1. No category

3. Requirements for sealed lottery tickets with a predetermined

16/12/2014
Reference number:
13Li6804
1. ------IND- 2015 0050 S-- EN- ------ 20150213 --- --- PROJET
Guideline conditions for lottery tickets,
terminal receipts, and random number
generators
1(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
Table of contents
Introduction ............................................................................................................................ 4
1. Definitions............................................................................................................................ 4
2. General ................................................................................................................................. 6
2.1
Winning outcomes and control of payout tables ......................................... 6
2.2
Events that may cause deviations in the distribution of winnings ............ 6
2.3
Specific condition for tickets in second-tier draws ...................................... 7
2.4
Lottery ticket and game information safeguards .......................................... 7
2.5
Deficiencies in lottery ticket qualities............................................................. 7
2.6
Changes in production ..................................................................................... 7
2.7
Access to information ...................................................................................... 7
2.8
Specific condition for random number generators ...................................... 7
2.9
Prize classes for sealed lottery tickets with a predetermined outcome ..... 7
2.10
Prize classes for non-sealed lottery tickets for which the results are not
predetermined ...................................................................................................................... 8
2.11
Prize classes for electronic lottery tickets ...................................................... 8
3. Requirements for sealed lottery tickets with a predetermined outcome ..................... 9
3.1
Prize class F1 ..................................................................................................... 9
3.2
Prize class F2 ..................................................................................................... 9
3.3
Prize class F3 ..................................................................................................... 9
3.4
Prize class F4 ................................................................................................... 10
4. Requirements for non-sealed lottery tickets for which the results are not
predetermined .................................................................................................................... 10
4.1
Prize class E1 ................................................................................................... 10
4.2
Prize class E2 ................................................................................................... 10
4.3
Prize class E3 ................................................................................................... 10
4.4
Prize class E4 ................................................................................................... 11
5. Requirements for electronic lottery tickets.................................................................... 11
5.1
Prize class EL1 ................................................................................................ 11
5.2
Prize class EL2 ................................................................................................ 11
6. Requirements for terminal receipts ................................................................................ 12
7. Requirements on the production of lottery tickets ...................................................... 12
7.1
General ............................................................................................................. 12
7.2
Access to premises for inspections .............................................................. 12
7.3
Access to information .................................................................................... 12
7.4
Management and organisation for production ........................................... 12
7.5
Threat and risk analysis .................................................................................. 12
7.6
Quality Controller and quality system .......................................................... 13
7.7
Premises of the lottery ticket producer........................................................ 13
7.7.1 Building design............................................................................................ 13
2(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
7.7.2
7.7.3
7.7.4
7.8
7.9
7.10
7.11
7.12
Entry and exit.............................................................................................. 14
Premises for finished lottery tickets......................................................... 14
Deliveries of lottery tickets ....................................................................... 14
Physical security .............................................................................................. 14
7.8.1 Intrusion alarm ........................................................................................... 14
7.8.2 Access control and access system ............................................................ 15
Handling finished lottery tickets and waste paper ..................................... 16
Delivery of finished lottery tickets ............................................................... 17
Specific conditions for video surveillance ................................................... 17
Information security ....................................................................................... 17
7.12.1 Information security in general ................................................................ 17
7.12.2 Game generation and validation .............................................................. 18
7.12.3 Computer rooms and technical safeguards for computers .................. 18
7.12.4 Personal codes and management of authorisations .............................. 19
7.12.5 Development work .................................................................................... 20
7.12.6 System for the replacement of damaged lottery tickets ........................ 20
3(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
Introduction
§ 14 of the Lotteries Act (1994:1000) states, inter alia, that sealed lottery tickets and
technical equipment used for stakes, draws, or control of lotteries shall be of an
approved type. It also states that decisions on type approval may be subject to
conditions. According to § 46 of the Lotteries Act, the Swedish Gambling
Authority is the authority that examines issues related to type approvals.1
1.
