Section R154-3-12 - Data Audit Requirements(1)(a) The scope of the data audit must include all software code of the DAO.(b) If a DAO can show to the satisfaction of the division director or their designee that portions of the software code of the DAO have been previously audited, those portions of the software code may be removed from the scope of the data audit.(3)(a) The data audit must be conducted by an auditing organization that meets the requirements as set forth in Section R154-3-13.(b) The division director or their designee may reach out to each auditing organization that performs a data audit for a DAO filing with the division to ascertain whether the auditing organization meets the requirements as set forth in Section R154-3-13.(4) A data audit must result in a report that:(a) Is signed by an officer or principal of the auditing organization;(b) Provides contact information for an individual from the auditing organization with knowledge of the data audit and report who may be contacted by the division director or their designee;(c) Describes the findings of the data audit in detail; and(d) Discloses if the audit was conducted using fully automated methods with minimal human intervention.Utah Admin. Code R154-3-12
Adopted by Utah State Bulletin Number 2024-01, effective 1/1/2024