Minnesota Statutes 325K.06 – Performance Audits
Subdivision 1.Annual audit; auditor qualifications; rules.
A certified public accountant having expertise in computer security must audit the operations of each licensed certification authority at least once each year to evaluate compliance with this chapter. The secretary may by rule specify the qualifications of auditors.
Subd. 2.Compliance categories.
Terms Used In Minnesota Statutes 325K.06
- Certification authority: means a person who issues a certificate. See Minnesota Statutes 325K.01
- Certification authority disclosure record: means an online, publicly accessible electronic record that concerns a licensed certification authority and is kept by the secretary. See Minnesota Statutes 325K.01
- Licensed certification authority: means a certification authority to whom a license has been issued by the secretary and whose license is in effect, or a certification authority who operates under a license issued by a governmental entity which has been certified pursuant to section 325K. See Minnesota Statutes 325K.01
- Publish: means to record or file in a repository. See Minnesota Statutes 325K.01
- Secretary: means the Minnesota secretary of state. See Minnesota Statutes 325K.01
Terms Used In Minnesota Statutes 325K.06
- Certification authority: means a person who issues a certificate. See Minnesota Statutes 325K.01
- Certification authority disclosure record: means an online, publicly accessible electronic record that concerns a licensed certification authority and is kept by the secretary. See Minnesota Statutes 325K.01
- Licensed certification authority: means a certification authority to whom a license has been issued by the secretary and whose license is in effect, or a certification authority who operates under a license issued by a governmental entity which has been certified pursuant to section 325K. See Minnesota Statutes 325K.01
- Publish: means to record or file in a repository. See Minnesota Statutes 325K.01
- Secretary: means the Minnesota secretary of state. See Minnesota Statutes 325K.01
Based on information gathered in the audit, the auditor must categorize the licensed certification authority‘s compliance as one of the following:
(a) Full compliance. The certification authority appears to conform to all applicable statutory and regulatory requirements.
(b) Substantial compliance. The certification authority appears generally to conform to applicable statutory and regulatory requirements. However, one or more instances of noncompliance or of inability to demonstrate compliance were found in an audited sample, but were likely to be inconsequential.
(c) Partial compliance. The certification authority appears to comply with some statutory and regulatory requirements, but was found not to have complied or not be able to demonstrate compliance with one or more important safeguards.
(d) Noncompliance. The certification authority complies with few or none of the statutory and regulatory requirements, fails to keep adequate records to demonstrate compliance with more than a few requirements, or refused to submit to an audit.
The secretary shall publish in the certification authority disclosure record it maintains for the certification authority the date of the audit and the resulting categorization of the certification authority.
Subd. 3.
[Repealed, 1998 c 321 s 31]
Subd. 4.
[Repealed, 1998 c 321 s 31]
Subd. 5.
[Repealed, 1998 c 321 s 31]