Middle East and Africa
Information Security ISO/IEC 27001
WLA - Frequently Asked Questions
- Why do we need an international standard on security management within the lottery industry?
- Has WLASCS had international input?
- Does WLASCS overlap with ISO/IEC 27001?
- Is WLASCS technology independent?
- What does Accredited mean?
- What is the WLASCS?
- How long does a Certificate last?
- Why is the training offered to the ISO/ IEC 27001 standard?
- Is certification mandatory?
- Where is the standard available?
- Will certification require the disclosure of commercially sensitive information?
- How can I find out more?
Why do we need an international standard on security management within the lottery industry?
Many WLA members have expressed the need to have a common standard on best practice for security management. They would like to be able to implement security controls to meet their own business requirements as well as a set of controls for their business relationships with other Lotteries, in an international context. These lotteries see the need to share the benefits of common best practice at a true international level to ensure that they can protect their business processes and activities to satisfy these business needs, and for those who wish to participate in international lottery games.
Has WLASCS had international input?
YES. The WLA standard was devised by the Security and risk management committee. This included members (all involved in lotteries) from Norway, the United Kingdom, Sweden, Denmark, Germany, Greece, South Africa, Canada, the USA and Australia.
Does WLASCS overlap with ISO/IEC 27001?
YES. The WLA standard is based on the ISO/IEC 27001 standard, so that many of the requirements are the same. However, the WLA standard has been changed to apply specifically to the lottery industry, and so contains some specific security requirements. These include instant tickets, lottery draw management, retailer security and of unclaimed prize money and online gaming. Note that the WLA standard pertains to generic security management whereas ISO/IEC 27001 is specifically aimed at the information security management.
Is WLASCS technology independent?
YES, it is technology independent. WLASCS concentrates on the management aspects of security defining the controls in enough detail to make them applicable across many different applications, systems and technology platforms without losing any of the benefits provided by standardisation.
What does Accredited mean?
The WLA accredit the competence of Certification Bodies to perform audits against the standard it has produced. There are currently two bodies accredited to perform this certification, including BSI Management Systems. You should use an accredited body, so that your certificate is recognized by other lotteries. This will also ensure that the audit is carried out to a suitable level.
What is the WLASCS?
WLASCS stands for World Lottery Association Security Control Standard and specifies requirements for establishing, implementing and documenting a security management systems. It specifies security controls to be implemented by an organization following a risk assessment to identify the most appropriate control objectives and controls applicable to their own needs. It forms the basis of an assessment of the security management system of the whole, or part of an organisation and is used as the basis for the WLA certification.
How Long Does a Certificate last?
A Certificate will be valid normally for 3 years, subject to satisfactory maintenance of the management system, which will be checked during surveillance visits at least annually. Thereafter, Certificates will typically be renewed for a further 3 years.
Why is the training offered to the ISO/IEC 27001 standard?
The WLA standard uses the ISO/IEC 27001 standard as its basis, with certain changes to make it specific to the lottery industry. The training for the ISO/IEC 27001 standard provides the competencies to audit against the WLA standard, providing all the information needed without being industry specific. Training Courses
Is certification mandatory?
NO. At present certification to the WLA standard is on a voluntary basis. However, the standard has been produced in order to facilitate international business between lotteries.
Where is the standard available?
The WLA provide the standard to their members. The standard is available for download from the website, with access restricted by password. Contact the WLA business office in Basel for details (www.world-lotteries.org).
Will certification require the disclosure of commercially sensitive information?
NO. The WLASCS concentrates on the management aspects of information security. Auditing will be against these aspects, and not against information specifics.
How can I find out more?
BSI offers a range of Training Courses and Guides, to help organisations to understand the WLA standard and to achieve Accredited Certification. It is also possible to contact the WLA business office in Basel for more information.
Complete our Enquiry Form for further information.