+44 (0)20 7877 0060 contact@2-sec.com
Select Page

Gambling Commission Security Audits

What ARE GAMBLING COMMISSION SECURITY AUDITs?

If you are a UK gaming business holder of a remote gambling operator licence (including specified remote lottery licences), you are required to engage a 3rd party to carry out an independent security audit and submit this to the Gambling Commission as evidence of compliance on an annual basis.

Understandably, with the amount of personal information held by businesses in this industry, the demonstration of high levels of not only physical security but also cyber and information security is paramount and exactly why Gambling Commission Security Audits were introduced.

What is included in Gambling Commission Security Audits?

The annual security audit is measured against particular sections of ISO 27001. The UK Gambling Commission audits focus on a set of 45 controls, designed to protect personal information and random number generation systems. These controls apply to a defined scope, which could encompass your whole company or just part of your business, depending on your needs.

Our audit services are conducted as follows:

  1. Scoping – Prior to assessment all partners need to agree the same scope, so that there are no unexpected issues.
  2. Gap Analysis – Once the scope is defined, we will perform a high-level gap analysis, to ensure the 45 controls operate at a basic level.
  3. Remediation – Remediation steps may be required depending on the above findings. We will help you work through these, so that the scope is ready for a formal audit.
  4. Onsite audit – A well prepared audit, on a correctly defined scope will be carried out. In most cases we can conduct the onsite element in one or two days, plus incorporate any visits to offshore locations.
  5. Reporting – We will then compile a report and submit to the Gambling Commission on your behalf.

What will A Gambling Commission Audit Report cover?

The report details the assessment results for each of the Remote Technical Standard (RTS) security elements as well as the auditor’s opinion about whether the licensee’s overall security control environment is effective for the areas outlined in the RTS.

The elements that are covered are:

 

Security Policy
e
Organisation of Information Security
Human Resources Security
Asset Management
f
Access Control
~
Cryptography
Physical and Environmental Security
Operations Security
w
Communications Security
Systems Acquisition, Development and Maintenance
Supplier Relationship
R
Compliance
Z

Business Benefits

Achieving a successful audit will help your business to:

  • Follow a roadmap for continued self-improvement which can be used to reduce the risk of attacks;
  • Ensure protection of business operations by helping maintain an organisation’s service levels to its customers;
  • Protect customers’ money as all internet gambling businesses must hold player deposits in a separate bank account;
  • Meet legal and regulatory requirements by demonstrating that you comply with legal regulations;
  • Provide assurance that you have carried out an independent review by experts.

Why 2|SEC Consulting?

  • We will take adequate time to understand your business, operations, and process to accurately scope your Gambling Commission assessment;
  • We deliver complete project support including implementing the recommended resolution;
  • We have vast experience of working with cyber and information security industry standards;
  • We streamline the compliance approach by using state of the art tools and expert methodology to enable your business to achieve certification as quickly and as efficiently as possible, without compromising your programme;
  • We produce easy to understand reporting.

Are you currently meeting all legal and regulatory requirements?

Gain assurance through an independent review and ensure protection of business operations.

“2|SEC Consulting is a cyber security consultancy that supports you throughout an engagement. They are always available, extremely knowledgeable in their field and have been a great extension to our in-house security team.”

Principal Engineer

Technology Company

Cyber & Information Security: Discover More

Here are some quick links to related services and articles that might be of interest