Gambling Commission announces update to the Information Security Audit Process

Change comes into force from 1 April 2021

Published: 09 February 2021 by Imogen Moss

“The Gambling Commission (Commission) has updated the Testing Strategy for compliance with the remote gambling and software standards in respect of the annual information security audit.

All remote operators handling customer data with an information management system must undergo an annual security audit in line with the Remote Technical Standards. The first audit is due within 6 months of launch and then audits must take place upon annual basis by the anniversary date set by the Commission.

Currently there is a requirement for operators to upload the security audit via the Commission e – services system but this is set to change.

Licensees will still be required to ensure that:

The business is subject to an annual independent security audit by an independent auditor.
The information security audit is completed by the anniversary date that the Commission set. Licensees will still receive a reminder 90 days before the audit is due.

The updates to the procedures which come into force on 1 April 2021 are:

Licensees are no longer required to send completed Information security audits to the Commission, unless it requests a copy, or a major non-conformity is identified during the audit.
If the Commission request a copy of an information security audit report it must be submitted within 7 days. The written request from the Commission will explain how to submit the report.
Licensees may be asked for a copy of their most recent security audit during an assessment so Licensees must ensure that the security audits continue to take place and copies of the audits are kept safely so that they can be produced upon request by the Commission.
Licensees must notify the Commission when a completed information security audit identifies a major non-conformity.
Where a major non-conformity is identified the Licensee should notify the Commission by emailing securityaudit@gamblingcommission.gov.uk attaching a copy of the full information security audit report, including management responses.

You can read more here.”

For further information on this or any other gaming licensing issue, contact solicitor Imogen Moss.

Something else you might like…

Gambling
Gambling
Gambling Operators
Legislation
News

Licensing solicitor talks digital marketing & gambling advertising

No complacency for gambling operators as advertising regulator made concerns clear for online marketing

Gambling
Gambling
News

Digital marketing could make your pub sweepstake illegal

With the pandemic forcing pubs to close for large periods over the past two years, we saw many establishments focus…

Gambling
Gambling
News

Your workplace Grand National sweepstake could be illegal

Most companies in the gambling industry are well-versed in what constitutes illegal gambling, particularly given the large fines handed out…

Cookie	Duration	Description
cookielawinfo-checbox-analytics, cookielawinfo-checkbox-essential, cookielawinfo-checkbox-non-essential, cli_user_preference	11 months	These cookies are set by GDPR Cookie Consent plugin. They are used to store the user consent for the cookies for the different categories for ""Essenial", "Non essential" and "Analytics".
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-5152321-2	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
CONSENT	16 years 3 months	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Change comes into force from 1 April 2021

Something else you might like…

Speak to one of our friendly team