ECOGRA

Last updated

eCOGRA (eCommerce Online Gaming Regulation and Assurance) is a London-based testing agency and standards organisation in the realm of online gambling. The company was established in 2003 in the United Kingdom at the behest of the online gaming industry as the first industry self-regulation system. eCOGRA is a testing laboratory, inspection body, and certification body, specializing in the certification of online gaming software and the audit of Information Security Management Systems.

Contents

The organisation has been awarded the United Kingdom Accreditation Service (UKAS) ISO approvals ISO/IEC17025:2017 : General Requirements for the competence of testing and calibration laboratories for Bulgaria, Denmark, Great Britain, Greece, Netherlands, Switzerland and Sweden, ISO/IEC 17020:2012 : Requirements for the operation of various types of bodies performing inspection for Greece, Netherlands, Sweden and Switzerland, ISO/IEC 17065:2012 : Conformity assessment — Requirements for bodies certifying products, processes and services to provide product conformity certification, for Greece, Netherlands and Sweden and ISO/IEC 17021-1:2015 – Requirements for bodies providing audit and certification of management systems.

Regulated Market Certification Activities

Since the widespread regulation of online gambling in various jurisdictions, the company's focus has moved from pure self-regulation enabling player protection to the provision of regulatory compliance services in regulated markets. It is approved as a testing agency, inspection body and designated certification entity in various online gambling jurisdictions including Alderney, Buenos Aires Province, Buenos Aires City, Bulgaria, Colombia, Croatia, Czech Republic, Denmark, Estonia, First Cagayan, Gibraltar, Great Britain, Greece, Isle of Man, Italy, Jersey, Kahnawake, Latvia, Lithuania, Malta, Netherlands, New Jersey (Security), Ontario (Canada), Philippines, Portugal, Romania, Spain, Sweden and Switzerland.

ISO/IEC 27001 Certification Services

eCOGRA was the first testing laboratory that specialises in online gambling to have been awarded ISO/IEC 17021-1:2015 accreditation, which is a prerequisite for carrying out third-party ISO/IEC 27001:2013 audits and accredited certifications of Information Security Management Systems.

eCOGRA provides ISO/IEC 27001:2013 pre-certification assessments and accredited certifications, utilising the framework required in the ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015 standards.

eCOGRA has instituted an independent Impartiality Committee. The purpose of the Committee is to help safeguard the integrity of ISO/IEC 17021-related audits and certification of management systems, by enabling a consultation between appropriate interested parties to advise on matters affecting impartiality within eCOGRA including openness and public perception.

eGAP (eCOGRA Generally Accepted Practices)

The eGAP regime has particular emphasis on fair and responsible gambling, and these eGAP requirements are enforced through onsite reviews and continuous monitoring. One of the criteria used to determine trustworthy, reliable and safe online casinos is the approval of the organization. [1]

eCOGRA’s Safe and Fair Seal is awarded to online gaming operators that comply with eCOGRA’s Generally Accepted Practice (eGAP) Requirements [2] covering player protection, fair gaming and responsible operator behaviour. Applicants are assessed annually through onsite compliance reviews by eCOGRA compliance specialists. [3]

The eCOGRA Certified Software Seal is awarded to software suppliers which are able to demonstrate compliance with the applicable eGAP Requirements. Software developers or platform providers are assessed annually against software supplier requirements which pay particular focus on the internal controls governing the development processes and controls as well as the IT internal control and security environment. [4]

The company’s self-regulatory compliance activities are focused on the following policy objectives:

  1. The protection of vulnerable customers
  2. The prevention of underage gambling
  3. Combating fraudulent and criminal behaviour
  4. Protection of customer privacy and safeguarding of information
  5. Prompt and accurate customer payments
  6. Fair gaming (e.g. RNG and game evaluations)
  7. Responsible marketing
  8. Commitment to customer satisfaction and support
  9. Secure, safe and reliable operating environment

Related Research Articles

The ISO 9000 family is a set of five quality management systems (QMS) standards by the International Organization for Standardization (ISO) that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. ISO 9002 is a model for quality assurance in production and installation. ISO 9003 for quality assurance in final inspection and test. ISO 9004 gives guidance on achieving sustained organizational success.

Accreditation is the independent, third-party evaluation of a conformity assessment body against recognised standards, conveying formal demonstration of its impartiality and competence to carry out specific conformity assessment tasks.

