7 Electronic Raffle System (ERS) Environment and Deployment
The objective of this section is to link environmental and deployment requirements to ERS design.
7.1 Network Infrastructure
71.1 Communication protocol among ERS components over network infrastructure must be secure and must maintain Raffle Game integrity.
71.2 Network components must have synchronized time to preserve logging and auditing capability.
71.3 All gaming related network traffic exposed to public network lines must be secured using an industry standard method proven to prevent any security threats.
7.1.4 Network architecture must be designed in a way to prevent that a large volume of communications causes an integrity issue.
7.2 Remote Access to Backend System
7.2.1 Any remote access methods and associated procedures must limit access to authorized users and systems to perform specific tasks only through a secure link.
7.2.2 Remote access to ERS may only be granted to either the Charity or the Supplier from their respective secure business location by a method, such as VPN client with two-factor authentication, provided it is monitored and the following records were made, at a minimum:
- Log-on name
- Time, date and duration of the connection
- Activity while logged-on
- Specific areas accessed
- Raffle related changes made
7.3 Independent Security Assessment
7.3.1 Publicly exposed ERS (e.g. Web applications accessible through public networks) must be protected with adequate security measures to prevent any integrity or security issues.
7.3.2 New ERS that are publicly exposed must be assessed in accordance with industry good practices security frameworks by qualified individuals to ensure that security vulnerabilities are identified and assessed, and risks are confirmed to be negligible through security/penetration testing, as applicable.
7.3.3 Modifications to publicly exposed ERS may require assessment, as well, depending on the complexity and number of changes. These will be assessed on a case-by-case basis.
7.4 Submission Requirements for Approval of Electronic Raffle Systems
7.4.1 Suppliers or Charity must provide necessary information, training and tools pertaining to the Electronic Raffle Systems for which the approval is being requested to help facilitate AGCO assessment, testing, and issuing decisions in a timely manner.
Note: As per AGCO Info Bulletin No. 89 from November 30, 2018, Charities have the flexibility to develop and use their own ERS solution.
7.4.2 All requests for approval of Electronic Raffle Systems must adhere to the submission requirements, “AGCO Electronic Raffle Systems Submission Requirements”, including being accompanied with fully and accurately completed AGCO submission form(s).
Note: Submission materials may be most efficiently provided via a secure electronic mechanism, e.g. sFTP.
7.5 Ensuring the Ongoing Integrity of Approved Electronic Raffle Systems
7.5.1 Suppliers and Charities must promptly notify the Registrar per Notification Matrix – Electronic Raffles of any integrity, security or accounting capability concerns with the approved Electronic Raffle Systems.