Third Party Reporting - Examples of TPR Reports |
|
|
|
Page 3 of 3
The following provides examples of different TPR reports and the standards under which they are issued:
- General Third Party Reporting:
- Compliance Audit:
- Romanian National Securities Commission - Compliance and Information Systems Audit;
- Rule no. 4/2018 on the management of operational risks generated by information systems used by authorized /
licensed / registered entities, regulated and / or supervised by the Financial Supervisory Authority (ASF) - Compliance and Information Systems Audit;
- EU Funds/Grants Projects Attestation;
- ISO/IEC - 27001 series (Information Security Management System) certification audit;
- ISO/IEC - 9001 series (Quality Management System) certification audit
- PCI - DSS payment card data security precertification audit;
- TIA-942 Audit and Certification (Telecommunications Infrastructure Standard for Data Centers).
- Reasonable Assurance:
- SysTrust, WebTrust;
- National Bank of Romania - Electronic Payments System;
- Romanian Ministry of Communications and Informational Society:
- electronic banking (internet-banking, home-banking and mobile-banking);
- electronic archive;
- electronic invoice.
- Systems and process assurance;
- AAF 01/06 (UK), AUS 810 (Australia), AT101 (US).
- Limited Assurance (review or negative assurance)
- IT applications security certification;
- AUS 810 Australia, AT101 (US).
- Service Organization Report - ISAE 3402 (SAS 70) Audit
- Type I report - describes the service organization's description of controls at a specific point in time;
- Type II report - not only includes the service organization's description of controls, but also includes detailed testing of the service organization's controls over a minimum six month period.
- Agreed-Upon Procedures:
- Financial Institution Shared Assessments Program (FISAP);
- AUS 810 Special Purpose Reports on the Effectiveness of Control Procedures.
|