Security audit submissions for 2023
Request
I would like to request the following information regarding organisations that fall under the Gambling Commission's remit and that are required to complete an annual third-party security audit under the remote gambling and software technical standards (RTS).
This request is for the most up-to-date security audit submissions for the 2023 calendar year.
- What is the total number of organisations that are required to complete a yearly remote gambling and software technical standards (RTS) security audit?
- How many organisations have completed and provided to the Gambling Commission a report that demonstrates that they have successfully met the requirements as outlined under the RTS.
- How many organisations have provided an ISO27001 audit report as their evidence for the RTS?
- How many organisations that are required to meet requirements under the RTS have failed to do so?
- How many have failed to meet requirements under the RTS via failure to submit during this time?
- How many have failed to meet requirements under the RTS via non-compliance?
- How many fines have been issued by the Gambling Commission due to non-compliance or failure to submit?
Response
Thank you for your request which has been processed under the Freedom of Information Act 2000 (FOIA).
In your email you have requested:
This request is for the most up-to-date security audit submissions for the 2023 calendar year.
- What is the total number of organisations that are required to complete a yearly remote gambling and software technical standards (RTS) security audit?
- How many organisations have completed and provided to the Gambling Commission a report that demonstrates that they have successfully met the requirements as outlined under the RTS.
- How many organisations have provided an ISO27001 audit report as their evidence for the RTS?
- How many organisations that are required to meet requirements under the RTS have failed to do so?
- How many have failed to meet requirements under the RTS via failure to submit during this time?
- How many have failed to meet requirements under the RTS via non-compliance?
- How many fines have been issued by the Gambling Commission due to non compliance or failure to submit.
Section 12 of the Freedom of Information Act 2000 (FOIA) makes provision for public authorities to refuse requests for information where the cost of dealing with them would exceed the appropriate limit, which for public authorities, such as the Commission, is set at £450. This represents the estimated cost of one person spending 18 hours in determining whether the department holds the information, locating, retrieving and extracting the information.
The information we hold in order to respond to Q1, Q2 and Q4-Q7 of your request can be easily identified, however Q3 would entail us checking each document to establish the type of audit that has been received. In order to identify whether we hold any information falling within the scope of this part of your request we would need to review all of these documents to assess if they were relevant, and therefore we estimate that it would take in excess of 18 hours to determine appropriate material and retrieve and extract any relevant information in reference to your request.
When a public authority applies the Section 12 exemption to a request, the FOIA guidance specifically states that a public authority should avoid providing any information found as a result of a search as it denies the requestor the right to express a preference as to which parts of the request they may wish to receive within the appropriate time limit. Guidance on the application of section 12 can be viewed here:
Requests where the cost of compliance exceeds the appropriate limit (opens in a new tab)
If you are able to refine your request, we may be able to narrow the number of records that we need to search.
Until we are able to process the search of the information you have requested, we are unable to ascertain if other exemptions will apply to any material identified which would also prevent disclosure. Please note, any refined request would be processed as a new request and the 20 working day statutory time limit would apply.
Review of the decision
If you are unhappy with the service you have received in relation to your Freedom of Information request you are entitled to an internal review of our decision. You should write to FOI Team, Gambling Commission, 4th floor, Victoria Square House, Victoria Square, Birmingham, B2 4BP or by reply to this email.
Please note, internal review requests should be made within 40 working days of the initial response. Requests made outside this timeframe will not be processed.
If you are not content with the outcome of our review, you may then apply directly to the Information Commissioner (ICO) for a decision. Generally, the ICO cannot make a decision unless you have already exhausted the review procedure provided by the Gambling Commission.
The ICO can be contacted at: The Information Commissioner’s Office (opens in a new tab), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Information Management Team
Gambling Commission
Victoria Square House
Victoria Square
Birmingham B2 4BP