Pennsylvania Code & Bulletin
COMMONWEALTH OF PENNSYLVANIA

• No statutes or acts will be found at this website.

The Pennsylvania Code website reflects the Pennsylvania Code changes effective through 51 Pa.B. 1118 (February 27, 2021).

58 Pa. Code § 809.8. Security policy requirements.

§ 809.8. Security policy requirements.

 Interactive gaming certificate holders and interactive gaming operator licensees shall adopt and maintain a Board-approved information security policy which describes the certificate holder’s or licensee’s approach to managing information security and its implementation. This policy is required in addition to any similar requirements that may be imposed as part of the certificate holder’s or licensee’s internal controls. The information security policy must:

   (1)  Have a provision requiring review when changes occur to the interactive gaming system or the processes which alter the risk profile of the interactive gaming system.

   (2)  Be approved by the certificate holder’s or licensee’s management.

   (3)  Be communicated to all employees and relevant external parties.

   (4)  Undergo review at planned intervals.

   (5)  Delineate the responsibilities of the certificate holder’s or licensee’s staff and the staff of any third parties for the operation, service and maintenance of the interactive gaming system and its components.



No part of the information on this site may be reproduced for profit or sold for profit.


This material has been drawn directly from the official Pennsylvania Code full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.