Land based betting Annex 1. Technical requirements of the control system



Similar documents
Technical requirements for obtaining a license to provide online gambling in Denmark

Spillemyndigheden s change management programme. Version of 1 July 2012

Spillemyndigheden s Certification Programme Change Management Programme

Spillemyndigheden s Certification Programme Change Management Programme

Spillemyndigheden s Certification Programme Information Security Management System

Spillemyndigheden s Certification Programme Information Security Management System

Executive Order No. 67 of 25. January 2012 on online casinos 1

Optus SMS for MS Outlook and Lotus Notes

NYSED DATA DASHBOARD SOLUTIONS RFP ATTACHMENT 6.4 MAINTENANCE AND SUPPORT SERVICES

Norwegian Data Inspectorate

Spillemyndigheden s Certification Programme Inspection Standards for Online Casino

Spillemyndigheden s Certification Programme. Testing Standards for Online Betting SCP EN.1.0

Contract Appendix 7 Operation, Support and Maintenance Services

Spillemyndigheden s Certification Programme Instructions on Penetration Testing

Supplement to Gaming Machine Technical Standards Consultation

Spillemyndigheden s Certification Programme. General requirements SCP EN.1.1

Procedure Title: TennDent HIPAA Security Awareness and Training

G-CLOUD IIII FRAMEWORK SERVICE DEFINITION: SCHOOLS HOSTED SERVICE FOR SIMS

Shell Card Online e-invoicing Service User Manual. Version 2.7

Statement of Service Enterprise Services - AID Microsoft IIS

Liability Insurance Validation Electronically (Nevada LIVE) Manual Specifications for the Rules of Practice

ANNEX A.1 TECHNICAL SPECIFICATIONS. OPEN CALL FOR TENDERS No F-SE-12-T10 WEB APPLICATIONS HOSTING SERVICES

Danske Bank Group Certificate Policy

Version September This is a translated document. The Danish version of the document is the only applicable and authentic version.

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

Online Bill Pay User Manual

Cloud computing and the legal framework

MINNESOTA STATE LOTTERY GAME PROCEDURES BINGO PROGRESSIVE PRINT-N-PLAY LOTTO GAME ADOPTED: AUGUST 23, 2010 AMENDED: SEPTEMBER 8, 2010

How To Support A Client On A Contract With Bps Resolver

Technical specifications

Privacy Policies Notice Hutchins Systems, Inc. Dated: September 1 st 2009

Service Description for Hosted Server

New York State Electronic Signatures and Records Act

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Agilisys G-Cloud Service V

Helpdesk Incident & Request Management Procedure For

Internet Gambling. Mr David Ohlson Lasseters On-Line NT

MINNESOTA STATE LOTTERY GAME PROCEDURES SLOTS PROGRESSIVE PRINT-N-PLAY LOTTO GAME ADOPTED: AUGUST 23, 2010 AMENDED: SEPTEMBER 8, 2010

ORDINANCE ON THE ELECTRONIC SIGNATURE CERTIFICATES IN THE. Chapter One GENERAL PROVISIONS

Introduction. Connection security

DS Customer Support Team will make reasonable effort to provide high quality Support Service and comply with these Support Policies.

Ericsson Group Certificate Value Statement

Bingo and Casino Equipment Technical Requirements

Remote gambling equipment Guidance note

TABLE OF CONTENTS Shared Workspace. Table of ContENTS...1. Introduction...1. who can apply?...3. What is a shared workspace...1. Product drivers...

Service Level Policy. San Diego Geographic Information Source. City and County of San Diego. by and between. and. Version 1.1 Revised January 12, 2011

SERVICE LEVEL AGREEMENT

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

MOBILKINCSTAR ONLINE SECURITIES TRADING TERMS AND CONDITIONS OF USE

California Department of Technology, Office of Technology Services MICROSOFT SQL SERVER GUIDELINE

Version: Page 1 of 5

Testing strategy for compliance with remote gambling and software technical standards. First published August 2009

Montezuma State Bank Internet Banking Agreement Online banking is not available to children under 18 years of age.

SERVICE LEVEL AGREEMENT

Authentication and Single Sign On

Law of the Republic of Azerbaijan on Electronic Signature and Electronic Document

Security Measures for the BOJ Open Network for Electronic Procedures on the Foreign Exchange and Foreign Trade Law

Clause 1. Definitions and Interpretation

SERVICE LEVEL AGREEMENT

OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES

Polish Financial Supervision Authority. Guidelines

The Danish Gambling Authority. The liberalisation of the Danish gambling market. 29. nov. 2012

Requirements set for account holders and representatives of emissions trading accounts

ShareFile Security Overview

Merchant Service Provider Guide for Mobilpenge Based Acquiring

Customer Hosted Service Description and Service Level

318 DECREE. of the State Office for Nuclear Safety of 13 June 2202,

RHODE ISLAND INSURANCE VERIFICATION SYSTEM (RIIVS)

