Skip to Main Content
Learn for less: Save 10% on high-quality foundation and auditor training. Find out more
Gambling Commission Security Audit

Gambling Commission Security Audit

SKU: 4584
Format: Consultancy

Meet the requirements of the Gambling Commission with IT Governance’s annual security audit service.

With a wealth of experience, our team of ISO 27001 Lead Auditors, many of whom also hold CISA, CISM or CISSP certificates, are qualified to carry out independent information security audits as required by the Gambling Commission.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Gambling Commission Security Audit

The Gambling Commission requires all remote gambling operator licensees to complete an annual third-party security audit against particular sections of ISO 27001, and submit a report as evidence of compliance.

IT Governance is suitably qualified to assess licensed remote gambling providers against the applicable ISO 27001 clauses as set out under Section 4 of the Remote gambling and software standards (RTS).

We will perform an audit against the selected ISO 27001 security controls that apply to the following “critical” systems as defined by the Gambling Commission:

  • Electronic systems that record, store, process, share, transmit or retrieve sensitive customer information, e.g. credit/debit card details, authentication information, customer account balances.
  • Electronic systems that generate, transmit, or process random numbers used to determine the outcome of games or virtual events.
  • Electronic systems that store results or the current state of a customer’s gambling history.
  • Points of entry to and exit from the above systems (other systems that are able to communicate directly with core critical systems).
  • Communication networks that transmit sensitive customer information.

On completion of the annual security audit we will provide you with a report that is suitable for submission to the Gambling Commission.

”IT Governance consultant, Inzamam Khokhar, conducted our Gambling Commission Security audit in November 2022. The auditor was calm, professional, and knowledgeable on the legislation which aided for the audit to be completed successfully in a timely manner.”

- Jill Moore, Lottery Manager at Your Hospice Lottery

What's included

What does the security audit include?

In line with the requirements of the Gambling Commission, we will deliver the following as part of the security audit:

  • Determine the scope of testing.
  • Review relevant policies, procedures and documents.
  • Review IT systems.
  • Assess the effectiveness of security controls.
  • Conduct interviews with key stakeholders and staff members.
  • Gather evidence from specific areas, including network security settings, user control access and training records.
  • Develop a management plan to resolve issues that were identified.
  • Provide an executive summary including the key audit findings.
  • Produce a security audit report that meets the requirements of the Gambling Commission.

Customer Reviews

This website uses cookies. View our cookie policy
SAVE 10%