Skip to main content

Technical standards: Security requirements

Our testing strategy requires a third party annual security audit against particular sections of ISO/IEC 27001:2013. 

You must ensure that the security audit report provided by the security auditor meets the guidance provided in the security audit advice.  

Remote technical standards: section 5

A full copy of ISO/IEC 27001:2013 can be obtained from BSI Customer Services (

The security requirements detail information security standards with the aim of ensuring that you have appropriate controls in place so that customers are not exposed to unnecessary risks when choosing to participate in remote gambling.

The requirements apply to:

  • electronic systems that record, store, process, share, transmit or retrieve sensitive customer information, for example credit/debit card details, authentication information, customer account balances
  • electronic systems that generate, transmit, or process random numbers used to determine the outcome of games or virtual events
  • electronic systems that store results or the current state of a customer’s gamble
  • points of entry to and exit from the above systems (other systems that are able to communicate directly with core critical systems)
  • communication networks that transmit sensitive customer information. 

Breaches of information security may constitute a key event which you must report to us. We have produced guidance to assist you in determining when to report such breaches and what information to include in the report.