Utah Admin. Code R154-3-12 - Data Audit Requirements
(1)
(a) The scope of the data audit must include
all software code of the DAO.
(b)
If a DAO can show to the satisfaction of the division director or their
designee that portions of the software code of the DAO have been previously
audited, those portions of the software code may be removed from the scope of
the data audit.
(3)
(a) The data audit must be conducted by an
auditing organization that meets the requirements as set forth in Section
R154-3-13.
(b) The division director or their designee
may reach out to each auditing organization that performs a data audit for a
DAO filing with the division to ascertain whether the auditing organization
meets the requirements as set forth in Section
R154-3-13.
(4) A data audit must result in a report
that:
(a) Is signed by an officer or principal
of the auditing organization;
(b)
Provides contact information for an individual from the auditing organization
with knowledge of the data audit and report who may be contacted by the
division director or their designee;
(c) Describes the findings of the data audit
in detail; and
(d) Discloses if the
audit was conducted using fully automated methods with minimal human
intervention.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.