Security audit reports
Our RTS and testing strategy for compliance with the RTS set out that remote gambling and specified remote lottery licence holders must ensure that an annual security audit is carried out by an independent and suitably qualified auditor. This is to assess compliance against the security requirements of the RTS.
Further details on the annual security audit requirements are contained within our security audit advice. It is based on relevant sections of ISO/IEC 27001.
Licensees do not need to send completed security audits to us, unless we request it, or a major non-conformity is identified during the audit.
Previous pageIf a major non-conformity is identified, you must notify us by emailing securityaudit@gamblingcommission.gov.uk attaching a copy of the full information security audit report, including management responses. If we request a copy of a security audit report, it must be submitted to us within 7 days. The written request will explain how to submit the report.
Games testing annual audit reports
Last updated: 1 November 2021
Show updates to this content
No changes to show.