The WLA Security Control Standard:2016 (WLA-SCS:2016)
The security of a lottery plays a critical role in maintaining the confidence and trust of the public in its lottery games. It is vital, therefore, that a lottery organization develops and maintains a visible and documented security environment in order to achieve and sustain public confidence in its operations.
The WLA SCS is the lottery sector's only internationally recognized security standard. The WLA SCS couples a comprehensive information security management baseline incorporating ISO/IEC 27001:2013, a leading international standard for information security management, with additional lottery-specific security controls representing current best practice. The WLA SCS is designed to assist the lottery sector around the globe in obtaining a level of security controls in line with generally accepted best practices, to enable an increased reliance on the integrity of lottery operations. The WLA SCS specifies the required practices for an effective security management structure by which a lottery may maintain the integrity, availability, and confidentiality of information vital to its secure operation.
Lottery and gaming organizers have a business need to develop environments that maintain a visible and documented security and integrity position so as to retain the confidence of players and other stakeholders alike. The WLA Security Control Standard (WLA-SCS) is designed to help lottery and gaming organizers around the world achieve levels of control that are in accordance with both generally accepted information security and quality practices as well as specific industry requirements. Certification to the WLA-SCS provides an objective measure of a lottery and gaming organizer’s security control and risk management performance.
The WLA-SCS has been prepared by the WLA Security and Risk Management Committee (WLA SRMC), which includes representatives and security specialists from lottery and gaming organizers from around the world. By comparing current security and integrity practices used in the industry with those approved by lottery experts, a solid security and risk management framework for lottery and gaming organizers has been established. The WLA SRMC reviews all security control standards for use by the lottery and gaming sector, acts as a focal point for the sector on security issues and oversees the certification process whereby lottery and gaming organizers’ compliance with the WLA-SCS is verified.
The WLA-SCS is aligned with ISO/IEC 27001 and ISO 9001 to allow for consistent and integrated implementation and operation with related management standards. As a result, a single, suitably designed management system can satisfy the requirements of all these ISO and WLA standards.
The WLA-SCS consists of two parts that specify the minimum controls necessary for the effective management of security and integrity in a lottery and gaming organization. The first part (Annex A – General Security and Integrity Control Objectives and Controls) incorporates the ISO/IEC 27001 compliance within a global scope, with a further 23 WLA basic controls adjoined. The second part (Annex B – Lottery and Gaming Specific Security and Integrity Control Objectives and Controls) furnishes an additional 114 lottery and gaming-specific security and integrity controls representing current best practice.
The WLA-SCS incorporates baseline requirements and controls within the lottery and gaming organizer’s overall security, integrity, and risk management process; avoiding overlaps with more general security frameworks. It provides lottery and gaming security and integrity professionals with a process whereby they can formally manage, update, and continuously improve their controls. Compliance with the WLA-SCS:2016 enables WLA members to ensure the integrity, availability, and confidentiality of information vital to their secure operation.
The latest edition of the WLA Security Control Standard is distinguished from previous issues of the standard by the year of its approval, 2016 (WLA-SCS:2016). The WLA-SCS:2016 incorporates new sector-specific controls for the secure operation of Internet and interactive sales and gaming services as well as the secure handling of gaming operations. WLA-SCS:2016 replaces the previous version of the standard, WLASCS:2012, and all other versions released prior to the 2012 edition. Below you will find the WLA-SCS:2016 standard documentation for downloading.
Transition from WLA-SCS:2012 to WLA-SCS:2016
The objective of this revision is to maintain a standard that meets a constantly evolving security context. In addition, certain developments in the lottery industry, including the growth of games delivered by means of remote digital interactive services, require the integration of associated security and integrity parameters.
For the new version, WLA-SCS:2016, a total of 26 additional checks were added, including:
- On Lottery Draws (L2) in order to specify the parameters specific to electronic draws
- On Digital Sales Channels and Interactive Services (L6) in order to take into account the digital developments of recent years and in particular to secure remote digital interactive payments
- On Sports Betting (L7) in order to reinforce the existing controls in the face of an activity that is experiencing significant growth and at the same time generates major risks for the integrity of sport
- The new WLA-SCS:2016 documentation is available in English right below. In order to visualize the evolution and the additions that characterize the 2016 version compared to 2012, you will find here:
WLA SCS – Changes 2012 to 2016
The SRMC has established transition rules so that certified members will gradually align themselves to the 2016 version in the upcoming cycle. These rules are accessible here:
Full text of the WLA Standards:2016
Supplemental Security Guidelines
The WLA Security and Risk Management Committee understands that while the WLA Security Control Standard provides material assistance for lotteries wishing to align their operations with generally accepted practice, additional challenges exist that are not covered by them. As such, and as a way to keep current with the challenges faced by the industry, the Committee offers these guidelines covering additional topics of present concern. While no organization would be held responsible for abiding by the recommendations contained in any guideline as part of their quest to achieve certification against the WLA-SCS, it is the Committee's hope that they will provide the needed direction to help decision makers understand the risks inherent in the operations covered. Future versions of the WLA-SCS may incorporate elements of these guidelines, which will be regularly updated as need dictates.
Internal Auditing Guidelines
Recommendations on internal auditing for lottery operators. What is internal auditing and why should a lottery have it and how to conduct an internal audit with-in your organization.