WLA Certification : Preparation and Management

Similar documents
When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

Audit Report. The Prince s Trust. 27 September 2017

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

What is BS 7799? BS 7799 is the most influential, globally recognised standard for information security management.

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

EXAM PREPARATION GUIDE

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

Criteria for Temporary License as Merit Assessor

Inhalt. Description of Certification Procedure ISO 22000, HACCP and DIN 15593

Introduction to ISO/IEC 27001:2005

Global Wind Organisation CRITERIA FOR THE CERTIFICATION BODY

ISO/IEC INTERNATIONAL STANDARD

Section Qualifications of Audit teams Qualifications of Auditors Maintenance and Improvement of Competence...

Description of the Certification procedure FSSC 22000

ISO Information Security Management Systems Implementation Road Map

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

Quality Management System (QMS)

A80F300e Description of the SA8000:2014 certification procedure

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems

Global Wind Organisation CRITERIA S FOR THE CERTIFICATION BODY

CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS

SERVICE DESCRIPTION ISO Lex. Certifications

FOOD SAFETY SYSTEM CERTIFICATION Part III: Requirements for Certification Process

ISO LEAD AUDITOR TRAINING

Data Protection and GDPR

BRE Global Limited Scheme Document SD 186: Issue No December 2017

Scheme Document SD 003

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF FOOD SAFETY MANAGEMENT SYSTEMS

Certification Description of Malaysia Sustainable Palm Oil (MSPO) Standard

APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION. PT. TÜV NORD Indonesia PS - TNI 001 Rev.05

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

Workday s Robust Privacy Program

ISO9001:2015 LEAD IMPLEMENTER & LEAD AUDITOR

Description of the certification procedure MS - ISO 9001, MS - ISO 14001, MS - ISO/TS and MS BS OHSAS 18001, MS - ISO 45001, MS - ISO 50001

_isms_27001_fnd_en_sample_set01_v2, Group A

Superannuation Transaction Network

Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

What is ISO/IEC 27001?

Protecting your data. EY s approach to data privacy and information security

Audit Report. Association of Chartered Certified Accountants (ACCA)

EXAM PREPARATION GUIDE

Scheme Document. For more information or help with your application contact BRE Global on +44 (0) or

EXAM PREPARATION GUIDE

Training Catalog. Decker Consulting GmbH Birkenstrasse 49 CH 6343 Rotkreuz. Revision public. Authorized Training Partner

KENYA ACCREDITATION SERVICE

Level Access Information Security Policy

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

ISO A Business Critical Framework For Information Security Management

PEFC Certification System Netherlands - Certification Procedures

ISO/IEC INTERNATIONAL STANDARD

ISO Certification For Laboratory Accreditation. Dr Amadou TALL Consultation

EXAM PREPARATION GUIDE

PECB Certified ISO Lead Auditor. Master the Audit of Occupational Health and Safety Management System (OHSMS) based on ISO 45001

Google Cloud & the General Data Protection Regulation (GDPR)

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

PART IV GLOSSARY OF TERMS

GLOBAL MANAGEMENT CERTIFICATION SERVICES PRIVATE LIMITED PROCEDURE

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Access international opportunities

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

EXAM PREPARATION GUIDE

1.0 TITLE: Auditing Procedure. 2.0 PURPOSE: To provide an outline and instructions on the GMCS auditing process of clients.

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

ISO Gap Analysis Excerpt from sample report

Part 5: Requirements for ABs FOOD SAFETY SYSTEM CERTIFICATION Part V: Requirements for Accreditation Bodies

EXAM PREPARATION GUIDE

Certification Process Overview

IPC Certification Scheme IPC Management Systems Auditors

Workshop Item 1 - ISO 9001: 2008 migration

LICS Certification Scheme

IMPLEMENTATION COURSE (MODULE 1) (ISO 9001:2008 AVAILABLE ON REQUEST)

EA-7/05 - EA Guidance on the Application of ISO/IEC 17021:2006 for Combined Audits

General Data Protection Regulation (GDPR)

