Business Hub 101-19103125

Staff must not share PRODA account details or make any updates until after completing the security check and confirming the person contacting is the rightful account holder.

If staff suspect the person is not using their own credentials to log in to Business Hub or PRODA account, determine if:

• they are known to the original PRODA account holder, that is, a business is sharing their credentials between staff, or
• the credentials have been compromised or stolen

If the person contacting is:

• attempting to log in with a stolen or compromised PRODA RA, go to Step 2
• using a PRODA RA of another employee (that is, a business is sharing their credentials between staff), go to Step 3
• asking to reactivate their account, go to Step 7

If staff believe the person is attempting to log in with a stolen or compromised PRODA RA discuss with the person making contact if they:

• are known to the business or the original RA owner
• can provide key business details such as:
  • CRN
  • ABN
  • other staff members names
  • what Business Hub service the business is registered to use

Can the person supply any of the above apply?

• Yes, the PRODA RA has been shared with someone else who is from the business, go to Step 3
• No, the PRODA account must be suspended by the PRODA team:
  • Escalate using the PRODA RA compromised email template on Resources
  • Tell the person making contact their access will be suspended
  • Procedure ends here

If the person contacting has quoted the PRODA RA for another user to access Business Hub, the first step is to provide education and support to the user.

Contact is received via:

• phone call, go to Step 4
• email, go to Step 5

Tell the caller, to gain access to their services they must:

• register for PRODA as an individual
• contact their Access Manager or Authorised Officer for access in Business Hub

See Resources for links to the Services Australia website on how to register and use Business Hub to access services.

Is the original PRODA RA owner from the business is available to speak to?

• Yes, attempt to resolve the issue by reminding them of the requirements for using and managing passwords. Keep the following confidential and secure:
  • Individual PRODA RA number
  • Secret questions and answers
  • Password
  • Procedure ends here
• No, the original PRODA RA owner is not available to speak to, go to Step 6

Reply to the sender. Tell them:

• to register for PRODA themselves to gain access to their services in Business Hub
• their Access Manager or Authorised Officer can manage access for them
• they can search ‘How to register for an individual PRODA account’ on the Services Australia website for more information

See Resources for links to the Services Australia website on how to register and use Business Hub to access services.

As this is a breach of the PRODA Terms and Conditions, the PRODA account must be suspended by the PRODA team:

• Use the PRODA user is suspected of sharing their PRODA RA email template on Resources to escalate
• Procedure ends here

Use the PRODA user is suspected of sharing their PRODA RA email template on Resources to escalate.

Procedure ends here.

When the owner of a suspended PRODA RA calls to request their account be reactivated, they must first satisfy the POI check and verify their association with the organisation.

Confirm POI using information available in:

• Process Direct Business Hub Access Management
• PRODA staff search
• Organisation contact summary (OSCS) screen in Customer First

The user must provide their:

• full name
• role within the business
• the Australian Business Number (ABN)
• work phone number, address, and email address
• PRODA Registration Authority (RA) number

Has the user satisfied the POI check?

• Yes, go to Step 8
• No, the issue could not be resolved or it is clear there is ongoing evidence of misuse or suspicious behaviour:
  • escalate the matter to PRODA Operational Support. See the Examples of escalating PRODA incidents table in Escalating Provider Digital Access (PRODA) incidents, complaints and feedback

When POI is established:

• remind the user of the requirements for using and managing passwords. That is, keep the following confidential and secure:
  • Individual PRODA RA number
  • Secret questions and answers
  • Password
• Use the PRODA user is requesting reactivation of their suspended PRODA RA email template on Resources to escalate to for reactivation