The ideal candidate will provide quality audit services, with specialization and expertise in penetration testing, vulnerability scanning and compliance with the ISO 27001:2013 security framework.

In order for the Lottery maintain its integrity and ensure that the appropriate internal controls and security measures are in place, a comprehensive audit of the Lottery’s security controls must include:

  • Security Department Management, Duties, and Procedures;
  • Physical Security;
  • Information Systems Security (including Internal Control System (ICS), WiFi, Firewalls, Network Diagrams, etc.);
  • Security surrounding Draw Game drawings;
  • Business Continuity Planning (as it relates to Hoosier Lottery, only – not specific to IGT Indiana, unless explicitly stated);
  • A best-practices assessment of Lottery practices investigating potential fraud;
  • Penetration testing of the Lottery network (Internal Control System (ICS), WiFi, Switches, Firewalls, VPN, VLANs, and Secure File Transfer Protocol (SFTP) workstations);
  • Vulnerability scanning for Lottery devices;
  • Adherence to ISO 27001:2013 security framework and the requirements of the World Lottery Association Security Control Standard (WLA-SCS).

RFP submission dates:

Response Part One, Submission Form due date and time: June 28, 2023 @ 3:00 PM ET

Response Part Two, Submission of Proposals by flash drive due date and time: July 3, 2023 @ 4:30 PM ET

Full details of the RFP process and criteria can be found at this link.