<span class="mw-page-title-main">IT security standards</span> Technology standards and techniques

IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.

An environmental audit is a type of evaluation intended to identify environmental compliance and management system implementation gaps, along with related corrective actions. In this way they perform an analogous (similar) function to financial audits. There are generally two different types of environmental audits: compliance audits and management systems audits. Compliance audits tend to be the primary type in the US or within US-based multinationals.

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information security, cybersecurity and privacy protection — Information security controls.

The South African National Accreditation System (SANAS) is the official accreditation body for South Africa. Founded in 1996, SANAS is headquartered in Pretoria, South Africa. SANAS accreditation certificates are a formal recognition by the Government of South Africa that an organisation is competent to perform specific tasks.

ISO/IEC 27006 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Part of the ISO/IEC 27000 series of ISO/IEC Information Security Management System (ISMS) standards, it is titled Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems.

The ISO/IEC 27001 Lead Auditor certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/IEC 27001 standard and ISO 19011.

ISO/IEC 27001 Lead Implementer is a professional certification for professionals specializing in information security management systems (ISMS) based on the ISO/IEC 27001 standard. This professional certification is intended for information security professionals wanting to understand the steps required to implement the ISO/IEC 27001 standard.

<span class="mw-page-title-main">British Approvals Service for Cables</span>

British Approvals Service for Cables is an independent accredited certification body headquartered in Milton Keynes, United Kingdom. Here, the organization's dedicated testing laboratory also operates which is believed to be the largest of its type in Europe. BASEC was established in 1971 and principally provides product certification services for all types of cable and wire, ancillary products and management systems within the cable industry. The organization maintains operations throughout the world including Africa, Middle East, America, Asia and Europe.

Functional safety is the part of the overall safety of a system or piece of equipment that depends on automatic protection operating correctly in response to its inputs or failure in a predictable manner (fail-safe). The automatic protection system should be designed to properly handle likely human errors, systematic errors, hardware failures and operational/environmental stress.

The United Kingdom Accreditation Service (UKAS) is the sole national accreditation body recognised by the British government to assess the competence of organisations that provide certification, testing, inspection and calibration services. It evaluates these conformity assessment bodies and then accredits them where they are found to meet relevant internationally specified standards.

The Global Food Safety Initiative (GFSI) is a private organization working as a "coalition of action" from the Consumer Goods Forum (CGF), bringing together retailers and brand owners (manufacturers) from across the CGF membership, operating under multistakeholder governance, with the objective to create "an extended food safety community to oversee food safety standards for businesses and help provide access to safe food for people everywhere". GFSI's work in benchmarking and harmonisation aims to foster mutual acceptance of GFSI-recognized certification programmes across the industry, with the ambition to enable a "once certified, accepted everywhere" approach.

ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.

The European Gaming and Betting Association (EGBA) is the Brussels-based trade association representing the leading online gambling operators established, licensed and regulated within the EU. EGBA works together with national and EU authorities and other stakeholders towards a well-regulated and well-channelled online gambling market which provides a high level of consumer protection and takes account of the realities of the internet and online consumer demand. In 2021, EGBA's member companies had 225 online gambling licenses to provide their services to 29,8 million customers across 21 different European countries.

ISO/IEC 27701:2019 is a privacy extension to ISO/IEC 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.

SS 584 is an information security standard, published by Singapore Standards. The standard was last revised in 2015.

ISO/IEC 5230 is an international standard on the key requirements for a high-quality open source license compliance program. The standard was published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in late 2020. The standard is based on the Linux Foundation OpenChain Specification 2.1. It focuses on software supply chains, easier procurement and license compliance. Organizations that meet the requirements of the standard can self-certify to ISO/IEC 17021, from an accredited certification body or after successfully completing an audit.

<span class="mw-page-title-main">Standardisation Testing and Quality Certification</span> Science and technology agency of the Government of India

Standardisation Testing and Quality Certification (STQC) Directorate, established in 1980, is an authoritative body offering quality assurance services to IT and Electronics domains.

References

  1. "ECogra Casino » List of Approved eCOGRA Casinos for 2021".
  2. www.ecogra.org/egap Archived 2013-05-26 at the Wayback Machine
  3. Odeonbet
  4. Casino Without Game Limit