16:40:36 - 16.09.2019

Download Brochure

Banner

Security Partners

Banner
Banner

ISO 27001 Certified

Banner

ISO 9001 Certified

Banner


Home
Third Party Reporting - Standards and Guidelines PDF Print E-mail
Article Index
Third Party Reporting
Standards and Guidelines
Examples of TPR Reports
All Pages

 

There are some significant Third Party Reporting applicable standards, procedures and guidelines used for attestation or assurance audits or reviews, and it includes:

  • ISACA - Information Systems Audit and Control Association - Standards;
  • IAASB - International Auditing and Assurance Standards Board:
    • ISAE 3000 - Assurance Engagements Other Than Audits or Reviews of Historical Financial Information;
    • ISAE 3402 - SAS 70 Examinations, CICA 5970 - Service Organization Reports, for outsourced services.
  • IFAC - International Federation of Accountants - ISRS 4400 - Engagements to Perform Agreed Upon Procedures Regarding Financial Information;
  • ISACA - ITAF - Information Technology Assurance Framework;
  • ISACA - IT AUDIT AND ASSURANCE GUIDELINE - Guideline G20 Reporting;
  • ISO/IEC - Series - 27001 (17799), 9001, 15408, 14001...most notable:
    • 27001 - Information technology, Security techniques, Information security management systems, Requirements;
    • 9001 - Quality Management System;
    • 15408 - The Common Criteria for Information Technology Security Evaluation;
  • PCI-DSS - PCI Security Standards Council - Data Security Standard for payment card systems;
  • COBIT / ITGI (IT Governance Institute) - Framework for IT Governance and Control:
  • AICPA - American Institute of Certified Public Accountants
    • SSAE - Statements on Standards for Attestation Engagements, SSAE No. 10, 11 - designated to issue pronouncements on attestation matters;
    • SOC (Service Organization Control) 1, 2, 3 - internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service;
    • SysTrust, WebTrust (focuses on risk areas related to e-commerce activities).