eCOGRA, an independent online gambling testing and compliance advisory company, has become the first test house to be authorised to offer operators and service providers accredited International Standards Organisation ISO 27001 certifications for Information Security Management Systems (ISMS).
CEO Andrew Beveridge said this week it is clear that a growing number of online gambling regulators are already moving towards a requirement for licence holders and their service providers to achieve this accreditation.
“Jurisdictions such as Denmark, Great Britain, Portugal, Romania and Spain already waive certain security auditing requirements in the event that the licence holder is ISO 27001 certified, enabling the independent testing and certification process to be expedited with potentially significant cost and effort savings,” he said.
ISO 27001 is an internationally recognised information security management standard which ensures organisations can apply a framework to business processes to help identify, manage and reduce risks to information security, and considers not only IT but all business operations. eCOGRA director Tex Rees said that the company has already engaged with a number of major suppliers and operators for the new service, in which there has been significant interest.
“We undertook this initiative in direct response to the growing demand for ISO 27001 certifications by regulators, suppliers, customers and other stakeholders in the online gambling industry,” she said. “In order to provide ISO 27001 certifications, eCOGRA obtained ISO/IEC 17021-1:2015 accreditation from the United Kingdom Accreditation Service (UKAS), a prerequisite for accredited certification bodies in order to prove that they are competent to carry out third-party certifications and audits of ISMS.”
Rees revealed that the UKAS accreditation is complemented by eCOGRA’s in-house resources and its multi-disciplined assessment, testing, compliance and technical teams, which have Big 4 international audit firm and online gambling industry experience dating back to 2003.
Members of the teams have professional qualifications that include CISA, CISSP, CEH and ISO 27001 Lead Auditor and Implementer.