Definitions
The following definitions apply to these conditions
UV security feature
A UV-fluorescent image or pattern that is invisible to
the naked eye. The image/pattern shall only appear
when illuminated with UV light at a wavelength of
365 nm. The UV security feature shall fluoresce in a
colour that differs from the background on which it is
printed.
Electronic lottery ticket
A physical lottery ticket bearer that contains electronic
components and one or more tickets (not EMV cards).
Second-tier draw
A drawing in which your ticket is included in a draw for
which the value of the prize has been predetermined.
Lottery ticket with a predetermined outcome
A lottery ticket that reveals
directly to the ticket buyer whether it is a winner or a
loser [scratchers, instants, etc.].
Threat and risk analysis
A systematic assessment of internal and external threats
that could face the operation and the probability that
they will occur.
Chemical erasure protection
The paper contains chemicals that react
when exposed to solvents and/or oxidising agents
See Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying
down a procedure for the provision of information in the field of technical standards and
regulations and of rules on Information Society services (OJ L 204, 21.7.1998, p. 37,
Celex 398L0034), as amended by Directive 98/48/EC of the European Parliament and of the
Council (OJ L 217, 5.8.1998, p. 18, Celex 398L0048).
1
4(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
(alcohol, acids, hydrocarbons, chlorine, surfactant, etc.)
and thereby discolour the paper.
Copy protection
Document security features that change or become
defective when copied.
Lifting
Removal of layers, such as the material that is to be
scratched off, that hide the game information.
Microtext
Small text which to the naked eye gives the impression
of being a line with a maximum height of 0.30 mm and
a minimum length of 35 mm.
Relief
Letters, numbers, or symbols made with a thick layer of
ink which creates a raised surface on the paper.
Alternatively, letters, numbers, or symbols are pressed
into the paper, which indents the surface.
Reproduction
Imaging by the use of technical equipment with
subsequent print or printout.
RFID tag
Electronic key that uses Radio Frequency Identification
technology.
Random number generators
Technical instruments for the assembly
of numerical sequences that have certain statistical
properties in common with numerical sequences whose
occurrence is purely random according to a given
probability distribution.
Game information
The information on a lottery ticket that determines
whether it is a winner or a loser.
Terminal receipt
A receipt of payment made for a game or games,
sometimes referred to as a betting slip, normally a
terminal receipt which verifies that one has paid for or
wagered on a game.
UV security feature
A UV-fluorescent image or pattern. The image/pattern
appears when illuminated with UV light at a wavelength
of 365 nm. The UV security feature shall fluoresce in a
5(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
colour that differs from the background on which it is
printed.
Watermark
Images or patterns produced in the paper
manufacturing process and which appear when light
passes through.
Security pattern
A security pattern shall consist of thin lines in at least
two colours with a maximum line width of 0.10 mm and
meet at sharp angles. A security pattern may also be a
line relief, i.e. thin solid lines create a design that gives
the impression of being in relief (three-dimensional).
Overprint
A printed image or pattern that is placed on the top
surface of a scratch coating or the like. The overprint
shall be designed such that it gives a clear indication if
the scratch coating has been lifted.
2.
General
The holder of a type approval shall ensure that the producer of lottery tickets,
electronic lottery tickets, and terminal receipts meets the requirements set out in
these conditions.
2.1
Winning outcomes and control of payout tables
The outcome of random number generators and printed or electronic lottery tickets
shall conform to the established payout table.
The holder of a type approval shall see to it that the Swedish Gambling Authority is
given the opportunity to control conformity with the payout table that has been
established.
Winning lottery tickets may not be supplied separately from losing lottery tickets.
2.2
Events that may cause deviations in the distribution
of winnings
The Swedish Gambling Authority shall be informed immediately if lottery tickets
have gone missing, been subjected to manipulation, or otherwise tampered with.
6(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
2.3
Reference number:
13Li6804
Specific condition for tickets in second-tier draws
Individual tickets in a second-tier draw shall be unique.
