PART II - THE COMMISSION AND THE LICENSING OF CERTIFICATION AUTHORITIES
Section 20. Performance audit.
(1) The operations of a licensed certification authority shall be audited a least once a year to evaluate its compliance with this Act.
(2) The audit shall be carried out by a certified public accountant having expertise in computer security or by an accredited computer security professional.
(3) The qualifications of the auditors and the procedure for an audit shall be as may be prescribed by regulations made under this Act.
(4) The Commission shall publish in the certification authority disclosure record that it maintains for the licensed certification authority concerned the date and result of the audit.