Gambling Commission announces update to the Information Security Audit Process

Published: 09 February 2021 by Imogen Moss

Last modified: 22 June 2021

Change comes into force from 1 April 2021

“The Gambling Commission (Commission) has updated the Testing Strategy for compliance with the remote gambling and software standards in respect of the annual information security audit.

All remote operators handling customer data with an information management system must undergo an annual security audit in line with the Remote Technical Standards. The first audit is due within 6 months of launch and then audits must take place upon annual basis by the anniversary date set by the Commission.

Currently there is a requirement for operators to upload the security audit via the Commission e – services system but this is set to change.

Licensees will still be required to ensure that:

The business is subject to an annual independent security audit by an independent auditor.
The information security audit is completed by the anniversary date that the Commission set. Licensees will still receive a reminder 90 days before the audit is due.

The updates to the procedures which come into force on 1 April 2021 are:

Licensees are no longer required to send completed Information security audits to the Commission, unless it requests a copy, or a major non-conformity is identified during the audit.
If the Commission request a copy of an information security audit report it must be submitted within 7 days. The written request from the Commission will explain how to submit the report.
Licensees may be asked for a copy of their most recent security audit during an assessment so Licensees must ensure that the security audits continue to take place and copies of the audits are kept safely so that they can be produced upon request by the Commission.
Licensees must notify the Commission when a completed information security audit identifies a major non-conformity.
Where a major non-conformity is identified the Licensee should notify the Commission by emailing securityaudit@gamblingcommission.gov.uk attaching a copy of the full information security audit report, including management responses.

You can read more here.”

For further information on this or any other gaming licensing issue, contact solicitor Imogen Moss.

Something else you might like…

Gambling
Gambling
News

Gambling Commission launches Consultations for Effective Regulation

Proposed changes to Financial Penalty Calculations and Financial Key Event Reporting

Gambling
Gambling
News

Further Gambling Regulation Consultations Published

The Gambling Commission launches new set of consultations on proposals from the Gambling Act Review White Paper

Gambling
Gambling Operators
News

Safer Gambling week 2023

Poppleston Allen are proud supporters of Safer Gambling week (13th – 19th November 2023)

Join over 7,000 professionals already getting a free legal 'heads up'

Can’t find what you’re looking for?

Speak to one of our friendly team

Get in touch

Cookie	Duration	Description
cookielawinfo-checbox-analytics, cookielawinfo-checkbox-essential, cookielawinfo-checkbox-non-essential, cli_user_preference	11 months	These cookies are set by GDPR Cookie Consent plugin. They are used to store the user consent for the cookies for the different categories for ""Essenial", "Non essential" and "Analytics".
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-5152321-2	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
CONSENT	16 years 3 months	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.