Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content
  1. Home
  2. About us
  3. Information Security Policy

Policy

Information Security Policy

The Information Security Policy for the Gambling Commission.

Published
20 March 2025

Last updated
24 April 2025 - Changes

Document actions
Print or save (opens in new tab)

  1. Contents
  2. 4 - Information Security Objectives

4 - Information Security Objectives

4.1. Compliance

  • the Gambling Commission ensures compliance with the rules of conduct in accordance with applicable regulations, legal acts, and standards
  • the aim of this policy is to avoid the violations of any laws, regulations, contracts or other requirements
  • all individuals using information systems within the Commission shall observe and comply with related laws and regulations as described in this policy.

4.2. All information security policies and practices support and facilitate good information management and support the Commission’s wider values and strategic objectives.

4.3. Commission security objectives:

  • information is only accessible to authorised persons for as long as it is necessary to fulfil their duties at the Commission
  • levels of access are determined and controlled by delegated authority
  • confidentiality and integrity of information and systems is always maintained
  • all Commission applications and cloud hosted services will be available as per third party service level agreement
  • business continuity policies, plans and procedures are established, maintained and tested
  • all information management and information security policies are always easily available to all staff
  • all breaches of information security and suspected weaknesses are reported and investigated, and appropriate actions taken
  • regular audits of processes and policies are conducted to ensure continuous review and improvement of the Information Security Policy
  • new systems or services are deployed in a controlled and secure manner
  • we will audit and test our systems for vulnerabilities routinely, regularly and document and track the outcomes of vulnerability testing
  • patch management will be carried out by automated means where possible
  • when a vulnerability is identified it will always be managed using a documented process that includes assessment, management reporting and remediation to agreed timescales.

4.4. The Commission’s Security Governance Group will monitor security objectives and review them annually.

4.5. The Commission’s Security Governance Group will ensure that these objectives support the management of risk, in particular:

  • risks to confidentiality
  • risks which will impact on service delivery to external stakeholders
  • risks to the availability of services and information.
Previous section
3. Individual responsibilities - Information Security Policy Next section
5. Compliance - Information Security Policy
Is this page useful?
Back to top