Independent third-party auditors conducting data security audits must, at a minimum, hold one of the following qualifications:
(1) American Institute of Certified Public Accountants (AICPA);
(2) Certified Information Security Auditor (CISA/ISACA);
(3) ANSI-ASQ National Accreditation Board (ANAB); or
(4) Other nationally recognized information technology auditing certification.
(5) An internal audit organization that can attest it conforms with the international standards for the professional practice of internal auditing.
[Statutory Authority: RCW
46.01.110. WSR 23-19-010, § 308-10A-403, filed 9/7/23, effective 10/8/23.]