EXAM PREPARATION GUIDE

IAF Mandatory Document for the Transfer of Accredited Certification of Management Systems

Master the Audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001

Global Statement of Business Continuity

ISO : Competence Requirements Clause 7

Master the Audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001

ISO27001:2013 The New Standard Revised Edition

Data Sheet The PCI DSS

TR TECHNICAL REQUIREMENTS FOR CERTIFICATION BODIES IN THE FIELD OF ROAD TRANSPORT MANAGEMENT SYSTEMS. Approved By:

ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES

AUDITOR / LEAD AUDITOR PHARMACEUTICAL AND MEDICAL DEVICE INDUSTRY

PRODUCT SAFETY PROFESSIONAL CERTIFICATION PROGRAM DETAILS. Overview

IECEx Guide Guidance for Applications from Service Facilities seeking IECEx Certification

Information Security Exchange

VOLUNTARY CERTIFICATION SCHEME FOR MEDICINAL PLANT PRODUCE REQUIREMENTS FOR CERTIFICATION BODIES

Indonesia - SNI Certification Service Terms

Conformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:

UKAS Guidance for Bodies Offering Certification of Anti-Bribery Management Systems

TRAINING COURSE CERTIFICATION (TCC) COURSE REQUIREMENTS

The Role of the American National Standards Institute (ANSI) Irwin Silverstein, Ph.D. IPEA

SAAS Procedure 201B. SAAS Competence and Maintenance Requirements for SA8000 Social Accountability Program Managers, Auditors and Allied Experts

Transcription:

WLA Certification : Preparation and Management Australia 27-30 April 2015 By Driss HAMDOUNE MDJS Secretary General & WLA Security & Risk Management Committee Member

What kinds of risk is our business activity exposed to? Can we predict all the risks? 2

NEXT 3

So, how can we predict and manage any potential security related risk effectively? 4

Presentation structure 01 Procedure 02 Management 03 MDJS Experience 5

WLA Certification : Preparation procedure 1 2 3 Comparing current situation with Standard Requirements 4 Establishing an action Plan 5 Preassessment Action plan updating 6 Certification Preparation stage Preparation 6 months 6

Certification Procedure Setting up a GAP Analysis : to calculate the gap between the standard and the current practices in terms of corporate security, to determine whether the control was done or not, and to come up with an action plan to reduce or eliminate the gaps. Gap analysis: status of WLA SCS implementation WLA SCS clause Mandatory requirement for the ISMS Status Look for Findings Remarks / Recommendations G.1 Organization of security G.1.1 Allocation of security responsibilities G.1.1.1 Security forum A security forum or other organizational structure comprised of senior managers shall be formally established to monitor and review the ISMS, maintain formal minutes of meetings and convene at least every six months. A security function shall exist that will be responsible to draft and implement security strategies and action plans. It shall be involved in and review all G.1.1.2 processes regarding security aspects of the organization, including, but not be Security function limited to, the protection of information, communications, physical infrastructure,and game processes. D MD G.1.1.3 The security function shall report to no lower than executive level Security function management and not reside within or report to the IT function. reporting PNP 7

Certification Procedure : Prerequisites refers to the visual representation of processes and links between them Process Mapping describes in detail the stages, stakeholders and tools for each activity Procedures Manual Prerequisites Risk Map predict and prioritizes major risks in the lottery and plans to avoid or minimise them Incident Data Base contains the description of incidents and the actions carried out to manage them 8

Certification Procedure The Statement Of Applicability (SOA) is a document which : formally justifies the choices for the implementation or non implementation of all or part of the WLA clauses, covers the entire requirements of the WLA standard and determines their applicability to the Company, shall be produced by the Lottery before initiating the certification audit. SOA : A model Annex A reference Control title Control description Applicability Statement of Applicability Implemented control/s Comments Evidence Internal Audit comments A.5 Security Policy A5.1 Information security policy To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. A.5.1.1 A.5.1.2 Information security policy document Review of the information security policy An information security policy document shall be approved by management, and published and communicated to all employees and relevant external parties. The information security policy shall be reviewed at planned intervals or if significant changes occur to ensure its continuing suitability, adequacy, and effectiveness. Applicable Partially applicable ISMS policy on intranet Available to all employees with intranet http://intranet/policy.h access tml Comprehensive policy 9

