Change Management

1.30 A system development lifecycle that considers security and processing integrity shall be in place for gaming system technology developed in-house.

1.31 Due diligence must be performed on all acquired gaming system technology to ensure security and processing integrity requirements are met.

1.32 A testing strategy to address changes in technology shall be in place to ensure that deployed gaming systems operate as intended.

1.33 All gaming system changes shall be appropriately, consistently and clearly documented, reviewed, tested and approved.

Requirements – At a minimum:

1. All gaming system technology components are installed and maintained in accordance with the appropriate change management procedures.
2. Requests for changes and maintenance of the gaming system are standardized and are subject to change management procedures.
3. Emergency changes are approved, tested, documented, and monitored.
4. Change management procedures shall account for segregation of duties between development and production.
5. Only dedicated and specific accounts may be used to make changes.

1.34 The gaming system shall be able to detect unauthorized changes.