- (a) A contract auditor shall collectively possess sufficient training and experience to adequately perform unclaimed property examinations.
- (b) A contract auditor shall not engage in any unclaimed property examination without written authorization from the Auditor of State.
- (c) A contract auditor shall report in writing to the Auditor of State at least monthly on the status of all unclaimed property examinations the contract auditor has been authorized to perform.
(d)
(1) A contract auditor shall have in place data security practices, policies, and procedures reasonably required to prevent any security breach or loss as well as protect:
- (A) User privacy;
- (B) Computer security; and
- (C) Network security.
(2) A contract auditor shall also have a cyber-incident response plan in the event of a security breach or loss as well as cybersecurity training programs on:
- (A) New user awareness;
- (B) Annual user awareness; and
- (C) Post-incident refresher training.