undertake a security review to ensure conformance with the security standard for add-on marketplaces.

Reckon One

Once your application nears 1,000 active subscribers integrated you must inform Reckon and undertake a security review to ensure conformance with the security standard for add-on marketplaces.

Reckon APS Contacts +

Due to the nature of the APS products you must undertake a security review prior to releasing a production version of your integrated application.

Reckon APS custom development locally

Due to the nature of the APS products you must undertake a security review prior to commencing development if a third party is involved. The third party may also be required to undertake a security review.

Security review

If you are requested to supply a security review to Reckon in the process of your development application, or are near 1,000 active connections to a Reckon product, you will need to complete a survey based on the security features detailed here. The survey will be provided by email.

The following are a few examples of the requirements to give some context:

  • Multi-Factor Authentication mandatory on all logins
  • TLS 1.2 mandatory
  • No shared logins / passwords

Once the security review is completed the survey will be assessed by Reckon and either approved, or, where non-conformance is found, a written response will be provided detailing the items to be addressed prior to a production release of the integration. At its sole discretion Reckon may also request a demonstration to review features such as Multi-Factor Authentication as part of the validation process.

How did we do?

Reckon API Application Form

Related Articles

Powered by HelpDocs (opens in a new tab)

Powered by HelpDocs (opens in a new tab)