19:15:58 - 13.07.2024

Download Brochure


Security Partners


ISO 27001 Certified


ISO 9001 Certified


Home Expertise
Third Party Reporting - Examples of TPR Reports PDF Print E-mail
Article Index
Third Party Reporting
Standards and Guidelines
Examples of TPR Reports
All Pages


The following provides examples of different TPR reports and the standards under which they are issued:

  1. General Third Party Reporting:
    • Compliance Audit:
      • FINANCIAL SUPERVISORY AUTHORITY - Compliance and Information Systems Audit;
      • Rule no. 4/2018 on the management of operational risks generated by information systems used by authorized /
        licensed / registered entities, regulated and / or supervised by the Financial Supervisory Authority (ASF) - Compliance and Information Systems Audit;
      • EU Funds/Grants Projects Attestation - Technical IT and Security audit;
      • ISO/IEC - 27001 series (Information Security Management System) certification audit;
      • ISO/IEC - 9001 series (Quality Management System) certification audit
      • PCI - DSS payment card data security precertification audit;
      • TIA-942 Audit and Certification (Telecommunications Infrastructure Standard for Data Centers).
      • Cyber security audit for the compliance with the European NIS Directive
    • Reasonable Assurance:
      • SysTrust, WebTrust;
      • National Bank of Romania - Electronic Payments System;
      • Romanian Ministry of Communications and Informational Society:
        • electronic banking (internet-banking, home-banking and mobile-banking);
        • electronic archive;
        • electronic invoice.
      • Systems and process assurance;
      • AAF 01/06 (UK), AUS 810 (Australia), AT101 (US).
    • Limited Assurance (review or negative assurance)
      • IT applications security certification;
      • AUS 810 Australia, AT101 (US).
  2. Service Organization Report - ISAE 3402 (SAS 70) Audit
    • Type I report - describes the service organization's description of controls at a specific point in time;
    • Type II report - not only includes the service organization's description of controls, but also includes detailed testing of the service organization's controls over a minimum six month period.
  3. Agreed-Upon Procedures:
    • Financial Institution Shared Assessments Program (FISAP);
    • AUS 810 Special Purpose Reports on the Effectiveness of Control Procedures.