2.4
Lottery ticket and game information safeguards
Printed/electronic lottery tickets may not have such physical defects or marks that
make it possible to sort out the winning tickets.
It shall not be possible to read the game information on a sealed lottery ticket.
Sealed lottery tickets shall have safeguards against manipulation and reproduction.
2.5
Deficiencies in lottery ticket qualities
If there are deficiencies in the qualities of lottery tickets such that they entail noncompliance with the type approval conditions, production shall cease and any
existing lottery tickets invalidated. Licence holders shall immediately notify the
Swedish Gambling Authority that production has ceased.
2.6
Changes in production
The holder of a type approval shall immediately inform the Swedish Gambling
Authority of any changes in production.
2.7
Access to information
Parties who have access to information on lottery tickets and random number
generators may not use such information to gain an advantage for the benefit of
themselves or others.
2.8
Specific condition for random number generators
The algorithm on which a random number generator is based shall have been
published in an internationally recognised publication.
2.9
Prize classes for sealed lottery tickets with a
predetermined outcome
Prize class F1
Prize class F1 includes sealed lottery tickets with a predetermined outcome for
which the maximum prize value is 1/33 of the current prevailing price base
amount.
7(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
Prize class F2
Prize class F2 includes sealed lottery tickets with a predetermined outcome for
which the maximum prize value is 1/6 of the current prevailing price base amount.
Prize class F3
Prize class F3 includes sealed lottery tickets with a predetermined outcome for
which the maximum prize value is one (1) of the current prevailing price base
amount.
Prize class F4
Prize class F4 includes sealed lottery tickets with a predetermined outcome for
which the maximum prize value is more than one (1) of the current prevailing price
base amount.
2.10
Prize classes for non-sealed lottery tickets for which
the results are not predetermined
Prize class E1
Prize class E1 includes non-sealed lottery tickets without a predetermined outcome
for which the maximum prize value is 1/33 of the current prevailing price base
amount.
Prize class E2
Prize class E2 includes non-sealed lottery tickets without a predetermined outcome
for which the maximum prize value is 1/6 of the current prevailing price base
amount.
Prize class E3
Prize class E3 includes non-sealed lottery tickets without a predetermined outcome
for which the maximum prize value is one (1) of the current prevailing price base
amount.
Prize class E4
Prize class E4 includes non-sealed lottery tickets without a predetermined outcome
for which the maximum prize value is more than one (1) of the current prevailing
price base amount.
2.11
Prize classes for electronic lottery tickets
Prize class EL1
Prize class EL1 includes electronic lottery tickets for which the maximum prize
value is 1/6 of the current prevailing price base amount.
8(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
Prize class EL2
Prize class EL2 includes electronic lottery tickets for which the maximum prize
value is more than 1/6 of the current prevailing price base amount.
3.
Requirements for sealed lottery tickets with a
predetermined outcome
The following document security requirements shall be met for all prize classes
(F1–F4) concerning sealed lottery tickets with a predetermined outcome.
3.1
Prize class F1
F1.1
It shall not be possible to reseal an open ticket.
F1.2
It shall not be possible to read the game information by passing light
through it.
F1.3
The game information may not produce a raised relief or indent on the
outer surface of the seal.
3.2
Prize class F2
In addition to the requirements for prize class F1, the following document security
requirements shall be met.
F2.4
The ticket shall have copy protection.
F2.5
The ticket shall have a UV security feature.
F2.6
The scratch-off field shall have overprint that conceals game
information and control fields.
3.3
Prize class F3
In addition to the requirements for prize classes F1–F2, the following document
security requirements shall be met.
F3.7
Sealed control fields shall be safeguarded against lifting and reading.
F3.8
It shall not be possible to read the game information by means of static
electricity.
9(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
F3.9
The game information shall not have fixed positions.
3.4
Prize class F4
In addition to the requirements for prize classes F1–F3, the following document
security requirements shall be met.
