10 Del. Admin. Code § 206-15.0

Current through Reigster Vol. 28, No. 6, December 1, 2024
Section 206-15.0 - Gaming Records

Method of Storage

15.1 Daily backup and recovery procedures shall be in place and include:
15.1.1 Application data
15.1.2 Application executable files, unless such files can be reinstalled.
15.1.3 Database contents and transaction logs
15.2 Backup media shall be transferred to a storage location which is secured to prevent unauthorized access and provides adequate physically protection to prevent the permanent loss of any data.
15.3 Reports and other documents/records may be directly written to an electronic document retention system in a portable document format (PDF) or scanned to an electronic document retention system into either a portable document format or standard image format provided that the system:
15.3.1 Is properly configured to maintain the original version along with all subsequent versions reflecting all changes to the document;
15.3.2 Maintains a unique "hash" signature or provides a mechanism for identifying and alterations made to each version of the document;
15.3.3 Retains and reports a complete log of changes to all documents including who (user ID and name) performed the changes and when (date and time);
15.3.4 Provides a method of complete indexing for easily locating and identifying the document including at least the following (which may be input by the user):
15.3.4.1 Date and time document was generated;
15.3.4.2 Application or system generating the document;
15.3.4.3 Title and description of the document;
15.3.4.4 Name and title of the user/employee generating the document; and
15.3.4.5 Any other information that may be useful in identifying the document and its purpose.
15.3.5 Is configured to limit access to modify or add documents to the system through logical security of specific user accounts; and
15.3.6 Is configured to provide a complete audit trail of all administrative user account activity.
15.4 Electronic document retention systems may utilize CD-ROM, DVD-ROM, Hard Drive, or other type of storage, but the system must be properly secured through use of logical security measures (user accounts with appropriate access, proper levels of event logging, and document the version control, etc.) and the system must be physically secured with all other critical components of the interactive gaming system.
15.5 Electronic document retention systems must be equipped to prevent disruption of document availability and loss of data through hardware and software redundancy best practices, and backup processes.

Duration of Storage

15.6 All gaming records are to be kept for a minimum of five years.

Access Controls

15.7 Production networks serving an Internet lottery system and its components shall be secured from outside traffic and systems shall be configured to detect and report security-related events.
15.8 Network shared drives containing application files and data for interactive gaming system shall be secured such that only authorized personnel may gain access.
15.9 Login accounts and passwords required to administer network and other equipment are secured such that only authorized IT personnel may gain access to these devices.
15.10 Remote access to the Internet lottery system components (production servers, operating system, network infrastructure, application, database and other components) shall be limited to authorized IT department personnel employed by the technology provider of the Internet lottery system.
15.11 Remote access by vendor personnel to any component of the Internet lottery system is allowed for purposes of support or updates and is enabled only when approved by authorized IT personnel employed by the technology provider. If the remote access to a database is performed by unlicensed vendor personnel, the remote access must be continuously monitored by IT personnel employed by the technology provider of the Internet lottery system.
15.12 Remote access to any component of the Internet lottery system shall not result in the transfer of personally identifiable information outside of the United States.

10 Del. Admin. Code § 206-15.0

17 DE Reg. 317 (9/1/2013) (Final)