Regulations 28. Audit of information technology framework.—

(1) An information utility shall appoint an external auditor having relevant qualifications to audit its information technology framework, interface and data processing systems every year.

(2) The auditor appointed under sub-regulation (1) shall submit are port to the Governing Board.

(3) The information utility shall submit the report received under sub-regulation (2), along with the comments of the Governing Board, if any, to the Board within one month from the receipt of the report from the external auditor.