F4.10
The UV security feature shall be concealed.
F4.11
The game information shall be safeguarded against alteration.
F4.12
The ticket shall have microtext.
F4.13
Production of the ticket shall meet the special conditions set out in
Chapter 7.
4.
Requirements for non-sealed lottery tickets for
which the results are not predetermined
The following document security requirements shall be met for all prize classes
(E1–E4) concerning non-sealed lottery tickets without a predetermined outcome.
4.1
Prize class E1
E1.1
The ticket shall have copy protection.
4.2
Prize class E2
In addition to the requirements for prize class E1, the following document security
requirement shall be met.
E2.2
The ticket shall have a UV security feature.
4.3
Prize class E3
In addition to the requirements for prize classes E1–E2, the following document
security requirements shall be met.
E3.3
The ticket shall have a security pattern.
E3.4
The game information shall be safeguarded against alteration.
10(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
4.4
Reference number:
13Li6804
Prize class E4
In addition to the requirements for prize classes E1–E3, the following document
security requirements shall be met.
F4.5
The UV security feature shall be concealed.
E4.6
The ticket shall have microtext.
E4.7
The ticket must be produced on watermarked paper or paper with a
corresponding level of security. The paper shall have a safeguard
against chemical erasure.
E4.8
Production of the ticket shall meet the special conditions set out in
Chapter 7.
5.
Requirements for electronic lottery tickets
Prize classes EL1 and EL2 shall meet the following document security
requirements.
5.1
Prize class EL1
EL1.1
It shall not be possible, without leaving visible traces, to read the game
information by activating and then returning/resetting the ticket.
EL1.2
The ticket shall have a concealed UV security feature.
EL1.3
The ticket shall have copy protection.
5.2
Prize class EL2
In addition to the requirements for prize class EL1, the following document
security requirements shall be met.
EL2.4
The ticket shall have a control field with overprint.
EL2.5
Electronics and displays shall be safeguarded against manipulation.
EL2.6
The ticket shall have microtext.
11(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
6.
Reference number:
13Li6804
Requirements for terminal receipts
Terminal receipts shall have copy protection.
7.
Requirements on the production of lottery
tickets
7.1
General
It is incumbent upon the holder of a type approval to ensure that the conditions in
this section are met by the producer in the production of lottery tickets.
7.2
Access to premises for inspections
The Swedish Gambling Authority, or designated proxy, shall be given access to
premises where tickets are produced and to the equipment used to produce them.
7.3
Access to information
The Swedish Gambling Authority, or designated proxy, shall be given access to
information necessary for checks and inspections to be performed.
7.4
Management and organisation for production
On the Group level, a Head of Security and stand-in shall be designated. A deputy
shall also be designated for each additional production unit. The Head of Security
must be able to perform their duties and shall report directly to senior management.
An information security officer and stand-in shall also be designated and
responsible for information security in production.
The names of these designated persons shall be provided to the Swedish Gambling
Authority upon request.
7.5
Threat and risk analysis
The lottery ticket producer shall have carried out a systematic threat and risk
analysis regarding security, including information security.
The threat and risk analysis shall be audited annually. The analysis that is in place is
to have been carried out (or audited) within the 12 months prior to the type
approval application.
12(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
A dated contingency plan shall be in place and describe how production could
continue in case of dramatic situations. The plan shall specify key individuals for
each area of responsibility.
7.6
Quality Controller and quality system
A producer of lottery tickets shall have a designated Documentation and Quality
Controller.
The holder of a type approval shall ensure that the producer has a structured and
documented quality system that is customised to the requirements imposed on the
operations.
Incident or deviation reporting shall be included in the quality system and any
shortcomings discovered are to be rectified. There shall also be continuous quality
control during production and clear rules on who has the authority to halt
production and invalidate lottery tickets that have already been produced.
The quality system shall ensure that changes are documented to such an extent that
they are fully traceable should it later become necessary to determine what has been
done and by whom.
