Land based betting Annex 1. Technical requirements of the control system

Transcription

1 Land based betting Annex 1. Technical requirements of the control system A Introduction This document describes the technical requirements that must be met by a licence holder, including securing the data-basis for conducting control and requirements of accessibility, internal controls, administrative procedures and organisation. B. Abbreviations and definitions SAFE: The data storage that the licence holder must establish in order to store the gambling data which the Danish Gambling Authority requires when conducting controls. RNG: Random Number Generator. Gambling system: Electronic or other equipment that is used by or on behalf of the licence holder for the supply and operation of land-based betting, including equipment which: 1. is used for storage of information concerning a person s participation in gambling, including historical data and information about results, 2. produces and/or presents games for the player, or 3. determines the result of a game, or calculates whether the player has lost or won the game. SAFE is not a part of the gambling system. FTPS: File Transfer Protocol SSL. SSL: Secure Sockets Layer. XSD: XML Standard Definition. XML: Extensible Markup Language. C. Collected systems complex used for gambling control The collected systems complex consists of the licence holder s gambling system, the licence holder s file server data warehouse (SAFE), a security system (Tamper Token) and a register of voluntarily excluded players (ROFUS). 1

2 1. SAFE is the licence holder s own data warehouse (a file server) where the licence holder must store gambling data in relation to Standard Records for all games that are carried out at the licence holder. All licence holders must establish a data warehouse (SAFE). The Danish Gambling Authority must be able to gain access to the licence holder s data warehouse. 2. Tamper Token. The Danish Gambling Authority implements a security system that must be used for Tamper Token. Tamper Token s purpose is to secure that gambling data, which the licence holder stores on SAFE in the form of Standard Records, are not altered while they are stored on SAFE. The Danish Gambling Authority sets up a server for the issuance of tokens that are issued to the licence holder on a daily basis. The frequency can be regulated according to an actual assessment. The licence holder must implement a function that follows the Danish Gambling Authority s specifications for generating an identification code on the basis of the stored gambling data and the issued token. The identification code must be reported back to the Danish Gambling Authority before the expiration of the token in question. The licence holder s communication with the Tamper Token system takes place through web services. The Danish Gambling Authority s Tamper Token additionally: manages the creation of keys (tokens) used for the calculation of identification codes manages the storage of identification codes for later control continuously controls that the time period for the completion of tokens is obeyed ensures that the verification of a series of gambling data is not altered in comparison to the received identification code. It is required that the licence holder can manage an altered token frequency in connection to the issuance of a new token. The licence holder must immediately inform the Danish Gambling Authority about any faults on Tamper Token. D. Requirements of gambling data (Standard Records) The licence holder must store gambling data on SAFE in XML-files with attributes and a frequency specified by Danish Gambling Authority. The following subdivisions are used: EndOfDay Puljespil (pool games) FastOdds Managerspil (manager games) Jackpot 2

3 For gambling types not mentioned in the subdivisions above, it must be agreed upon with the Danish Gambling Authority how the gambling data must be stored on SAFE. This must be done before any provision of games. The Danish Gambling Authority announces a technical description of the format in which gambling data must be reported to SAFE (Standard Records). The technical description contains a conceptual model and attribute-definitions. The description includes a group of XSD-files whose structure must be complied with when storing gambling data on SAFE. E. Requirements of SAFE E.1 The licence holder s data warehouse The licence holder must establish a data warehouse (SAFE) for the storage of gambling data. The licence holder must transfer and store gambling data in reference to Standard Records in the data warehouse. The licence holder must store gambling data for 12 consecutive months on SAFE and store gambling data for additional 48 months on a digitally readable media. Data transfers between the licence holder s SAFE and the Danish Gambling Authority s control system must take place through the Internet with FTPS with a minimum speed of 8 Mbit/second. The licence holder must secure that the connection is suitable for a unproblematic transfer of gambling data. E.1.1. Technical requirements of SAFE SAFE must be established on a separate server that is physically separated from the licence holder s gambling system. Gambling data on SAFE must be logically and soundly separated from other eventual data. The licence holder must secure the necessary back-up of all gambling data. SAFE and back-up of SAFE must be geographically separated. Likewise, the data storage on a digitally readable media must be geographically separated from its back-up. SAFE must, before it is used as a data warehouse, fulfil it-security demands on a level that as a minimum corresponds to the level of security demands of the licence holder s gambling system pursuant to the executive order on land-based betting. The licence holder must secure that the Danish Gambling Authority has online access to obtain gambling data from SAFE. The licence holder must establish access to SAFE through a secure admission (FTPS). The folder structure on SAFE must be established according to the structure which the Danish Gambling Authority has specified cf. section E.3. Folder structure on SAFE and the naming of Standard Records. 3

