Gambling Commission Security Audit

Gambling Commission Security Audit

The Gambling Commission requires all remote gambling operator licensees to complete an annual third-party security audit against particular sections of ISO 27001, and submit a report as evidence of compliance.

IT Governance is suitably qualified to assess licensed remote gambling providers against the applicable ISO 27001 clauses as set out under Section 4 of the Remote gambling and software standards (RTS).

We will perform an audit against the selected ISO 27001 security controls that apply to the following “critical” systems as defined by the Gambling Commission:

• Electronic systems that record, store, process, share, transmit or retrieve sensitive customer information, e.g. credit/debit card details, authentication information, customer account balances.
  
• Electronic systems that generate, transmit, or process random numbers used to determine the outcome of games or virtual events.
  
• Electronic systems that store results or the current state of a customer’s gambling history.
  
• Points of entry to and exit from the above systems (other systems that are able to communicate directly with core critical systems).
  
• Communication networks that transmit sensitive customer information.

On completion of the annual security audit we will provide you with a report that is suitable for submission to the Gambling Commission.

”IT Governance consultant, Inzamam Khokhar, conducted our Gambling Commission Security audit in November 2022. The auditor was calm, professional, and knowledgeable on the legislation which aided for the audit to be completed successfully in a timely manner.”

- Jill Moore, Lottery Manager at Your Hospice Lottery