The quality system shall be available to employees either on paper or in an
electronic format.
7.7
Premises of the lottery ticket producer
7.7.1
Building design
The outer walls and doors shall be sound and solid in their design. Windows
located less than four metres from ground level or from a ledge must be reinforced
against burglary and equipped with alarms.
Operations shall be conducted in a free-standing building with open surfaces
around the whole of it. Alternatively, a separate part of a building that is also used
for other operations may be used, with additional security safeguards.
Certain premises shall be delimited from each other, considering the security
requirements of various stages of production. This delimiting is to be carried out in
a manner that enables access control (different security zones). Only personnel with
a clear need to be in a particular zone are to have access to it. The zones shall be
properly delimited by walls or stable fencing. All movements through zones must
13(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
take place through access control. Doors between security zones shall be equipped
with automatic closers or issue an alarm when left open.
7.7.2
Entry and exit
The entry and exit of personnel and visitors shall take place through an
arrangement that allows full control and restriction of their passage. All entry and
exit movements shall be registered.
Visitors shall wear a clearly visible visitor’s badge. Visitors are to be kept under
surveillance while in the building and they may not be permitted to move freely
about the building, unless a specific arrangement has been made thereto.
The routines for visitors shall indicate who is responsible for visits by customers,
service personnel, etc. Service personnel shall be given clear instructions as to
which areas they may access. Confidentiality agreements shall be concluded with
frequent service personnel.
It shall not be possible to open emergency exits from the outside. An alarm must
trigger immediately when an emergency exit is opened. Alarms on emergency exits
shall be designed to prevent them being bypassed.
7.7.3
Premises for finished lottery tickets
In order to minimise the risk of theft, finished products and other sensitive material
are to be kept secure and protected.
7.7.4
Deliveries of lottery tickets
Deliveries of lottery tickets from the building are to be taken out through an
interlocking system, the inner door(s) of which are to be kept closed while loading
takes place. The outer doors of the interlock system shall be of the same security
class as other outer doors. Alternatively, the interlocking system can be replaced by
lockable gates around the area. The gates are to be of a type that prevents persons
from gaining access. They shall also have alarms and a CCTV surveillance system.
7.8
Physical security
7.8.1
Intrusion alarm
The intrusion alarm shall be designed as a perimeter protection (early warning)
supplemented with an audible alarm and point protection. The alarm system shall
be designed such that it covers all premises where production takes place and all
areas where lottery tickets or materials for their production are stored.
14(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
The alarm shall be divided into different sectors of the facility. The alarm is to be a
model that triggers when attempts are made to cover alarm components or
otherwise render them inoperable; so-called sabotage protection. Descriptions of
the layout and function of the alarm system may only be communicated to
authorised personnel.
It shall be possible to take the necessary actions upon a triggered alarm at any time
of day or night and any time of year.
The facility, including the emergency exits, shall be equipped with a so-called
daytime alarm that is always armed in order to detect tampering or sabotage.
Alarms may be turned on and off from a central unit or from a separate control
unit for each alarm zone. Any remote controls are to be stored in a secure manner.
Alarms shall be armed when production is finished and there is no longer a reason
for anyone to be on the premises. When arming the alarm, it shall be established
that all parts are functioning.
The alarm system shall be equipped with a backup power supply that ensures full
alarm functionality for at least eight (8) hours. In the event of a power supply fault,
notification of such shall be transmitted to the alarm centre. The alarm functions
shall be inspected and documented annually.
If any point in the intrusion alarm system, such as an alarm on a door, is taken
temporarily offline, surveillance shall be arranged in a suitable manner such that the
security level can be maintained.
7.8.2
Access control and access system
An access control system shall be used to control access to the building. The
system readers/scanners shall work with cards, RFID tags, or the like in
combination with PIN codes or another personalised system. Passage between
premises in different zones must only be possible with an authorised card, RFID
tag, or the like. All entry and exit movements shall be logged.
