What ARE GAMBLING COMMISSION SECURITY AUDITs?
If you are a UK gaming business holder of a remote gambling operator licence (including specified remote lottery licences), you are required to engage a 3rd party to carry out an independent security audit and submit this to the Gambling Commission as evidence of compliance on an annual basis.
Understandably, with the amount of personal information held by businesses in this industry, the demonstration of high levels of not only physical security but also cyber and information security is paramount and exactly why Gambling Commission Security Audits were introduced.
What is included in Gambling Commission Security Audits?
The annual security audit is measured against particular sections of ISO 27001. The UK Gambling Commission audits focus on a set of 45 controls, designed to protect personal information and random number generation systems. These controls apply to a defined scope, which could encompass your whole company or just part of your business, depending on your needs.
Our audit services are conducted as follows:
- Scoping – Prior to assessment all partners need to agree the same scope, so that there are no unexpected issues.
- Gap Analysis – Once the scope is defined, we will perform a high-level gap analysis, to ensure the 45 controls operate at a basic level.
- Remediation – Remediation steps may be required depending on the above findings. We will help you work through these, so that the scope is ready for a formal audit.
- Onsite audit – A well prepared audit, on a correctly defined scope will be carried out. In most cases we can conduct the onsite element in one or two days, plus incorporate any visits to offshore locations.
- Reporting – We will then compile a report and submit to the Gambling Commission on your behalf.
What will A Gambling Commission Audit Report cover?
The elements that are covered are:
Achieving a successful audit will help your business to:
- Follow a roadmap for continued self-improvement which can be used to reduce the risk of attacks;
- Ensure protection of business operations by helping maintain an organisation’s service levels to its customers;
- Protect customers’ money as all internet gambling businesses must hold player deposits in a separate bank account;
- Meet legal and regulatory requirements by demonstrating that you comply with legal regulations;
- Provide assurance that you have carried out an independent review by experts.
Why 2|SEC Consulting?
- We will take adequate time to understand your business, operations, and process to accurately scope your Gambling Commission assessment;
- We deliver complete project support including implementing the recommended resolution;
- We have vast experience of working with cyber and information security industry standards;
- We streamline the compliance approach by using state of the art tools and expert methodology to enable your business to achieve certification as quickly and as efficiently as possible, without compromising your programme;
- We produce easy to understand reporting.
Are you currently meeting all legal and regulatory requirements?
“2|SEC Consulting is a cyber security consultancy that supports you throughout an engagement. They are always available, extremely knowledgeable in their field and have been a great extension to our in-house security team.”