Online Backup Client User Manual Linux

SPECIAL CONDITIONS FOR THE UPGRADE OF EXISTING MICROSOFT EXCHANGE SERVER 2003 TO MICROSOFT EXCHANGE SERVER 2010

Tine 2.0 Maintenance and Support Services

Security Solutions for HIPAA Compliance Issues 1

White Paper: Librestream Security Overview

First Federal Bank Online Banking Terms and Conditions Agreement Online Banking Service Business Online Banking Service Bill Payment Mobile Banking

Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences

ODEX Enterprise. Introduction to ODEX Enterprise 3 for users of ODEX Enterprise 2

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Anti-Money Laundering and Counter- Terrorism Financial Policy

ELECTRICITY SUPPLY/ TRADE LICENSE KORLEA INVEST A.S

Gaming Machine Type I Gaming Machine Type II

Home Trust & Savings Bank

REDCENTRIC MANAGED SERVER SERVICE DEFINITION

Standard of the Government Supervision over Betting Games and Lotteries

REGULATION (EEC) No 2309/93

BUILT FOR YOU. Contents. Cloudmore Exchange

Use of The Information Services Active Directory Service (AD) Code of Practice

EUROPASS DIPLOMA SUPPLEMENT

Vital Records Electronic Registration System (ERS-II) Technical Resource Guide and Support Procedures

Service Level Agreement: Support Services (Version 3.0)

Egress Switch Best Practice Security Guide V4.x

Veeam ONE What s New in v9?

Installation Manual Version 8.5 (w/sql Server 2005)

RULES. MultiCash Electronic Customer Service System

ORDINANCE ON THE ORGANISATION AND MANAGEMENT OF THE NATIONAL TOP-LEVEL DOMAIN GENERAL PROVISIONS. Scope of application. Article 1

ez PUBLISH PLATFORM SUBSCRIPTION SERVICES DESCRIPTION

mywcb Online User Guide

Level 3 ICT systems and network management ( )

Server Installation ZENworks Mobile Management 2.7.x August 2013

Description of Services

IBackup Drive User Guide

Transcription:

Land based betting Annex 1. Technical requirements of the control system A Introduction This document describes the technical requirements that must be met by a licence holder, including securing the data-basis for conducting control and requirements of accessibility, internal controls, administrative procedures and organisation. B. Abbreviations and definitions SAFE: The data storage that the licence holder must establish in order to store the gambling data which the Danish Gambling Authority requires when conducting controls. RNG: Random Number Generator. Gambling system: Electronic or other equipment that is used by or on behalf of the licence holder for the supply and operation of land-based betting, including equipment which: 1. is used for storage of information concerning a person s participation in gambling, including historical data and information about results, 2. produces and/or presents games for the player, or 3. determines the result of a game, or calculates whether the player has lost or won the game. SAFE is not a part of the gambling system. FTPS: File Transfer Protocol SSL. SSL: Secure Sockets Layer. XSD: XML Standard Definition. XML: Extensible Markup Language. C. Collected systems complex used for gambling control The collected systems complex consists of the licence holder s gambling system, the licence holder s file server data warehouse (SAFE), a security system (Tamper Token) and a register of voluntarily excluded players (ROFUS). 1

1. SAFE is the licence holder s own data warehouse (a file server) where the licence holder must store gambling data in relation to Standard Records for all games that are carried out at the licence holder. All licence holders must establish a data warehouse (SAFE). The Danish Gambling Authority must be able to gain access to the licence holder s data warehouse. 2. Tamper Token. The Danish Gambling Authority implements a security system that must be used for Tamper Token. Tamper Token s purpose is to secure that gambling data, which the licence holder stores on SAFE in the form of Standard Records, are not altered while they are stored on SAFE. The Danish Gambling Authority sets up a server for the issuance of tokens that are issued to the licence holder on a daily basis. The frequency can be regulated according to an actual assessment. The licence holder must implement a function that follows the Danish Gambling Authority s specifications for generating an identification code on the basis of the stored gambling data and the issued token. The identification code must be reported back to the Danish Gambling Authority before the expiration of the token in question. The licence holder s communication with the Tamper Token system takes place through web services. The Danish Gambling Authority s Tamper Token additionally: manages the creation of keys (tokens) used for the calculation of identification codes manages the storage of identification codes for later control continuously controls that the time period for the completion of tokens is obeyed ensures that the verification of a series of gambling data is not altered in comparison to the received identification code. It is required that the licence holder can manage an altered token frequency in connection to the issuance of a new token. The licence holder must immediately inform the Danish Gambling Authority about any faults on Tamper Token. D. Requirements of gambling data (Standard Records) The licence holder must store gambling data on SAFE in XML-files with attributes and a frequency specified by Danish Gambling Authority. The following subdivisions are used: EndOfDay Puljespil (pool games) FastOdds Managerspil (manager games) Jackpot 2

