Spillemyndigheden s Certification Programme. General requirements SCP.00.00.EN.1.1



Similar documents
Spillemyndigheden s Certification Programme Instructions on Penetration Testing

Spillemyndigheden s Certification Programme Change Management Programme

Spillemyndigheden s Certification Programme Information Security Management System

Spillemyndigheden s change management programme. Version of 1 July 2012

Spillemyndigheden s Certification Programme Instructions on Penetration Testing

Spillemyndigheden s Certification Programme Change Management Programme

Spillemyndigheden s Certification Programme Instructions on Vulnerability Scanning

Spillemyndigheden s Certification Programme. Testing Standards for Online Betting SCP EN.1.0

Schedule of Accreditation issued by United Kingdom Accreditation Service 2 Pine Trees, Chertsey Lane, Staines-upon-Thames, TW18 3HR, UK

Spillemyndigheden s Certification Programme Information Security Management System

Schedule of Accreditation issued by United Kingdom Accreditation Service High Street, Feltham, Middlesex, TW13 4UN, UK

Guideline about provision of guessing competitions

Operating Licence Notification of Change

ACT GAMBLING AND RACING COMMISSION

Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences

Guidelines on sales promotion measures when providing gambling

Advice on non-commercial and private gaming and betting

Spillemyndigheden s Certification Programme Inspection Standards for Online Casino

Bingo Primary Gambling Activity - Briefing

Gaming Machine Type I Gaming Machine Type II

Can I hold a race night, casino night or poker night? Click here for printer-friendly version

ACT. on the amendment of the Gambling Law and some other Acts 1

Message 791 Communication from the Commission - SG(2012) D/50777 Directive 98/34/EC Notification: 2011/0188/D

Introduction to the Danish Gambling market. Experiences from Denmark

G4 Responsible Casino Code of Practice Version G02/

Research IT Data Centre. Hosting Service. Installation, Operational & Access Procedures & Policy

EGR Compliance Database Ireland Provided by: A&L Goodbody

Land based betting Annex 1. Technical requirements of the control system

ARTICLES OF ASSOCIATION NEUROSEARCH A/S. (CVR-no )

ARTICLES OF ASSOCIATION NEUROSEARCH A/S. (CVR-no )

The Danish Gambling Authority. The liberalisation of the Danish gambling market. 29. nov. 2012

Executive Order No. 67 of 25. January 2012 on online casinos 1

Quality Management Standard BS EN ISO 9001:

NATIONAL INSTITUTE FOR HEALTH AND CARE EXCELLENCE. Conditions of accreditation

Food Establishment Register - Copy of single entry Food Establishment Public Register - Full public register

THE ONLINE GAMBLING REGULATION ACT THE ONLINE GAMBLING (DISASTER RECOVERY) (No. 2) REGULATIONS. Laid before Tynwald 16 th October 2007

Dear Reader: Presented herewith is the Annual Gaming Report pursuant to Section 56 of the Gaming Control Act for the year ending March 31, 2013.

G4 Responsible e-gambling Code of Practice Version G02/

The Gambling Act 2005 received Royal Assent in April 2005.

Tel: Monitoring Officer: Yes Section 151 Officer: Yes

Unauthorised translation ARTICLES OF ASSOCIATION NEUROSEARCH A/S. (CVR-no )

Guideline regarding compulsory disclosure of conditions when marketing a bonus offer

MEDIA BINGO TERMS AND CONDITIONS

An Alternative Method for Maintaining ISO 9001/2/3 Certification / Registration

How To Amend The Casino Amendment Bill 2012

Change & configuration management

Guide for Registration of Gaming Machine. I General Provisions

Testing strategy for compliance with remote gambling and software technical standards. First published August 2009

Gambling Tax Reform 2014

Promoting society and local authority lotteries

Chapter 1. General provisions

Submission by. Tatts Lotteries. to the. Productivity Commission s Inquiry into Australia s Gambling Industries. March 2009

Licence conditions and codes of practice. February 2015 (Updated April 2015)

How To Know If Bingo Is Gambling

Security Assessment Report

Element 4. Game Design

Trade Promotion Lottery Licence Fact Sheet Lottery and Gaming Regulations 2008

Casino Gaming Regulation

Report To: Policy & Resources Committee Date: 2 February Contact Officer: Gerard Malone Contact No:

Lottery and Gaming Regulations 2008

Rules for the certification of event sustainability management system

GSA PRODUCT CERTIFICATION PROGRAM POLICY GUIDE RELEASE 5

The new draft of the German Anti-Money Laundering Act (Geldwäschegesetz, GWG): A Summary and Potential Implications

Customer funds: segregation, disclosure to customers and reporting requirements

Grasmere Primary School Asset Management Policy

Initial teacher training criteria. Statutory guidance for accredited initial teacher training providers in England

5. BETTING ACCOUNT. The Club may provide a facility whereby a Backer may place Bets using a Betting Account through the means utilised by the Club.

