News Gambling Commission announces update to the Information Security Audit Process

Change comes into force from 1 April 2021

“The Gambling Commission (Commission) has updated the Testing Strategy for compliance with the remote gambling and software standards in respect of the annual information security audit.

All remote operators handling customer data with an information management system must undergo an annual security audit in line with the Remote Technical Standards.  The first audit is due within 6 months of launch and then audits must take place upon annual basis by the anniversary date set by the Commission.

Currently there is a requirement for operators to upload the security audit via the Commission e – services system but this is set to change.

Licensees will still be required to ensure that:

  • The business is subject to an annual independent security audit by an independent auditor.
  • The information security audit is completed by the anniversary date that the Commission set. Licensees will still receive a reminder 90 days before the audit is due.

The updates to the procedures which come into force on 1 April 2021 are:

  • Licensees are no longer required to send completed Information security audits to the Commission, unless it requests a copy, or a major non-conformity is identified during the audit.
  • If the Commission request a copy of an information security audit report it must be submitted within 7 days. The written request from the Commission will explain how to submit the report.
  • Licensees may be asked for a copy of their most recent security audit during an assessment so Licensees must ensure that the security audits continue to take place and copies of the audits are kept safely so that they can be produced upon request by the Commission.
  • Licensees must notify the Commission when a completed information security audit identifies a major non-conformity.
  • Where a major non-conformity is identified the Licensee should notify the Commission by emailing securityaudit@gamblingcommission.gov.uk attaching a copy of the full information security audit report, including management responses.

You can read more here."

For further information on this or any other gaming licensing issue, contact solicitor Imogen Moss.