1.35 Data governance shall be in place to address data processing integrity and protection of sensitive data.
1.36 Sensitive data, including player information and data relevant to determining game outcomes, shall be secured and protected from unauthorized access or use at all times.
Requirements – At a minimum:
1.37 Player information shall be securely protected and its usage controlled by OLG.
Requirements – At a minimum:
1.38 Removed January 2022
1.39 Communication of sensitive game data shall be protected for integrity.
1.40 Procedures shall be established and documented for IT operations and incident management, including managing, monitoring, and responding to security and processing integrity events.
Requirements – At a minimum:
1.41 Gaming applications on all portable devices shall be appropriately secured.
Guidance: This Standard is not intended to capture players using their own portable devices such as their smartphones, but rather employees or players using portable devices to access the Operator’s gaming system.
1.42 Operators and gaming-related suppliers shall only contract with reputable suppliers.
1.43 Service levels for management of suppliers shall be established.
Requirements – At a minimum:
1.44 Operators and gaming-related suppliers shall provide the Registrar with a list of suppliers that provide them with goods or services in relation to lottery schemes and shall ensure that this list is kept up to date.