§ 809a.5. Access to equipment.
(a) The interactive gaming certificate holder and interactive gaming operator shall limit and control access to the primary server and any secondary servers by ensuring all of the following:
(1) Maintain access codes and other computer security controls.
(2) Maintain logs of user access, security incidents and unusual transactions.
(3) Coordinate and develop an education and training program on information security and privacy matters for employees and other authorized users.
(4) Ensure compliance with all State and Federal information security policies and rules.
(5) Prepare and maintain security-related reports and data.
(6) Develop and implement an incident reporting and response system to address security breaches, policy violations and complaints from external parties.
(7) Develop and implement an ongoing risk assessment program that targets information security and privacy matters by identifying methods for vulnerability detection and remediation and overseeing the testing of those methods.
(b) Remote access to an interactive gaming certificate holder or interactive gaming operators interactive gaming system is only permitted as follows:
(1) To Board employees upon request and without limitation.
(2) For testing purposes with prior approval from and as limited by the Board.
(3) By employees of an interactive gaming certificate holder or an interactive gaming operator with prior approval from and as limited by the Board.
(c) All interactive gaming certificate holders or interactive gaming operators interactive gaming systems must be available for independent testing by the Board, without limitation.
No part of the information on this site may be reproduced for profit or sold for profit.
This material has been drawn directly from the official Pennsylvania Code full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.