325K.06 PERFORMANCE AUDITS.
    Subdivision 1. Annual audit; auditor qualifications; rules. A certified public accountant
having expertise in computer security must audit the operations of each licensed certification
authority at least once each year to evaluate compliance with this chapter. The secretary may
by rule specify the qualifications of auditors.
    Subd. 2. Compliance categories. Based on information gathered in the audit, the auditor
must categorize the licensed certification authority's compliance as one of the following:
(a) Full compliance. The certification authority appears to conform to all applicable
statutory and regulatory requirements.
(b) Substantial compliance. The certification authority appears generally to conform
to applicable statutory and regulatory requirements. However, one or more instances of
noncompliance or of inability to demonstrate compliance were found in an audited sample, but
were likely to be inconsequential.
(c) Partial compliance. The certification authority appears to comply with some statutory
and regulatory requirements, but was found not to have complied or not be able to demonstrate
compliance with one or more important safeguards.
(d) Noncompliance. The certification authority complies with few or none of the statutory
and regulatory requirements, fails to keep adequate records to demonstrate compliance with more
than a few requirements, or refused to submit to an audit.
The secretary shall publish in the certification authority disclosure record it maintains for the
certification authority the date of the audit and the resulting categorization of the certification
authority.
    Subd. 3.[Repealed, 1998 c 321 s 31]
    Subd. 4.[Repealed, 1998 c 321 s 31]
    Subd. 5.[Repealed, 1998 c 321 s 31]
History: 1997 c 178 s 7