The objective of this section is to link environmental and deployment requirements to ERS design.
71.1 Communication protocol among ERS components over network infrastructure must be secure and must maintain Raffle Game integrity.
71.2 Network components must have synchronized time to preserve logging and auditing capability.
71.3 All gaming related network traffic exposed to public network lines must be secured using an industry standard method proven to prevent any security threats.
7.1.4 Network architecture must be designed in a way to prevent that a large volume of communications causes an integrity issue.
7.2.1 Any remote access methods and associated procedures must limit access to authorized users and systems to perform specific tasks only through a secure link.
7.2.2 Remote access to ERS may only be granted to either the Charity or the Gaming-Related Supplier via a secure method (e.g. VPN client with two-factor authentication), provided the access is monitored and the following records are created and captured in an automated fashion that prevents alteration of the records, at a minimum:
7.3.1 Publicly exposed ERS (e.g. Web applications accessible through public networks) must be protected with adequate security measures to prevent any integrity or security issues.
7.3.2 ERS’, including all related components, that are publicly exposed must be independently assessed prior to initial deployment, and on a regular basis thereafter, in accordance with industry good practice security frameworks by qualified individuals to ensure that security vulnerabilities are identified and assessed, and risks are promptly mitigated or otherwise confirmed to be negligible.
7.3.3 Modifications to publicly exposed ERS may require assessment, as well, depending on the complexity and number of changes. These will be assessed on a case-by-case basis.
7.4.1 The Gaming-Related Suppliers or Charity must provide necessary information, training and tools pertaining to the Electronic Raffle Systems for which the approval is being requested to help facilitate AGCO assessment, testing, and issuing decisions in a timely manner.
Note: As per AGCO Info Bulletin No. 89 from November 30, 2018, Charities have the flexibility to develop and use their own ERS solution.
7.4.2 All requests for approval of Electronic Raffle Systems must adhere to the, “AGCO Gaming Technology Submission Requirements”, including being accompanied with fully and accurately completed iAGCO submission.
7.5.1 Gaming-Related Suppliers and Charities must promptly notify the Registrar per Notification Matrix – Electronic Raffles of any integrity, security or accounting capability concerns with the approved Electronic Raffle Systems.