Certification – Demonstrating Compliance
Annual Certification Audits
The TPPPA has created an audit program designed to prove the existence of documented controls in alignment with the TPPPA CMS Control Framework. Annual audits are voluntary and provide your company with the ability to demonstrate that it has incorporated the disciplines and culture of compliance expected by regulators and law enforcement agencies.
TPPPA Bank CMS Certification Audits are performed by the TPPPA’s accredited payment professionals. The audits consist of an onsite review where the auditor meets with management and interviews and observes staff performing their functions. The auditor will validate that staff are conducting their functions according to documented policies and procedures. The remainder of the audit will be conducted off-site as TPPPA auditors review documentation and perform additional testing to validate documented evidence of the function of the CMS Control Framework.
TPPPA Processor CMS Certification can be performed by the TPPPA or by an approved SOC audit firm that has been trained to audit to the CMS Control Framework. Utilizing approved TPPPA SOC Auditors provides processors the opportunity of consolidating audit engagements and reports to include the company’s own controls in addition to the TPPPA CMS controls.
Successful completion of the certification audits, with an acceptable level of findings will result in certification by the TPPPA. Review of TPPPA SOC Auditor reports to determine eligibility for certification may result in a small certification fee.
TPPPA CMS Gap Analysis
Many banks and processors elect to do a “pre-audit” or CMS Gap Analysis. The CMS Gap Analysis consists of the same process as an audit, but rather than a report of findings, the TPPPA Auditor will issue a report of recommendations to address gaps to the CMS Control Framework. The TPPPA will support the member in addressing the gaps prior to a formal CMS audit performed by either TPPPA Auditors or approved TPPPA SOC Auditors.
TPPPA CMS Certified Seal
Members that successful complete the CMS Audit with minimal findings will be awarded the TPPPA seal of approval – CMS Certified, that they may post on their website. If desired, the certified member will also be listed on the TPPPA Website to demonstrate their official certification status.