§ 809.8. Security policy requirements.
Interactive gaming certificate holders and interactive gaming operator licensees shall adopt and maintain a Board-approved information security policy which describes the certificate holders or licensees approach to managing information security and its implementation. This policy is required in addition to any similar requirements that may be imposed as part of the certificate holders or licensees internal controls. The information security policy must:
(1) Have a provision requiring review when changes occur to the interactive gaming system or the processes which alter the risk profile of the interactive gaming system.
(2) Be approved by the certificate holders or licensees management.
(3) Be communicated to all employees and relevant external parties.
(4) Undergo review at planned intervals.
(5) Delineate the responsibilities of the certificate holders or licensees staff and the staff of any third parties for the operation, service and maintenance of the interactive gaming system and its components.
No part of the information on this site may be reproduced for profit or sold for profit.
This material has been drawn directly from the official Pennsylvania Code full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.