For gambling types not mentioned in the subdivisions above, it must be agreed upon with the Danish Gambling Authority how the gambling data must be stored on SAFE. This must be done before any provision of games. The Danish Gambling Authority announces a technical description of the format in which gambling data must be reported to SAFE (Standard Records). The technical description contains a conceptual model and attribute-definitions. The description includes a group of XSD-files whose structure must be complied with when storing gambling data on SAFE. E. Requirements of SAFE E.1 The licence holder s data warehouse The licence holder must establish a data warehouse (SAFE) for the storage of gambling data. The licence holder must transfer and store gambling data in reference to Standard Records in the data warehouse. The licence holder must store gambling data for 12 consecutive months on SAFE and store gambling data for additional 48 months on a digitally readable media. Data transfers between the licence holder s SAFE and the Danish Gambling Authority s control system must take place through the Internet with FTPS with a minimum speed of 8 Mbit/second. The licence holder must secure that the connection is suitable for a unproblematic transfer of gambling data. E.1.1. Technical requirements of SAFE SAFE must be established on a separate server that is physically separated from the licence holder s gambling system. Gambling data on SAFE must be logically and soundly separated from other eventual data. The licence holder must secure the necessary back-up of all gambling data. SAFE and back-up of SAFE must be geographically separated. Likewise, the data storage on a digitally readable media must be geographically separated from its back-up. SAFE must, before it is used as a data warehouse, fulfil it-security demands on a level that as a minimum corresponds to the level of security demands of the licence holder s gambling system pursuant to the executive order on land-based betting. The licence holder must secure that the Danish Gambling Authority has online access to obtain gambling data from SAFE. The licence holder must establish access to SAFE through a secure admission (FTPS). The folder structure on SAFE must be established according to the structure which the Danish Gambling Authority has specified cf. section E.3. Folder structure on SAFE and the naming of Standard Records. 3

Gambling data on SAFE must be stored according to the specified Standard Records cf. section D Requirements of gambling data (Standard Records). The licence holder must document that SAFE complies with the stated requirements. The licence holder must complete operational documentation for SAFE, including documentation for the necessary operational environment, operational procedures and routines, back-up systems and error handling. All documentation must be delivered in Danish. Technical specifications of a general character can, however, be delivered in English. Documentation must by request be made electronically available (for example per mail, USBstick, CD-ROM, DVD) to the Danish Gambling Authority without delay and never later than two working days. All documentation must be delivered in a format that can be managed by the Danish Gambling Authority and read in Microsoft Office or Adobe Reader. Documentation must be updated continuously and as a minimum by every release. There must for every release follow an updated documentation which describes the grounds for the release. SAFE accessibility per month: Accessibility Incident reaction time 98.50 pct. Within 1 hour, Monday Friday, in the span of 08.00-17.00 (Danish time). Response time The average response time for login must be less than 10 seconds. SAFE service windows: Window type Service window Durance Warning utilisation of service window Standard changes, patching, etc. Larger updates Once per day in the time span of Monday to Friday 17.00-06.00 and Saturday to Sunday 00.00-Monday 05.00. 0-4 times per month in the time span of 120 min. 5 working days warning 20 hours 10 working days warning 4

Of environments, architecture and services Critical urgency updates Saturday 00.00 Monday 05.00 4 times yearly in the time span of Saturday 00.00 Monday 05.00 24 hours 15 working days warning Upon agreement Upon agreement Before the task has started Incidents: Incident type Solved within >95.5 pct. of all incidents are solved within the time frames stated below. Measured per month. For other incidents a separate deadline must be agreed upon. Urgent (blocking) Medium (troublesome work-around exists) Normal (inconveniences that require less workaround) 6 hours 2 working days 4 working days The licence holder must report incidents through the Danish Gambling Authority s incident reporting system. Requirements and information will be announced on the Danish Gambling Authority s homepage. Licence holder is responsible for the operation of SAFE. If SAFE is inaccessible, gambling data must be gathered and stored on SAFE after completion of the period of inaccessibility. E.2 Transfer of gambling data from the gambling system to SAFE The licence holder must transfer and store gambling data on SAFE according to Standard Records (information concerning data structures). It is the responsibility and duty of the licence holder to secure this data transfer. The Danish Gambling Authority must according to its needs be able to transfer gambling data from SAFE to the Danish Gambling Authority s own data warehouse to control usage. The transfer takes place through the Internet with FTPS, and the data validity is controlled by Tamper Token. E. 3 Folder structure on SAFE and naming of Standard Records The licence holder must build the folder structure on SAFE and name Standard Records according to the following structure: 5