The central unit and printer shall be physically protected from tampering and access
by unauthorised persons and have authorisation levels for those who must have
access to the central unit.
The access control system shall automatically, or when necessary, be capable of
presenting failed access attempts.
15(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
The access control system shall have sufficient memory capacity to store a record
of entries and exits covering the preceding three full calendar months.
The access control system shall be backed up and the backups shall be stored offsite. Communication between various components of the access control system
shall be configured such as to minimise the risk of manipulation.
The system administrator shall sign a non-disclosure agreement.
The system administrator and others with high-level access to the system shall be
prevented from deleting the log files for their own cards, if this is technically
possible. If this is technically impossible, they shall instead be prohibited from
deleting or modifying their own log files.
Employee access rights shall be reviewed annually or more frequently if the need
arises.
7.9
Handling finished lottery tickets and waste paper
Procedures shall be designed such as to prevent the theft of partially or fully
finished lottery tickets. Work shall be planned such that these tickets are placed in a
space with restricted access or monitored by other means. The same applies to
waste paper (proof sheets, damaged lottery tickets, etc.). It shall be possible to
detect any theft that may have occurred.
Finished lottery tickets shall be placed in a space with restricted access or
monitored premises. They shall be packed in such a manner that one must break an
outer wrapping/casing of some sort in order to get at individual lottery tickets.
Pallets shall be sealed such that the contents cannot be determined. The Swedish
Gambling Authority shall be notified immediately if any tears/breaks are found in
any seal or wrapping/casing.
Secure procedures shall be in place for waste paper management. Invalidated lottery
tickets that are finished or nearly finished shall, if the volume permits, be locked in
containers before destruction. Records shall be kept on all waste paper.
Destruction shall preferably take place on-site without the waste paper being
transported. The destruction shall be carried out in such a manner that more than
one person is always present or such that the destruction is monitored by other
means (such as CCTV). If another facility is engaged for the destruction, it must
take place in a facility that can offer equivalent security and transportation must
take place under secure conditions. Contracts shall be concluded with engaged
16(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
entities. Personnel from the lottery ticket producer shall monitor both the transport
and the destruction.
7.10
Delivery of finished lottery tickets
Loading from the production premises and transport to the customer of finished
lottery tickets must be carried out in such a manner that no lottery tickets can go
missing.
Upon delivery of finished lottery tickets, the exact number of tickets shall be
delivered. This also applies to the number of payouts in the various payout groups
against the established payout table for the lottery.
7.11
Specific conditions for video surveillance
If national legislation permits video surveillance inside and outside the facility, such
surveillance shall be installed where it can be considered necessary to maintain the
level of security.
Recorded material is to be stored for one month and must be made available to the
Swedish Gambling Authority upon request.
The cameras shall be placed such that their fields of view are not obstructed by
stocks or other bulky materials. The exact surveillance areas of the cameras shall be
difficult to determine.
7.12
Information security
7.12.1
Information security in general
The holder of a type approval shall ensure that:
- unauthorised persons are prevented from gaining access to information that
can be used to their own advantage or to the advantage of others,
- stored information cannot be lost, corrupted, or rendered inaccessible,
- computer systems used in production are protected against intrusion by
unauthorised persons, and
- the transfer of information is carried out in a manner that prevents
unauthorised persons from gaining access to it.
The number of authorised users shall be as small as possible, without jeopardising
the operation.
The labelled backup copies are to be tested regularly and securely stored.
17(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
In order to prevent corruption and loss of data, computer systems shall have a
programme or programmes to detect viruses and malware.
It must be ensured that computer systems have been correctly configured.
7.12.2
Game generation and validation
Gaming data shall be generated in such a manner that no unauthorised person can
acquire a complete overview of the locations of winning tickets among the finished
tickets. This also applies to the holders of type approvals.
Those who validate gaming data may not be those who developed the gaming data.
Validation shall be performed prior to production.
