Jump to Content

Certification Authority Licensing - Qualified Auditor

It is also important that the auditors who review the certification authority’s system for compliance with CS-2 are qualified to do so. The Washington Administrative Code establishes auditor requirements at section 484-180-240(3).

The audit may be performed by an individual or by a team. If the audit is performed by an individual, that individual must be a licensed certified public accountant and also qualify as a computer security professional. If performed by a team, all of the auditors must be licensed certified public accountants and at least one member of the team must qualify as a computer security professional.

To qualify as a computer security professional, the auditor must be certified either:

  • as a "Certified Information Systems Auditor (CISA)" by the Information Systems Audit and Control Foundation; or
  • as a "Certified Information Systems Security Professional" by the International Information Systems Security Certification Consortium.

In foreign jurisdictions, the requirement that the auditor must be a licensed certified public accountant may be met by qualifying under the equivalent law of that jurisdiction.

Links for additional information about computer security professional qualifications: