15. Security audits
(1) Where the Commission serves a security measures direction on a provider requiring the provider to submit to a security audit the Commission may appoint such member of the staff of the Commission, or such other suitably qualified independent person as the Commission considers appropriate, (referred to in this section as a "security auditor") to carry out the security audit in accordance with the direction.
(2) A security auditor shall, on his or her appointment, be provided by the Commission with a certificate of his or her appointment and when exercising a power referred to in subsection (3) shall, if requested by any person thereby affected, produce such certificate to that person for inspection.