(1)  An accreditation authority that requires a compliance audit may –

(a) engage a biosecurity auditor to perform the audit; or

(b) direct the audit target to engage a biosecurity auditor to perform the audit and specify requirements relating to –

(i) the engagement of the biosecurity auditor; and

(ii) the scope of the compliance audit to be performed.

(2)  An accreditation authority that requires the compliance audit may only direct the audit target to engage a biosecurity auditor under subsection (1)(b) if the audit target is –

(a) a registered entity; or

(b) a biosecurity certifier; or

(c) a biosecurity auditor; or

(d) an accreditation authority other than the Secretary; or

(e) the holder of an individual permit; or

(f) a person who has the benefit of a group permit; or

(g) a person who has given a biosecurity undertaking; or

(h) an entity responsible for preparing a draft biosecurity program under Division 1 of Part 9 ; or

(i) a person who has entered into a biosecurity control agreement; or

(j) a prescribed person, or prescribed class of persons.