Gambling Act. Part 1 Purpose and scope of the Act

Rules for the certification of asset management systems

CHAPTER 69N SPORTS WAGERING

GAMBLING INDUSTRY CODE FOR SOCIALLY RESPONSIBLE ADVERTISING

DOCUMENTED PROCEDURE MANUAL

RACING VICTORIA LIMITED BOOKMAKERS INTERNET BETTING RULES Bookmakers' Internet Betting Rules Effective 26 Oct 10.docx

Board means the Board of Directors of each of Scentre Group Limited, Scentre Management Limited, RE1 Limited and RE2 Limited.

CASINO TAXATION CHAPTER 371 CASINO TAXATION ARRANGEMENT OF SECTIONS

Welcome by Conference Chair. Andrew Gellatly Head of Global Research, GamblingCompliance

UK - legal overview by John Hagan and Melanie Ellis

INFORMATION NOTE. Regulation of gambling-related advertisements in public areas

CORPORATE SERVICES COMMITTEE 21 March Amendments To The Constitution Delegation Of Licensing Functions Under The Gambling Act 2005

low levels of compliance with the regulations and POCA by negligent HVD operators are enabling criminals to launder the proceeds of crime

Scratchcard Games. Section 6

ELECTRICAL AND I&C EQUIPMENT OF A NUCLEAR FACILITY

Raad voor Accreditatie (Dutch Accreditation Council RvA) Assessment of Conformity Assessment Schemes

CASINO SECTOR OVERVIEW

CARLSBERG. Articles of Association. with latest amendments as of 12 March 2009

What is gambling software?

Memorandum of understanding between the Gambling Commission ( the Commission ) and PhonepayPlus

Northern Territory. Code of Practice For Responsible Gambling

Remote gambling taxation reform

ARGYLL AND BUTE COUNCIL Planning, Protective Services and Licensing Committee. Gambling Policy Fixed Odds Betting Terminals

Cloud computing and the legal framework

Paddy Power Holdings Ltd

Northern Territory Code of Practice for Responsible Gambling

GAMBLING AND PRIVACY. Siobhan Jenner Office of the Privacy Commissioner NSW

Rileys is one of the oldest names in the leisure industry with its first club opening in

LOTTERY TERMS AND CONDITIONS

Procuring Penetration Testing Services

General Certificate of Education Advanced Subsidiary Examination June 2015

MONTE CARLO CHARITY EVENT TERMS AND CONDITIONS

Review of remote casino, betting and bingo regulatory return and gambling software regulatory return. Consultation document

Transcription:

SCP.00.00.EN.1.1

Table of contents Table of contents... 2 1.1 Spillemyndigheden s certification programme... 3 1.2 Definitions... 3 1.3 Legal basis for the certification programme... 4 1.4 Version... 4 1.5 Document identifier... 5 1.6 Enquiries... 5 2 Certification... 6 2.1 Certification framework... 6 2.2 Certification requirements... 6 2.2.1 Suppliers to the testing organisation... 6 2.3 Transfer of certifications... 6 2.3.1 Inspections and tests conducted in accordance with Spillemyndigheden s certification programme... 6 2.3.2 Inspections and tests conducted in accordance with other standards... 7 2.4 Suppliers to the licence holder... 7 2.4.1 Supplier certification... 7 2.4.2 Integration into the gambling system of the licence holder... 8 2.4.3 Compilation of the certifications... 8 2.5 Approval of identical equipment... 8 SCP.00.00.EN.1.11 Page 2 of 8

1 Introduction Spillemyndigheden s certification programme is set out to ensure that the gambling system executes games in a correct way and that the security surrounding the gambling system is maintained. The requirements in the certification programme is adapted to the different types of games based on an evaluation of the type of game s significance and risk in relation to extent, prevalence, nature, size of the prize and the risk of the customers being deceived etc. Currently the following types of games are in use: Online betting Land-based betting Online casino Charitable lotteries (Certification programme to be announced later) Land-based casino (Certification programme to be announced later) Lottery Class lottery (Certification programme to be announced later) Gaming machines with cash prizes (Certification programme to be announced later) The accredited inspection and testing organisation performs testing and inspection of the gambling system, business processes and business systems of the licence holder. The testing and inspection must be adapted to the individual licence holder s offer of gambling products. Inspection and testing organisations is referred to as testing organisation throughout the entire certification programme regardless of the section is about testing or inspection. 1.1 Spillemyndigheden s certification programme Spillemyndigheden s certification programme consists of a number of documents, which are continuously adapted to the development in technology. The licence holder must be certified at all times in accordance with those parts of the certification programme which apply to their specific offer of gambling products. Each of the eight types of games has a set of testing standards and a set of inspection standards associated. Furthermore, five documents apply across all types of games and cover general requirements, information security management system, penetration testing, vulnerability scanning and change management. Each document sets out minimum requirements for the arrangement of the gambling system, business processes and business systems of the licence holder. Spillemyndigheden s certification programme supplements the gambling regulation, individual licence terms and the administrative practice set out by Spillemyndigheden. 1.2 Definitions Inspection: The accredited testing organisation performs an assessment of the gambling system, business processes and business systems of the licence holder in relation to requirements set out by Spillemyndigheden and determines whether the requirements are met or not at the time of the inspection. SCP.00.00.EN.1.11 Page 3 of 8

