Statutes, codes, and regulations
Washington Administrative Code
Title 308 - Licensing, Department of (See also Titles 36, 98 and 196)
Chapter 308-10A - Data Sharing
Section 308-10A-401 - Standards for audits of recipients

Wash. Admin. Code § 308-10A-401

Download
PDF
Current through Register Vol. 24-23, December 1, 2024
Section 308-10A-401 - Standards for audits of recipients

When the department requires an audit under this section, it may accept an audit performed in the previous 12 months when it meets standards in the data sharing agreement and is performed by an auditor that meets independent third-party auditor qualifications.

For recipients receiving lists:

(1) Audit procedures must test for the presence of required policies and administrative, technical, or physical controls to reasonably conclude the controls are effective and in use by the recipient.
(2) Audit reports must provide documentation on the procedures, and the results of such procedures, used to determine whether controls align with requirements in the data sharing agreement.

For recipients receiving individual records of protected personal information, audit reports must demonstrate reasonable procedures were used to conclude each recipient is compliant with requirements in the data sharing agreement.

Wash. Admin. Code § 308-10A-401

Adopted by WSR 23-19-010, Filed 9/7/2023, effective 10/8/2023