New UKGC Remote Technical Standards
By Brian Cullingworth, Last updated Jul 1, 2023
And gambling sector cyber security threat intelligence sharing group opened to entire sector
In its fortnightly advisory, the UK Gambling Commission (UKGC) has reminded the implementation of new remote technical standards (RTS) for gambling software and remote operating licence holders relating to the timing and procedures for testing and security requirements, a subset of the ISO/IEC 27001: 2013 International benchmark.
From October 1, 2018 updated/new requirements apply to live dealer studios, peer-to-peer poker, use of third party software, linked progressive jackpots, virtual sports odds and information security standards.
The UKGC has updated the supporting testing strategy to incorporate new standards and changes at http://www.gamblingcommission.gov.uk/for-gambling-businesses/Compliance/Sector-specific-compliance/Remote-and-software/Remote-technical-standards-testing-strategy.aspx
From April 1, 2018, additional requirements apply to the display of transactions, gambling account history, display of net deposits and financial limits.
The UKGC will provide a copy of the complete, updated RTS and testing strategy on request to interested parties who write to gamestesting@gamblingcommission.gov.uk
In related news, a gambling sector cyber security threat intelligence sharing group, formed in 2015 by several UKGC license-holders including William Hill and Camelot, is opening up to the sector.
The voluntary group, supported by the UK’s National Cyber Security Centre (NCSC) – part of Government Communications Headquarters, is inviting all UKGC licensees to join with a view to sharing technical information on threats that are being experienced in the sector, ultimately enabling them to better defend their own systems from cyber attack.
Each participating organisation is required to sign a Non-Disclosure Agreement to ensure transparency in the information sharing process.
The group is operated independently of the Gambling Commission and suppliers, who are excluded from membership, and is open only to technical security personnel from UKGC-licensed organisations.
Members will gain access to a shared instant messaging channel, a private group on the NCSC CISP portal, as well as invitations to monthly conference calls and a handful of face-to-face meetings a year.
Membership comes at no financial cost, just a commitment to proactively contribute to the wider group, a press statement reads.