ISO/IEC 27001:2013 is an internationally recognised information security management standard which assists organisations in identifying and managing risks to information security. It considers confidentiality, integrity and availability requirements across all relevant business operations.
eCOGRA is the first testing laboratory that specialises in online gambling to have been awarded ISO/IEC 17021-1:2015 accreditation, which is a prerequisite for carrying out third-party ISO/IEC 27001:2013 audits and accredited certifications of Information Security Management Systems (‘ISMS’).
It is evident that online gambling regulators are already moving towards requiring licence holders and their service providers to obtain ISO/IEC 27001:2013 certification. Many licensing jurisdictions currently waive certain security auditing requirements if licence holders are ISO/IEC 27001:2013 certified, enabling the independent regulatory testing and certification process to be expedited with potentially significant cost savings, effort and a quicker time to market.
ISO/IEC 27001 CERTIFICATION BENEFITS
- A demonstration of trust and credibility to players and other stakeholders, that sensitive information is appropriately secured and managed in accordance with an internationally recognised standard;
- Cost savings and reputational protection through reduction in security incidents;
- Improvement of an organisation’s ability to recover from disasters and continue business as usual;
- The implementation of a management system that assists in identifying information security risks consistently and proactively, and mechanisms to manage or reduce these risks;
- An appropriate internal control environment for sustaining and supporting organisational growth;
- Creating a business differentiator (competitive advantage) over similar organisations in the industry;
- Provision of significant third-party attestation that an organisation has successfully structured its processes into a management system that ensures confidentiality, integrity, and availability of information assets pursuant to the requirements of regulators, applicable laws and business needs; and
- Augmentation of management confidence in the information security arrangements.
An ISMS built and certified to ISO/IEC 27001:2013, in addition to its internal benefits to the organisation, can also provide defensible due diligence for potential clients, users, or other parties.
Certification allows your company to go one step further by offering your customers the peace of mind that you have the best controls in place to identify and reduce any risks to confidential information.