Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content

Security audit reports

Our RTS and testing strategy for compliance with the RTS set out that remote gambling and specified remote lottery licence holders must ensure that an annual security audit is carried out by an independent and suitably qualified auditor. This is to assess compliance against the security requirements of the RTS.

Further details on the annual security audit requirements are contained within our security audit advice. It is based on relevant sections of ISO/IEC 27001.

Licensees do not need to send completed security audits to us, unless we request it, or a major non-conformity is identified during the audit.

If a major non-conformity is identified, you must notify us by emailing securityaudit@gamblingcommission.gov.uk attaching a copy of the full information security audit report, including management responses. If we request a copy of a security audit report, it must be submitted to us within 7 days. The written request will explain how to submit the report.

Previous page
Games testing annual audit reports
Is this page useful?
Back to top