4 Gambling data on SAFE must be stored according to the specified Standard Records cf. section D Requirements of gambling data (Standard Records). The licence holder must document that SAFE complies with the stated requirements. The licence holder must complete operational documentation for SAFE, including documentation for the necessary operational environment, operational procedures and routines, back-up systems and error handling. All documentation must be delivered in Danish. Technical specifications of a general character can, however, be delivered in English. Documentation must by request be made electronically available (for example per mail, USBstick, CD-ROM, DVD) to the Danish Gambling Authority without delay and never later than two working days. All documentation must be delivered in a format that can be managed by the Danish Gambling Authority and read in Microsoft Office or Adobe Reader. Documentation must be updated continuously and as a minimum by every release. There must for every release follow an updated documentation which describes the grounds for the release. SAFE accessibility per month: Accessibility Incident reaction time pct. Within 1 hour, Monday Friday, in the span of (Danish time). Response time The average response time for login must be less than 10 seconds. SAFE service windows: Window type Service window Durance Warning utilisation of service window Standard changes, patching, etc. Larger updates Once per day in the time span of Monday to Friday and Saturday to Sunday Monday times per month in the time span of 120 min. 5 working days warning 20 hours 10 working days warning 4

5 Of environments, architecture and services Critical urgency updates Saturday Monday times yearly in the time span of Saturday Monday hours 15 working days warning Upon agreement Upon agreement Before the task has started Incidents: Incident type Solved within >95.5 pct. of all incidents are solved within the time frames stated below. Measured per month. For other incidents a separate deadline must be agreed upon. Urgent (blocking) Medium (troublesome work-around exists) Normal (inconveniences that require less workaround) 6 hours 2 working days 4 working days The licence holder must report incidents through the Danish Gambling Authority s incident reporting system. Requirements and information will be announced on the Danish Gambling Authority s homepage. Licence holder is responsible for the operation of SAFE. If SAFE is inaccessible, gambling data must be gathered and stored on SAFE after completion of the period of inaccessibility. E.2 Transfer of gambling data from the gambling system to SAFE The licence holder must transfer and store gambling data on SAFE according to Standard Records (information concerning data structures). It is the responsibility and duty of the licence holder to secure this data transfer. The Danish Gambling Authority must according to its needs be able to transfer gambling data from SAFE to the Danish Gambling Authority s own data warehouse to control usage. The transfer takes place through the Internet with FTPS, and the data validity is controlled by Tamper Token. E. 3 Folder structure on SAFE and naming of Standard Records The licence holder must build the folder structure on SAFE and name Standard Records according to the following structure: 5

