Section 15-10-44.2 - Audits of computer systems - Penalty1. Any auditor hired to conduct audits of the state board of higher education and the entities under the control and supervision of the board may: a. Conduct a review and assessment of any computer system or related security system of the state board of higher education or any entity under the control and supervision of the board. A review and assessment under this section may include an assessment of system vulnerability, network penetration, any potential security breach, and the susceptibility of the system to cyber attack or cyber fraud.b. Disclose the findings of a review and assessment to an individual or committee designated by the state board of higher education or to the board. Any record relating to a review and assessment, including a working paper or preliminary draft of a review and assessment report and a report of the findings of a review and assessment, and any record that may cause or perpetuate vulnerability of a computer system or related security system which is obtained or created during a review and assessment is an exempt record.c. In conjunction with the state board of higher education or a committee designated by the board, procure the services of a specialist in information security systems or any other contractor deemed necessary in conducting a review and assessment under this section.2. Any person hired or contracted to provide services in relation to a review and assessment under this section is subject to the privacy and confidentiality provisions of subsection 1 and any other section of law, including section 44-04-27, and for the purposes of section 12.1-13-01, is a public servant.Added by S.L. 2015, ch. 3 (HB 1003),§ 9, eff. 5/14/2015.