Certification Procedure : Pre-assessment stage A pre-assessment process : ensures that all implementations are compliant with the requirements of the relevant standards enables the development of an action plan to reduce or eliminate gaps deviations prior to certification. is crucial before proceding to the final audit, may be carried out by internal teams, but it would be advisable if conducted by an external audit body. 10

Certification Procedure : Information This form must be filled in first and then sent to : WLA business offices, or a member of the WLA Safety and Risk Management Committee, or one of the WLA accredited auditors. 11

The accredited WLA certification auditors AENOR Asociación Española de Normalización y Certificación, Spain BMM Testlabs, Canada GLI Test Labs Canada ULC (dba TST, a GLI company), Canada BrightLine CPAs & Associates, Inc., the USA British Standards Institute (BSI), the UK Certification Europe Ltd, Ireland DNV Business Assurance, Norway Ernst & Young CertifyPoint KPMG IT Advisory, Netherlands (Holland)... 12

Certification validity Certification is valid for three years and is in fact since the certificate award date. NB : annual follow-up reviews shall be made to ensure continuing compliance. Certificate Annual audit Annual audit Recertification Initial Audit 12 months 24 months 3 years 13

The certification procedure success : the main pillars Managerial commitment review and monitor the project action plan define the project budget create a Safety Committee set up an adequate organization and assign the appropriate human resources Assignment of security responsibilities Security training Integration of information security Organization of security Security of Human Resources Staff training Code of conduct 14

WLA certification : Added value Physical security and security of the environment to implement the security policy related to the information systems; To design and implement the action plan for the physical security Scratch cards security To develop procedures for new games : transport, storage and distribution Security training for retailers POS security To instal security equipement (safes, access control, ) Improve points of sale control 15

WLA certification : Added value Online games security To develop procedure and charter for online games in line with regulations. Payment To manage payments more efficiently, To clarify the procedure for unclaimed prizes Sports betting security To control risks : preparation of the Totofoot games To Regulate and select the games 16

WLA certification : Added value WLA security standards provide best practices principles agreed on and compiled by experts and currently used by lotteries. Security and integrity of a lottery is essential to maintaining and fostering the client trust. 17

What is the ongoing commitment required once certification is achieved? 1 2 3 4 Information Organization review Training Annual review The organization shall establish, implement, maintain and continually improve an information security management system. Top management shall review the organization s information security management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness. Continuous Training and awareness of all staff. To Prepare to Mandatory annual Reviews 18

How can certification related documents be obtained? The standard and all useful information for certification can be downloaded from the address: http://www.world-lotteries.org 19

MDJS Morocco 20

Morocco The Moroccan market is shared between three state corporations. SOREC : Horserace betting MDJS : Sports betting and scratch cards SGLN : Gambling In the absence of an official regulatory body, this role is fulfilled by three lotteries : Be a barrier to illegal gambling Be a responsible gambling actor protecting minors and participants against addiction. Provide additional revenue for the state to fight tax evasion related to illegal gambling. The total turnover for 2014 is 800 million Euros compared to 720 million Euros in 2013. 21

Morocco : La Marocaine des Jeux et des sports (MDJS) First lottery in Africa to be certified : ISO 27001 (2005) WLA Security Control standard (2005) Responsible Gaming (2013) First lottery in Morocco to be certified : Corporate Social Responsibility (2014) First lottery in Morocco to conform : to the personal data protection law (2011) 22

MDJS WLA certification : Merits The certification enables us to : predict and manage any potential security risk effectively, comply with the national and international legislations and standards, Increase security levels for our clients and players, develop our competitive advantage, consolidate MDJS brand image. 23

Conclusion I would highly recommend WLA certification 24

Thank you! Driss HAMDOUNE d.hamdoune@mdjs.ma 25

NEXT 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback