Gambling Commission Audits_

The UK Gambling Commission’s Remote Technical Standards must be continually adhered to in order for UK based gaming operators to meet licensing conditions. As qualified Gambling Commission audit assessors, we can help get you certified quickly and easily.

What is a Gambling Commission Audit?

The UK Gambling Commission’s Remote Technical Standards (RTS) must be adhered to on a continual basis for a gaming business with a UK license. The RTS is based on ISO 27001 controls, and are designed to ensure that operators handle personal data and the operation of random number systems in a secure, integral manner.

What does the Remote Technical Standard cover?

The UK Gambling Commission’s Remote Technical Standards document is based on ISO27001 and covers the following security requirements:

  • A.5 – Security Policy
  • A.6 – Organisation of Information Security
  • A.7 – Human Resources Security
  • A.8 – Asset Management
  • A.9 – Access Control
  • A.10 – Cryptography
  • A.11 – Physical and Environmental Security
  • A.12 – Operations Security
  • A.13 – Communications Security
  • A.14 – Systems Acquisition, Development and Maintenance
  • A.15 – Supplier Relationship
  • A.18 – Compliance

Why use 2-sec for your Gambling Commission Audit?

We take a bespoke, approach to assessment for each of our clients:

Industry leading cyber security experts – We have worked with cyber security industry standards long before Gambling Commission audits were introduced in 2014, including ISO 27001, PCI DSS, PA-DSS, Cyber Essentials and IASME.


Fully accredited – At both a corporate and an individual level including CREST, QSA, PCI DSS, PA-QSA, CE+, IASME, CHECK, CISSP, CISA, CISM, SANS-GIAC and CEH.

Commitment to understanding your business – We will take adequate time to understand your business, operations and process to accurately scope your Gambling Commission assessment.

Multiple assessment routes – We offer a range of methods of certification according to your situation, to ensure onsite assessment are conducted in the most efficient manner.

Dedicated Customer Success Manager – We know that you’ll have a lot of questions throughout this accreditation process, so you’ll have direct phone and email contact with your own go-to person.


Clear communication – Our mission is to ‘simplify security’. We will communicate our recommendations to you in a clear and jargon-free way.

How audits work

UK Gambling Commission audits focus on a set of 45 controls, designed to protect personal information and random number generation systems. These controls apply to a defined scope, which could your whole company, or part of your company depending on your needs. Our audit services are conducted as follows:


Prior to assessment, it is key that all parties agree the same scope, so that there are no surprises later.

Gap Analysis

Once the scope is defined, we will perform a high level gap analysis, to ensure the 45 controls operate at a basic level.


Remediation steps may be required depending on the above findings. We will help you work through these, so that the scope is ready for a formal audit.

Onsite audit

A well prepared audit, on a correctly defined scope, is a breeze. In most cases we can conduct the onsite element in one or two days, plus incorporate any visits to offshore locations.


We will then compile a report and submit to the Gambling Commission on your behalf.

Uncertain about Gambling Commission audits?


Your Name (required)

Company Name (required)

Contact Number

Your Email (required)

Your Message

Or call us on: 0844 502 2066

For more information

There is a wide variety of Gambling Commission information produced by the UK government, which may be found here: