18 ncac 07j .0620          it security audit

A technology provider shall have a third-party audit of its IT security conducted at least once every three years:

(1)           sufficient to comply with Rule .0622 of this Section; and

(2)           by Certified Information Systems Auditors or the equivalent.

 

History Note:        Authority G.S. 10B-4; 10B-106; 10B-125(b); 10B-126; 10B-134.15; 10B-134.17; 10B-134.19; 10B-134.21; 10B-134.23;

Eff. July 1, 2025.