Sensitive information: Testing: Log: Report: Gambling system: Information of a sensitive nature related to either business or people. Depth testing of the gambling system of the licence holder, analysis the comprised data and evaluates the results with regards to the requirements set out by Spillemyndigheden and determines whether the requirements are met or not. A log is a table that automatically records data that must not be manipulated after the initial recording. Any changes to the log shall happen through the recording of new log entries instead of changing or deleting existing records. Extraction of data from one or more logs Electronic or other equipment used by or on behalf of the licence holder for the offering of gambling, including equipment that: 1. is used for the storage of information pertaining to a person s participation in gambling, including historical data and information concerning results, 2. produce and/or presents games to the gambler, or 3. determine the result of a game or calculate whether the gambler has won or lost a game. Business system: Business processes Electronic or other equipment used by or on behalf of the licence holder to support the offering of gambling without being a part of the gambling system. Described processes of the licence holders associated with the gambling system, business system and data contained in either. This can be described using formal management systems such as ISO / IEC 27001 1.3 Legal basis for the certification programme The certification programme is issued by Spillemyndigheden pursuant to Act no. 848 of 1 July 2010 on Gambling with later amendments section 41 and executive order no. 66 of 25 January 2012 on online betting section 26, executive order no. 67 of 25 January 2012 on online casino section 26 and executive order no. 65 of 25 January 2012 on land based betting section 11. 1.4 Version Spillemyndigheden will continuously revise the certification programme, making the latest version and the version history accessible at Spillemyndigheden s website: https://spillemyndigheden.dk/en/certificationprogramme Date Version Description 2014.07.04 1.0 A new document structure than the previous version 1.3 alongside with a range of updates in different areas. A new version 1.0 is therefore published. It is the intention to follow normal versioning for future changes. 2015.12.21 1.1 Changes completed to implement requirements for lotteries in the certification programme. SCP.00.00.EN.1.11 Page 4 of 8

Spillemyndigheden will publish guidelines regarding the applicability of existing certifications and previously performed inspections and tests, when new versions of the certification programme is released. It is important to emphasise that only the Danish version is legally binding and that the English version holds the status of guidance only. 1.5 Document identifier Each document in Spillemyndigheden s Certification Programme has a unique identifier comprised of: SCP Which indicates Spillemyndigheden s Certification Programme. Two digits Which indicates the type of document. The identifiers are: "00" "01" Testing standards "02" Inspection standards "03" Information Security Management System "04" Penetration Testing "05" Vulnerability Scanning "06" Change Management Programme Two digits Which indicates the type of game covered. The identifiers are: "00" All types of games "01" Online betting "02" Land-based betting "03" Online casino "04" Charitable lotteries "05" Land-based casino "06" Lottery "07" Class lottery "08" Gaming machines with cash prizes DK or EN Which indicates the language version. DK for Danish and EN for English. Version number Which is described in section 1.4 above. The document identifier SCP.02.02.DK.1.0 would thus be version 1.0 of the inspection standards for landbased betting in Danish. A standard report with the identifier SCP.XX.XX.DK.1.0.SR is associated with each document and must be used when submitting certifications to Spillemyndigheden. The document identifiers for the standard reports follow the methodology above. 1.6 Enquiries Enquiries concerning this document should be sent in writing to Spillemyndigheden at the following address: mail@spillemyndigheden.dk SCP.00.00.EN.1.11 Page 5 of 8

