within six months from an Operator’s commencement in trading and having previously obtained their gaming license from the UK Gambling Commission (UKGC), and annually thereafter. The objective is to assess compliance against the security requirements set out in section 5 of the Remote Gambling and Software standards (RTS). The security requirements are based on relevant sections of ISO/IEC 27001:2013 and these are listed in the RTS.
Such information security audit include testing in the following areas:
- Information Security Policies;
- Organisation of Information Security;
- Human Resources Security;
- Asset Management;
- Access Control;
- Cryptography;
- Physical and Environmental Security;
- Operations Security;
- Communications Security;
- System Acquisition, Development and Maintenance;
- Supplier Relationships;
- Information Security Incident Management;
- Compliance.