Gambling Commission update requirements for ISO27001

On 1 May 2024 the Gambling Commission published their summer consultation response which included the topic of Game Design for online games. They have now made updates to their testing strategy for compliance with remote gambling and software technical standards which includes changing references of ISO/IEC 27001:2013 to ISO/IEC 27001:2022, and noting the new controls which are required for audit.

The changes for security audits will come into effect on 31 October 2024. This means any annual security audit conducted after 1 November 2024 must be to the updated 2022 standard.

The updates to the security audit advice:

  • amends references of ISO/IEC 27001:2013 to ISO/IEC 27001:2022
  • mention that remote inspection techniques can be used to verify relevant controls

Historically the Commission has required an on-site inspection for audits to ensure they are based on interview, evidence and observation. The new Advice Note states that audits should include ‘being on-site and speaking to staff or using remote inspection techniques’. However it does still state that ‘it does not consider that a good audit can be conducted remotely based only on documentation.’

The Commission have also clarified what is required for operators who obtain full ISO27001 accreditation in the gambling commission Security Audit Advice Note

As a key summary;

  • Information security audits after 1st November 2024 must be against the ISO27001:2022 standard.
  • Clarity has been added to the advice note regarding companies with ISO27001 certification and the reporting requirements.
  • Section 4 of the Remote Technical Standards has been updated to list the new controls required for inspection.
  • The advise note now states audits may be conducted by using ‘remote inspection’.
  • Changes have been reflected in the Gambling Commission Security Audit Advice Note

If you need assistance getting your ISO27001 framework into shape or booking in your annual audit, please email [email protected]

Trusted by some of the UK’s biggest brands