Wash. Admin. Code § 308-10A-401 - Standards for audits of recipients

State Regulations
Compare

When the department requires an audit under this section, it may accept an audit performed in the previous 12 months when it meets standards in the data sharing agreement and is performed by an auditor that meets independent third-party auditor qualifications.

For recipients receiving lists:

(1) Audit procedures must test for the presence of required policies and administrative, technical, or physical controls to reasonably conclude the controls are effective and in use by the recipient.

(2) Audit reports must provide documentation on the procedures, and the results of such procedures, used to determine whether controls align with requirements in the data sharing agreement.

For recipients receiving individual records of protected personal information, audit reports must demonstrate reasonable procedures were used to conclude each recipient is compliant with requirements in the data sharing agreement.

Notes

Wash. Admin. Code § 308-10A-401

Adopted by WSR 23-19-010, Filed 9/7/2023, effective 10/8/2023

State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.

No prior version found.