Gambling Commission Security Audit

The remote gambling and software technical standards (RTS)

Our team of highly experienced security consultants can guide your organisation through the remote gambling and software technical standards (RTS) audit with a minimum of fuss.

RTS Security Compliance

If you are a UK-based organisation that holds a remote gambling license with the UK’s Gambling Commission, you are required to complete an annual security audit against the remote gambling and software technical standards (RTS). This yearly audit must be completed by a third-party auditor and follows a subset of technical controls found in ISO27001.

As highly experienced ISO27001 implementors, our team of security consultants are expertly placed to help guide you through the process, start to finish.

RTS Technical Controls

If you are familiar with ISO27001, then you may be familiar with the technical controls in which the RTS is audited. These controls include:

A.5 - Information Security Policies
A.6 - Organisation of information security
A.7 - Human resource security
A.8 - Asset management
A.9 - Access control
A.10 - Cryptography
A.11 - Physical and environmental security
A.12 - Operations Security
A.13 - Communications Security
A.14 - System acquisition, development and maintenance
A.15 - Supplier relationships
A.16 - Information security incident management
A.18 - Compliance

Scope of the RTS

The UK Gambling Commission has identified which systems it deems most critical in achieving its aims with the following areas falling into scope:

Electronic systems that record, store, process, share, transmit or retrieve sensitive customer information, for example, credit or debit card details, authentication information, customer account balances
Electronic systems that generate, transmit, or process random numbers used to determine the outcome of games or virtual events
Electronic systems that store results or the current state of a customer’s gambling history
Points of entry to and exit from the above systems (other systems that are able to communicate directly with core critical systems)
Communication networks that transmit sensitive customer information.

How Vertical Structure Can Help

Our team comprises highly experienced security consultants from various industry backgrounds. The makeup of this team not only provides a unique approach to projects but also delivers on our customer-centric mantra. Using this approach, we will guide and inform you at every step of the way, helping to develop your confidence and understanding of the various processes and changes needed to secure your organisation when it comes to information security.

Our team are suitably qualified holding certifications as ISO27001 Lead Auditors, ISO27001 Lead Implementers, Certified Information Security Managers, and Chartered Cyber Security Professionals.

Our Process

We employ a tried and tested process for achieving compliance against the remote gambling and software technical standards (RTS).

Scoping
Gap Analysis
Remediation
Audit

The yearly remote gambling and software technical standards (RTS) audit is a fantastic way to introduce baseline information security into organisations operating in the UK gambling industry. Not only does it demonstrate to customers your commitment to safeguarding their data, but is also a great first step should you ever consider working towards the larger ISO27001 certification.

Keith Anderson (Lead Cyber Security Consultant)