Pre–history
Any company, willing to go international, should consider and comply with international security standards, especially if the company deals with customers’ security sensitive information such as credit card info, billing history, account information, etc. One of our clients decided to go international and entrusted Hitech Service to help in getting through the whole process of compliance and this is the story about it.
Problem Evaluation
HiTech specialists carried out GAP-analysis of the company structure and processes following the sections of “Technical Standards and Guidelines for Internal Control Systems and Internet Gambling Systems”, v.3.7 (the document with agreed international security standards and processes issued by ALDERNEY GAMBLING CONTROL COMMISSION (AGCC)):
- Corporate Structure and Staffing
- Accounting Systems
- Customer Registration, Verification, Banking and Management
- eGaming
- Computer Controls
All GAPS that were found were afterwards analyzed by the senior management of the company and its stakeholders. Hitech Service worked out the proposed changes and the implementation schedule that was agreed on and the process started. Going a bit forward, we managed to implement all the changes to the processes and systems in 3 months, while the same very case is usually approximated to take twice as long.
Problem resolution
All required process documentation and records were developed by HiTech specialists according to the requirements and recommendations listed in “Technical Standards and Guidelines for Internal Control Systems and Internet Gambling Systems”, v.3.7, 13th November 2013. The list of these documents includes:
- Policies: Security Policy, Access Control Policy, Bring Your Own Device (BYOD) Policy, Software Entry Control Policy, Malware Policy, Mobile and Teleworking Policy, Secure Engineering Policy, Information Classification Policy, Information Transferring Policy, Change Management Policy.
- Procedures: Software Development procedure, Risk Management Procedure, Business Continuity Plan, Disaster Recovery Plan, Limited Information management procedure, Incident Management procedure, Training Procedure, Internal Audits Procedure etc.
- Instructions: Backup Instruction, Risk Assessment Instruction, Security Incidents Management Instruction, Crypto-control Instruction.
- SLA’s
The effectiveness of the implemented changes was checked by the company specialists and later confirmed by external audit.
During all the stages of the implementation process, HiTech specialists were using best practices, standards and methodologies that gave the opportunity to build effective system with controlled processes on the basis of continuous improvement.