Cathara Consulting was engaged by a major online gaming company to design and implement an Information Governance environment and corresponding Information Security controls to ensure compliance with stringent national and international legislation.
The online gaming environment presented an interesting challenge, with inhouse leading-edge development and support of core Cloud-based products with a 24/7 up time, complemented by customer services that are spread across the globe and have to adhere to a plethora of information security and privacy regulations.
This fast-growing company urgently required a set of complementary competencies to obtain a legally sound position in the event of a legal challenge to their gaming, financial, information security and data privacy capability.
The engagement commenced with an analysis of the various legislations and regulations to obtain an understanding of the nature of the clauses and conditions. Taking the most stringent versions of the requirements, a list of documentation, tools, activities and supporting technology was then compiled to enable the organisation to reach a defensible level of compliance.
Policies, procedures and standards were developed, held against requirements and discussed with key business and technology stakeholders. For an easy overview of the various documents, a taxonomy was created indicating the purpose of the policies, procedures and standards, and how they related to each other. They were categorised under Information Governance, Information Security, People and Support & Services.
As governance documentation and processes were finalised, implementation plans were developed to ensure effective embedding within the organisation. This included training and awareness sessions, and international video conference inductions. At the same time the supporting Technology solutions were evaluated against architectural considerations, selected and procurement processes initiated.
All these activities were managed against time and budget in close cooperation with the owner of the initiative, the Chief Technology Officer (CTO). This ensured that any obstacles to success could be overcome and compliance deadlines were met. Meanwhile, domain knowledge was available to answer any questions, both from within the organisation and from external compliance bodies.
All policies, processes and standards, while tailored to fit the organisation, conformed to the ISO27001 Information Security Standard.
The Information Governance and Security environment as designed and implemented was strategically based on the components People, Process, Information and Technology and adhered to the principles of Confidentiality, Integrity and Availability (CIA).
It successfully withstood a stringent audit by the Malta Gaming Authority (MGA) and was compliant with data privacy legislation laid down by the General Data Privacy Regulation (GDPR), the Australian Privacy Act, principles and the Notifiable Data Breach Scheme.
Executive praise was received for the way in which the environment was implemented, in the process laying the foundation for a full-fledged Information Security Management System (ISMS) while remaining aligned with company values and culture.
The trust and confidence that Cathara’s staff have for them, their regular contact, and making themselves readilaccessible, results in their maintaining a close knowledge and awareness of project and account activities