AAF Annual Compliance

All subscribers of the Australian Access Federation are required to submit an annual Compliance Statement confirming their compliance to the Federation Rules on or before 30 June each year.

Enterprise and publisher subscribers

How to ensure compliance

To ensure compliance you will need to confirm that:

  1. Your organisation is compliant with the AAF Federation Rules.
  2. All Service Providers and Identity Providers (with active services) registered with the AAF are also compliant.
  3. Ensure that all your contacts details are up to date.

Subscriber information

There are two subscriber contact types

  1. Organisation contacts responsible for contracts, billing and service approval decisions.
  2. Technical contacts manage service registrations and connection to the federation.

Technical Contacts
Your Identity Management Team can login to the Federation Registry to check and update Technical contacts. For more information view our knowledge base article.

How to submit the compliance statement

  • In preparation for the release of the Annual Compliance Statement ensure your organisation’s contact details have been confirmed and updated.
  • Your Primary Representative will receive an informative email, outlining how to sign and submit your compliance statement.
  • A DocuSign Compliance Statement will be sent to your Primary Representative for signing.
  • The DocuSign Compliance Statement needs to be signed annually by 30 June.

Rapid IdP Subscribers

As a Rapid IdP subscriber, management of your Federation IdP is being performed by the AAF. This will affect how you perform your yearly compliance check. This Rapid IdP Checklist outlines the Federation Rules where compliance is met automatically due to your AAF Rapid IdP subscription.

However, your organisation is still responsible for compliance to all the AAF Federation Rules. You need to review the checklist and the Federation Rules to ensure your organisations compliance.