Based on the information provided SapphireOne has been assessed and given Full Operational Framework Approval for SapphireOne who are consuming BAS (PLS) and STP low risk API (payevent services) with the following terms and conditions.
API consumption conditions
- Full Approval granted SapphireOne for BAS services (PLS) and STP low risk API (payevent services)
- SapphireOne have ISO certification with software stored and managed by the client, in accordance with our requirements MFA is not a requirement as the as they are Desktop application provider storing no data onsite.
Production Verification Testing (PVT)
You must successfully complete the required PVT scenarios with your Account Manager for each PLS API required.
Changes to your situation
The ATO must be notified via your Account Manager of any changes to your business or product environment, in relation to the information you supplied in your questionnaire.
Monitoring is considered a joint responsibility between the ATO and the DSP.
The ATO conducts monitoring at the network, application and transaction layers; if anomalies or areas of concern are identified, we may re-assess your whitelisting suitability. The ATO will generally contact you or your representative unless exceptional circumstances apply.
Where you identify a breach through your own monitoring controls you must notify the ATO immediately via your Account Manager to ensure appropriate action can be taken.
Please respond with your agreement, understanding and acceptance of the conditions contained within this email.