When gaming data are transferred to, for example, a printer, it shall be ensured that
the use of the files is documented and that such use takes place in a secure manner.
Printer files containing payout information must be managed in a manner which
ensures that no unauthorised persons can copy them or otherwise misuse or
damage the information. If such information is sent by post on computer media or
the equivalent, a transport alternative must be chosen which ensures the specifics
of the previous sentence.
7.12.3
Computer rooms and technical safeguards for computers
Offices, workstations, and the like from which one has access to computers with
sensitive information shall be located in rooms that are properly separated from
other activities. As few persons as possible are to have access to such rooms and
visitors shall be kept under continuous surveillance.
Servers and other computers with sensitive information shall be placed in rooms
that are specifically customised for that purpose.
Unmanned rooms with computer workstations, as well as server rooms, are to be
locked and equipped with an access control system that has a logging function. The
log from the access control system shall be saved for at least six months. The
alarms for such rooms are to be armed outside of working hours.
Computers that handle sensitive game information shall be located so as to prevent
unauthorised access to them and the information therein. Computers with sensitive
game information shall have a screen saver with password. It shall be impossible or
forbidden for unauthorised or outside persons to download any information.
18(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
Reference number:
13Li6804
Computers that are used for the generation of gaming data may not contain
software that can corrupt or destroy sensitive information. Employees shall be
forbidden from installing on computers any software that is not necessary for the
generation of gaming data and the like.
Computers and networks that contain sensitive game information shall be kept
segregated from other networks. Sensitive information may not be sent unprotected
over wireless networks nor may it be stored unencrypted on laptops.
If information that is crucial to a lottery is sent externally by electronic means or
through intermediate storage on some form of medium, appropriate validation
measures shall be taken to ensure that the information is not corrupted before it is
used for its intended purpose.
Connection to the internet or the like is permitted only on stand-alone computers
or office networks or the equivalent. It the lottery ticket producer nevertheless
considers it necessary to have such a connection directly to a computer that
contains sensitive information, the reason(s) for doing so shall be documented and
presented upon request during inspection.
Unusable data media that contains sensitive information may not leave the lottery
ticket producer except in cases where said producer has ensured their destruction.
The requirement concerning the destruction of unusable data media also applies to
hard discs that are mounted in computers. The destruction of such media shall be
carried out in such a manner that precludes the retrieval of sensitive information.
If other entities must be engaged to service computers that contain sensitive
information, the producer shall ensure that the information does not end up in the
hands of unauthorised persons. Service and repairs of computers that contain
sensitive information shall always be recorded in a logbook.
7.12.4
Personal codes and management of authorisations
Authorised persons shall have personal and unique login codes, the complexity of
which is adapted to the level of security that is to be achieved. Passwords shall
consist of at least eight alphanumeric characters.
The system administration department shall ensure that employee authorisations
are immediately adapted when a job assignment changes or when an employee
leaves their position.
The list of selected codes and the system administrator’s log files are to be
protected. System administrator login codes shall be changed at least every 60 days.
19(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310
16/12/2014
7.12.5
Reference number:
13Li6804
Development work
Systems and software development shall take place outside the operating
environment.
Before new products that are to be used for the generation of gaming data, file
transferring, printing procedures, or other crucial steps of production are put into
service, they shall first be validated through strict and documented control checks
and tests.
7.12.6
System for the replacement of damaged lottery tickets
Reliable procedures shall be in place for the replacement of lottery tickets that have
been damaged during production.
The system for the replacement of damaged lottery tickets shall be validated by the
lottery ticket producer such that it can guarantee that the payout table, distribution
of winnings, and number of tickets ordered by the holder of the type approval are
delivered in conformity to the order.
The connection between the information in the bar code and the prize value may
not be readily apparent.
20(20)
Box 199
Finningevägen 54 B
645 23 Strängnäs
Telephone: 0152-650,100
Fax: 0152-650 180
[email protected]
www.lotteriinspektionen.se
Org. Reg. No: 202100-3310

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz