Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

GC RTS Consultancy Services

UK’s most experienced and proficient information security auditors has been conducting RTS audits for over a decade

GC RTS Consultancy Services

The Gambling Commission (GC) Remote Gambling and Technical Software Standards (RTS)

In order to operate a remote gambling product in the UK, licensed remote gambling operators and software gambling operators are required to conform with the Gambling Commission’s (GC) Remote Gambling and Technical Software Standards (RTS).  A key objective of the RTS is to “ensure customers are not exposed to unnecessary security risks by choosing to participate in remote gambling”.  To this end, licensees need to meet specific security requirements, which are based on implementing a subset of ISO 27001 Annex A controls.  It should be noted that there is no requirement to implement any of the main management system clauses of ISO 27001.

Applicable remote licensees also need to undergo an annual security audit conducted by an independent and suitably qualified auditor.  If your organisation needs to comply with GC’s RTS, URM can offer a range of consultancy and assessment services.

RTS Gap Analysis

If your organisation is looking to operate a remote gambling product in the UK and needs to meet the security requirements of the RTS, URM is able to conduct a gap analysis of the security controls you have implemented against the control areas from the Standard.  These control areas taken from ISO 27001 cover such topics as information security policies, human resource security, access control, cryptography, physical and environmental security, supplier relationships etc.   The focus of the gap analysis will be the controls that are protecting critical systems, e.g., electronic systems involved in processing payment card information or systems involved in the generation of random numbers or communication networks that transmit sensitive customer information.  Following the gap analysis, URM will produce a report which will not only detail those areas where your organisation needs to develop or improve your control implementation but also recommendations on how to address any gaps.

Implementation Support

Following your gap analysis, URM can help you with any remediation work particularly in developing policies (e.g., IS Policy and supporting policies), processes and a suitable training programme.  Some of the policies and processes may be existing documents which need amending or refining, whereas others may need to developed from scratch.  Whichever it is, URM will ensure they are developed with 2 goals in mind.  Firstly, they will be tailored to match your culture and style and reflect what you actually do.  Secondly, our consultants will ensure that anything produced will fully meet the requirements of GC RTS.

RTS Assessment Services

URM is one of the UK’s most experienced and proficient information security auditing organisations and has been conducting RTS audits for over a decade..  When conducting and reporting on GC RTS audits, URM follows the guidance and advice provided by the GC.  As such, the methodology for conducting audits will be based on enquiry, evidence and observation.  In terms of observation, this is ideally carried out on site and there is an expectation from the GC, unless particular circumstances dictate, that a number of key controls are audited on site.  

The evidence that will be required comprises policies, procedures and documents, such as an IT security policy supported by policies on user access, data backup, change management, cryptographic controls etc.  URM will seek to gather evidence on specific audit areas such as network diagrams, software changes, reviews of penetration tests and vulnerability scans, audit log reviews and training records.  We will look to conduct staff interviews and walkthroughs with evidence noted for selected processes

When reporting on audit results, URM adopts the same terminology as per ISO 27001 certification audits, i.e., major nonconformities, minor nonconformities and opportunities for improvement.  For each control, URM will indicate what evidence was observed and whether your organisation conforms.  If it doesn’t, URM will indicate the level of nonconformance.  For all non conformances, URM will indicate what needs to be done to remedy the situation.

Get in touch

Please note, we can only process business email addresses.

Why URM?

Track record

URM is one of the UK’s most experienced and proficient information security auditors and has been conducting RTS audits for over a decade and has conducted hundreds of ISO 27001-related audits.  URM has an unparalleled track record of assisting over 400 organisations to achieve and maintain certification to ISO 27001 and as such is perfectly placed to not only conduct audits but conduct gap analyses and help organisations remediate any gaps identified.

Assessor Competence

The Gambling Commission requires that the annual security audit is conducted by an independent and suitably qualified auditor.  All of URM’s auditors hold one or more of the main recognised qualifications, e.g., ISO 27001 Lead Auditor, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).  A number also hold the Payment Card Industry Qualified Security Assessor (PCI QSA) qualification.  Furthermore, RTS audit reports are all peer reviewed before being submitted.

Achieving optimum balance

If used to remediate any gaps, URM’s goal is to achieve the optimum balance between meeting the RTS control requirements and ensuring the control (e.g., policy, process or other documentation) is tailored to your organisation’s size, culture and business objectives.

Information Security FAQISO 27001 FAQ

Developing an ISO 27001 Information Security Policy

Published on
5/11/2024

URM’s blog discusses how to develop and implement an information security policy that fully conforms to both your organisation’s and ISO 27001 requirements.

Read more
Thumbnail of the Blog Illustration
Internal Audit
Published on
18/10/2024
Internal Auditing of Management Systems

URM’s blog explains how to plan and execute effective and conformant internal audits of management systems at each stage of the internal audit process.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
4/10/2024
Implementing and Auditing ‘People Controls’ from ISO 27001:2022

URM’s blog explains why ‘people’ warrants its own control theme in ISO 27001 and how to prepare for a people controls audit, offering advice for each control.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
20/9/2024
ISO 27002, the Unsung Hero

URM’s blog explains what ISO 27002 is, how it can benefit your organisation, & how you can use it to support your implementation of an ISO 27001-conformant ISMS

Read more
"
The partnership approach URM takes is genuine. Our relationship with URM is not hard-nosed or overly commercialised, and feels much closer to a partnership arrangement than any other security consultancy providers we have worked with. If we had a new piece of work that we needed external help with, URM would be our first port of call for assistance.
CISO at University of Surrey
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.