or Spillemyndigheden Havneholmen 25, 7. DK-1561 København K 2 Certification 2.1 Certification framework A certification consists of inspection and testing of the gambling system, business processes and business systems of a licence holder based on the requirements set out in Spillemyndigheden s certification programme. It is the responsibility of the licence holder to use an accredited testing organisation to complete the required tests and inspections and on that basis attain certifications. Among these the licence holder must at all times have the scheduled tests and inspections performed. 2.2 Certification requirements Reporting of inspection and testing shall be submitted using the standard report of the given certification document. The testing organisation can choose freely between the Danish and the English version of the standard report. The accredited testing organisation shall report to what extent that the gambling system, business processes and business systems of the licence holder adhere to the requirements set out in the given certification documents in the inspection- or testing period. The report must be attested by the accredited testing organisation. As an extraordinary exception it may be accepted that the accredited testing organisation attests to the certification even if all requirements have not been met as described in this document. In this case the certifications must be substantiated by a risk assessment, taking into account the purpose of the Gambling Act and the associated executive orders. The risk assessment shall be based on ISO/IEC 31010 Risk management - Risk assessment techniques. The standard report shall reflect whether this method has been used. 2.2.1 Suppliers to the testing organisation The accredited testing must attest that Spillemyndighedens requirements regarding test and inspection are met, if they are using a supplier to perform any parts of the inspection or test. 2.3 Transfer of certifications 2.3.1 Inspections and tests conducted in accordance with Spillemyndigheden s certification programme When an accredited testing organisation has certified a given requirement in Spillemyndigheden s certification programme and this requirement is part of several separate documents of the programme e.g. SCP.01.01.EN Testing Standards for online betting and SCP.01.02.EN Testing Standards for land-based bet- SCP.00.00.EN.1.11 Page 6 of 8

ting, it will not be necessary to repeat the certification of the requirement. In such cases there shall, instead, be a reference to the above-mentioned certification. This is only applicable for inspections and tests conducted by the accredited testing organisation. 2.3.2 Inspections and tests conducted in accordance with other standards It is allowed to base the certification on inspections and tests carried out on previous occasions and to similar criteria. This could be certifications from other jurisdictions. When this option is utilised the actual time of the previous inspection or test shall be used when calculating the certification frequency. This means that if the certification is based on inspections or tests performed six months prior, then the renewal of said certification shall be performed six months earlier than ordinarily required. The certification cannot be based on tests and inspections, which have been conducted more than 12 months ago. The above-mentioned option is also available if the prior certification has been conducted by another testing organisation. When the accredited testing organisation is assessing whether to base the certification on inspections or tests carried out to similar criteria, this shall be substantiated by a risk assessment, taking into account the purpose of the Gambling Act and the associated executive orders. The risk assessment shall be based on ISO/IEC 31010 Risk management - Risk assessment techniques. The standard report shall reflect whether this method has been used. 2.4 Suppliers to the licence holder 2.4.1 Supplier certification It is the responsibility of the licence holder that their suppliers are certified according to Spillemyndighedens certification programme. The testing organisation of the licence holder has to ensure that the suppliers of the licence holder have been certified during the period from the previous certification to the current certification. The testing organisation of the licence holder must go through the supplier s certification to ensure that following is present: That the supplier has a valid certification report approved by a testing organisation That the supplier can provide certification reports covering the entire period from the latest certification to the current certification. That the testing organisation of the supplier is accredited according to the Danish requirements. The testing organisation of the licence holder has only to confirm that they have reviewed signed reports from a testing organisation with a Danish accreditation scope, where the relevant points of the supplier has been approved. The accredited testing organisation of the licence holder shall, when testing the gambling system of the licence holder, only test the elements of the gambling system that have not been certified during the certi- SCP.00.00.EN.1.11 Page 7 of 8

fication of the supplier. Section 2.4.2 regarding integration testing in the gambling system of the licence holder might be relevant. 2.4.2 Integration into the gambling system of the licence holder The accredited testing organisation shall be particularly aware of the fact that, even if the supplier s product has been certified already, it may be necessary to repeat parts of the certification, when the product is integrated into the licence holder s overall gambling system. This will be particular relevant when the implementation involves changes to the certified product. 2.4.3 Compilation of the certifications It is the task of the accredited testing organisation of the licence holder to ensure that all requirements in this document have been assessed. If a requirement is irrelevant for a licence holder due to their offering of games the standard report must reflect that. Inspection- and test reports that are the root of the certification must be identified in the standard report. The date shall be stated in the standard report together with information about if the inspection or test is: Conducted accredited by the accredited testing organisation itself Conducted accredited testing or inspection by another testing organisation Conducted without accreditation by a testing organisation or the licence holder and evaluated by the accredited testing organisation. 2.5 Approval of identical equipment To avoid duplicate testing of identical equipment of the licence holder, their testing organisation can issue approvals of identical equipment used for offering of land based gambling services. The approval can be used for implementation of additional equipment, which is identical and has the same functionalities as the previous approved equipment. When the accredited testing organisation approves equipment for this purpose, all hardware and software components must be inspected and evaluated to be deemed compliant with the requirements in Spillemyndigheden s certification programme. The approval is only valid in regards to the tested configuration of hardware and software components. If any significant changes are applied to the equipment, a new approval must be issued in accordance with the change management programme. SCP.00.00.EN.1.11 Page 8 of 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information