Annex VIII | Details of the attestation of the TLPT referred to in Article 26(7) of Regulation (EU) 2022/2554

The attestation shall contain at least all of the following information:

on the performed TLPT:
1. the starting and end dates of the TLPT;
2. the critical or important functionsmeans a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law; in scope of the test;
3. where relevant, information on critical or important functionsmeans a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law; in scope of the test in relation to which the TLPT was not performed;
4. where relevant, other financial entities that were involved in the TLPT;
5. where relevant, the ICT third-party services providersmeans an undertaking providing ICT services; that participated in the TLPT;
6. in respect of testers:
  
  whether internal testers were used;
  
  whether Article 5(3), second subparagraph, was used by the financial entity;
7. the duration, in calendar days, of the active red team testing phase;
where several TLPT authorities have been involved in the TLPT, the other TLPT authorities, and in which capacity;
list of the documents examined by the TLPT authority for the purposes of the attestation.