Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content
  1. Home
  2. About us
  3. Information Security Policy

Policy

Information Security Policy

The Information Security Policy for the Gambling Commission.

Published
20 March 2025

Last updated
24 April 2025 - Changes

Document actions
Print or save (opens in new tab)

  1. Contents
  2. 2 - Purpose and scope

2 - Purpose and scope

2.1. The purpose of this policy is to ensure the Gambling Commission’s effective operation of information systems, and that those systems are delivered when and how they are needed.

2.2. The policy will aim to preserve the 3 major categories of information security:

  • confidentiality – Access to data shall be confined to those with appropriate authority
  • integrity – Information shall be complete and accurate. All systems, assets and networks shall operate correctly, according to specification
  • availability – Information shall be available and delivered to the right person, at the time when needed.

2.3. The scope of the Information Security Policy covers the storage, access and transmission of information during Commission business. It therefore applies to the conduct of colleagues, contractors, suppliers and others with access to that information (wherever the information or they are located) as well as the applications, systems, equipment and premises that create, process, transmit, host, or store information, whether in-house, personally owned or provided by external suppliers.

2.4. The Commission is committed to preserving the confidentiality, integrity and availability of all our key information assets to effectively deliver strategic goals and to maintain its legal and contractual compliance and reputation.

2.5. This policy is owned by the Commission’s Security Governance Group, who will:

  • systematically examine the organisation's information security risks, taking account of the threats, vulnerabilities, and impacts
  • design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable in line with the Commission’s Risk Appetite
  • adopt an overarching management process to ensure that the information security controls continue to meet the organisation's information security needs on an ongoing basis
  • monitor the development of the Information Security Policy to ensure continual improvement.
Previous section
1. Introduction - Information Security Policy Next section
3. Individual responsibilities - Information Security Policy
Is this page useful?
Back to top