6 Level 1: The outer folder is named Folderstruktur-spilsystem. Level 2: The folder is named Zip. Level 3: Folders are set-up for every day, named after the date in the format YYYY-MM-DD. Level 4: The zip-files which each are attached to one token are placed here. Furthermore, there must be folders for those tokens which are not yet closed. A folder, which has not yet been closed, is named SpilCertifikatIdentifikation-TamperTokenID. The zip file which includes the folder is named SpilCertifikatIdentifkation-TamperTokenID.zip. SpilCertifikatIdentifikation is a unique identification of the licence holder, which is issued by the Danish Gambling Authority. TamperTokenID is a unique identification of the individual Tamper Token. Level 5: Folders are created according to the content of every single zip file. They are named for example EndOfDay, FastOdds, Jackpot, PuljeSpil (pool games) and Managerspil (manager games). Level 6: Folders for the relevant dates are created, named after the date in the format YYYY-MM- DD. The individual Standard Records are placed on this level or level 7 and placed in a folder that matches the time when the file was created. Level 7: (Optional) It is possible to state subfolders with time frames in the format HH.MM- HH.MM. Puljespil-files must be placed in the folder which represents the placing of the bet. In connection to all other game types, the files must be placed in the folder where one expects them to be completed. The naming of folders and Standard Records must follow the Danish Gambling Authority s specifications. Gambling data must continuously be zipped as it is stated in the folder structure, and there must be created a zip file for every Tamper Token key. Every individual zip file must contain exactly those gambling data that are packed together with the belonging Tamper Token key. F. Continuous control of the compliance of the licence holder requirements F.1. Request of gambling data The licence holder must by request be able to deliver archived gambling data from a digitally readable media, cf. section E.1, to the Danish Gambling Authority within 5 working days. F.2 Request of other information Besides those gambling data mentioned in section E.1, the licence holder must be able to generate information from his gambling system and eventually belonging systems, including: Information concerning gambling accounts. Statistical information. An extract of actual registrations in the licence holder s gambling system. 6

7 This information must be delivered to the Danish Gambling Authority within 5 working days. G. Requirements of the licence holder s controls, administrative practices and organisation The licence holder must devise, document and implement continuous controls of whether the existing requirements constantly are being obeyed by both the licence holder and his business partners. These controls must as a minimum include: Daily controls conducted by employees and managers (which to the greatest extent possible must be incorporated in administrative procedures and systems). Periodic as well as randomized internal audit. External audit, when this is required in order to obtain a satisfactory level of documentation of whether existing requirements are obeyed. Processing and filing of control results. Immediate notification of the Danish Gambling Authority when errors or violations are established or by suspicion of errors or violations committed by the licence holder himself and/or by his business partners. The notification must include the licence holder s assessment of the consequences of the error or violation. The licence holder is responsible for devising, documenting and following relevant administrative procedures that are aimed at supporting and securing that both licence holder and his possible business partners constantly obey the requirements in the executive order. The administrative procedures must as a minimum include: Licence holder must secure monitoring of all the components and data transmissions in the gambling system, including data lines, data packages, networks, SAFE, RNG, gambling systems etc. (including components and data transmissions placed within a possibly involved third party). Licence holder must secure a back-up and restore procedure in order to counter the loss of data. Licence holder must secure maintenance and security procedures in order to have a secure and safe operation in accordance with ISO The licence holder must be appropriately organized and sufficiently manned in order to provide products in accordance with the purpose of the Act on Gambling and the requirements posed by the Danish Gambling Authority. Besides the requirements related to the different roles and persons, which the legislation states as a condition for issuing a licence, the licence holder must as a minimum establish the following organisational roles: 7

8 Responsible for gambling software and the operation of games, including ensuring that all games are built are run correctly and reliably without errors or cheating committed by the licence holder and possible business partners. Responsible for IT-security, including ensuring that all forms of IT-hardware, software and networks used by the licence holder (and his possible business partners) are operate defensibly when it comes to security. Responsible for system changes, cf. the Danish Gambling Authority s program for the management of system changes. Responsible for monitoring of money laundering and terrorist financing, including ensuring that the requirements of the executive order are obeyed. Responsible for finances, including ensuring that the Danish Authority also receives the correct share of the gross gambling revenue. The licence holder must inform the Danish Gambling Authority about who holds the mentioned areas of responsibility. The responsible persons must have the necessary qualifications and the necessary experience in order to assume the role and the responsibility. The licence holder must secure that the persons have the authority to establish measures and implement the necessary changes in order to secure that the licence holder follows the stated requirements. In connection to the execution of controls, the responsible persons will be the direct point of contact. The persons must therefore always be able to provide and account for all information and documentation which the Danish Gambling Authority should demand within the respective areas. 8