Gala Coral Interactive - ISO27001
Gala Coral Interactive achieves ISO27001 in just 10 months with CNS Group
Gala Coral Interactive (GCI), one of the UK’s largest gaming firms, was required to gain and maintain an operational Information Security Management System (ISMS) that conformed to ISO/IEC 27001:2013 for its online gambling services and to provide ongoing assurance to the industry regulators, in this case The Gaming Commission. GCI already had stringent security controls and processes in place, but was eager to gain this certification as part of its on-going assurance to the governing bodies. GCI was working to tight deadlines and, after a rigorous supplier selection process, chose CNS to deliver the consultancy needed to ensure these deadlines were met.
Gala Coral Interactive Ltd is a dedicated division of the Gala Coral Group, specifically developed as an online presence to offer a world class bingo and casino gaming service. Their brands include Coral, Gala Bingo & Gala Casino and they are one of the UK’s largest gaming firms both online and on the high street.
“We have found CNS to be a responsible and trustworthy business partner who deals with integrity and respect.
We really appreciate efforts put by each one of CNS professionals for making GCI more robust and security compliant. Because of such efforts only, we have successfully closed the ISO audit.”
Information Security Manager, GCI.
The main challenge faced by GCI and CNS was time. A fully operational ISM system needed to bein place within 10 months and pass the audit without any non-conformities.
In order to meet these requirements, CNS had to quickly understand the business and security philosophy of GCI and ensure that the ISMS created would integrate properly.
CNS provided GCI with up to 3 ISO27001 lead auditors to ensure that the project was delivered in time. The project followed CNS’s standard methodology and stages:
Stage 1 – GAP Analysis
Stage 2 – Creation of Governance Structure
Stage 3 – Risk Assessment
Stage 4 – Assistance with creation and review of Core Policies and Procedures
Stage 5 – Risk Remediation Activity
Stage 6 – Training & Awareness
Stage 7 – Pre-Audit Readiness Review
Stage 8 – Certification Audit
As a result, GCI passed its ISO27001:2013 on 26th March 2015. The relationship between GCI and CNS has continued to grow and CNS will be assisting GCI throughout 2016 to ensure that their compliance is retained, which will be achieved through CNS’s annual MYQSA service.
To find out more about CNS Group’s Compliance and Consulting services, click here.