La. Admin. Code tit. 42 § III-2803
Current through Register Vol. 50, No. 6, June 20, 2024
Section III-2803 - Assessment AuditsA. A licensee and casino operator shall develop and maintain computer systems and procedures in compliance with standards recognized as industry accepted "information security standard" as selected by the licensee or casino operator.B. A licensee and casino operator shall, no later than 36 months from its last assessment, submit the results of an independent network security risk assessment to the division for review, subject to the following requirements: 1. the testing organization must be independent of the licensee and casino operator;2. results from the network security risk assessment shall be submitted to the division no later than 90 days after the assessment is conducted.C. At the discretion of the division, additional network security risk assessments may be required.D. A licensee and casino operator shall periodically, but no later than 36 months from its last assessment, assess the risk to operations, assets, patrons, employees, and other individuals or entities resulting from the operation of the casinos computer systems and the processing, storage, or transmission of information and data. The assessment shall be documented and recorded in a manner that can be displayed or printed upon demand by the board or division and shall be maintained for a period of five years. Licensees and casino operators shall assess the collection of personnel and patron data annually to ensure that only information necessary for the operation of the business is collected and maintained. No unnecessary personal information shall be retained.La. Admin. Code tit. 42, § III-2803
Promulgated by the Department of Public Safety and Corrections, Gaming Control Board, LR 442016 (11/1/2018).AUTHORITY NOTE: Promulgated in accordance with R.S. 27:15 and 24.