Level 1: The outer folder is named Folderstruktur-spilsystem. Level 2: The folder is named Zip. Level 3: Folders are set-up for every day, named after the date in the format YYYY-MM-DD. Level 4: The zip-files which each are attached to one token are placed here. Furthermore, there must be folders for those tokens which are not yet closed. A folder, which has not yet been closed, is named SpilCertifikatIdentifikation-TamperTokenID. The zip file which includes the folder is named SpilCertifikatIdentifkation-TamperTokenID.zip. SpilCertifikatIdentifikation is a unique identification of the licence holder, which is issued by the Danish Gambling Authority. TamperTokenID is a unique identification of the individual Tamper Token. Level 5: Folders are created according to the content of every single zip file. They are named for example EndOfDay, FastOdds, Jackpot, PuljeSpil (pool games) and Managerspil (manager games). Level 6: Folders for the relevant dates are created, named after the date in the format YYYY-MM- DD. The individual Standard Records are placed on this level or level 7 and placed in a folder that matches the time when the file was created. Level 7: (Optional) It is possible to state subfolders with time frames in the format HH.MM- HH.MM. Puljespil-files must be placed in the folder which represents the placing of the bet. In connection to all other game types, the files must be placed in the folder where one expects them to be completed. The naming of folders and Standard Records must follow the Danish Gambling Authority s specifications. Gambling data must continuously be zipped as it is stated in the folder structure, and there must be created a zip file for every Tamper Token key. Every individual zip file must contain exactly those gambling data that are packed together with the belonging Tamper Token key. F. Continuous control of the compliance of the licence holder requirements F.1. Request of gambling data The licence holder must by request be able to deliver archived gambling data from a digitally readable media, cf. section E.1, to the Danish Gambling Authority within 5 working days. F.2 Request of other information Besides those gambling data mentioned in section E.1, the licence holder must be able to generate information from his gambling system and eventually belonging systems, including: Information concerning gambling accounts. Statistical information. An extract of actual registrations in the licence holder s gambling system. 6

This information must be delivered to the Danish Gambling Authority within 5 working days. G. Requirements of the licence holder s controls, administrative practices and organisation The licence holder must devise, document and implement continuous controls of whether the existing requirements constantly are being obeyed by both the licence holder and his business partners. These controls must as a minimum include: Daily controls conducted by employees and managers (which to the greatest extent possible must be incorporated in administrative procedures and systems). Periodic as well as randomized internal audit. External audit, when this is required in order to obtain a satisfactory level of documentation of whether existing requirements are obeyed. Processing and filing of control results. Immediate notification of the Danish Gambling Authority when errors or violations are established or by suspicion of errors or violations committed by the licence holder himself and/or by his business partners. The notification must include the licence holder s assessment of the consequences of the error or violation. The licence holder is responsible for devising, documenting and following relevant administrative procedures that are aimed at supporting and securing that both licence holder and his possible business partners constantly obey the requirements in the executive order. The administrative procedures must as a minimum include: Licence holder must secure monitoring of all the components and data transmissions in the gambling system, including data lines, data packages, networks, SAFE, RNG, gambling systems etc. (including components and data transmissions placed within a possibly involved third party). Licence holder must secure a back-up and restore procedure in order to counter the loss of data. Licence holder must secure maintenance and security procedures in order to have a secure and safe operation in accordance with ISO 27001. The licence holder must be appropriately organized and sufficiently manned in order to provide products in accordance with the purpose of the Act on Gambling and the requirements posed by the Danish Gambling Authority. Besides the requirements related to the different roles and persons, which the legislation states as a condition for issuing a licence, the licence holder must as a minimum establish the following organisational roles: 7

Responsible for gambling software and the operation of games, including ensuring that all games are built are run correctly and reliably without errors or cheating committed by the licence holder and possible business partners. Responsible for IT-security, including ensuring that all forms of IT-hardware, software and networks used by the licence holder (and his possible business partners) are operate defensibly when it comes to security. Responsible for system changes, cf. the Danish Gambling Authority s program for the management of system changes. Responsible for monitoring of money laundering and terrorist financing, including ensuring that the requirements of the executive order are obeyed. Responsible for finances, including ensuring that the Danish Authority also receives the correct share of the gross gambling revenue. The licence holder must inform the Danish Gambling Authority about who holds the mentioned areas of responsibility. The responsible persons must have the necessary qualifications and the necessary experience in order to assume the role and the responsibility. The licence holder must secure that the persons have the authority to establish measures and implement the necessary changes in order to secure that the licence holder follows the stated requirements. In connection to the execution of controls, the responsible persons will be the direct point of contact. The persons must therefore always be able to provide and account for all information and documentation which the Danish Gambling Authority should demand within the respective areas. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information