• Information Security
  • News

Betsson Group re-certified with ISO27001:2013 Security Certification

For the third year running, Betsson Group and its brands have once again been certified as ISO27001:2013 compliant – the international standard for implementing an Information Security Management System (ISMS).

This accomplishment demonstrates Betsson’s continuous dedication to upholding the strictest requirements for handling data security on all its online gaming platforms.

The re-certification was confirmed by the British Assessment Bureau (BAB) – an international, independent, and reputable testing agency accredited by the United Kingdom Accreditation Service (UKAS) – the sole body appointed by the UK Government to provide accreditation to certification bodies in the UK. Betsson Group was certified as ISO27001:2013 compliant following a thorough examination of every level of the organisation.

“The renewal of our certification demonstrates our continued commitment to securing our customers’ and clients’ data such that all procedures across the entire organisation meet or exceed the ISO criteria,” stated Donald Tabone, Chief Information Security Office at Betsson Group. “I am really pleased that we successfully managed to go through the rigorous certification process and that the accreditation body did not find any issues within our processes. This verifies the outstanding effort that Betsson continuously makes to ensure our consumers have the best experience in the industry on a fully secure platform.”

As part of its continued commitment to security, Betsson Group is on a journey to continuously improve its security posture whilst upholding and surpassing ISO standards for the protection of both corporate and client data. As is the norm, yearly external audits are frequently carried out to confirm Betsson’s ongoing compliance.

Since 2014, Betsson Group is also PCI-DSS Level 1 certified to meet all compliance requirements of the Payment Card Industry’s (PCI) Data Security Standard (DSS) for Service Providers. The PCI-DSS is a comprehensive set of control requirements that mandate strict information security controls, policies and procedures are implemented by service providers that store, process, or transfer any credit card data. Created in 2004 by leading payment card companies, this certification is the highest and most stringent level of certification available to payment service providers.


ABOUT ISO27001:2013

ISO 27001:2013 is the strictest international standard available for Information Security Management Systems (ISMS). Through the implementation of the necessary steps in order to comply with this standard, organisations are able to identify, control, and eliminate security risks. Certification is achieved following a lengthy, systematic and rigorous external examination of the organisation’s information security risk profile. The accreditation certifies the security practices adopted within the certified organisation and is subject to yearly external audits performed by an independent accredited registrar company.