Your Security Is Our Priority

    For us, nothing is more important than confidentiality and data security.

    Compliance And authorisations

    Jumbo Interactive takes the security of our platform seriously. We partner with security organisations to ensure that our platform is built, deployed, and maintained securely.

    pasted image 0.png

    Compass Assurance Services https://cas.com.au/ – ISO27001certification of our Information Management Security System (ISMS)

    pasted image 0 (1).png

    ES2 – https://www.es2.com.au/ – Penetration Testing, Incident Simulations and Information Security consultancy

    Office of Liquor and Gaming Regulation (https://www.justice.qld.gov.au/about-us/services/liquor-gaming) – certification of our random number generator (RNG).

    Product Security Features

    Get the compliance, security, and audit logging features that you need.

    • Config policies – Enforce organisational and regulatory compliance with a set of configuration controls
    • Permission System – Tailored admin roles can be created based on a broad set of feature permissions.
    • Regulatory compliance – The platform’s business rules can be configured to comply with state and government regulations around responsible gambling controls.
    • Audit logging – Use audit logs to monitor anomalies, assist in forensics, and demonstrate compliance.
    • Data isolation – Each of our clients operates on its own isolated database.
    • Securing our interfaces – Encryption is employed over the wire using HTTPS for both the customer-facing and administration sites.
    • Two-factor authentication – Our platform can enable two-factor authentication for both clients and customers.
    • Content Delivery Network – We use a world-class CDN that provides key security features such as a web application firewall and DDOS protection.

    Compliance And Certification

    ISO 27001

    image-300x83.png

    Our Information Security Management System is certified ISO27001 compliant.   The goal of the system is to look at Information Security through the lenses of availability, integrity and confidentiality following a risk-based approach.

    See our Statement of Applicability and our ISO 27001 certification.

    Random Number Generator

    Australia: OGR-2432668 Drawmaster v1.1 Certification of Approval

    UK: RNG Certificate UK Jumbo Interactive

    PCI-DSS

    2024-06-06 Certificate of PCI DSS Merchant Compliance.  As part of this, we perform quarterly PCI scans on our application.

    GDPR (in relevant jurisdictions)

    We are committed to the protection of Personal Data and to maintaining the highest possible standards of privacy. We seek to implement practices, procedures, and systems that comply with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”)

     

    Business Practices

    Personnel & Processors

    • Background checks – Employees and contractors must pass a work history check and sign confidentiality agreements.
    • Employee security awareness – Jumbo mandates that new employees attend classes covering security best practices.  All employees undergo a yearly refresher.
    • Engineer security education – Engineers are required to undergo additional technical security training.
    • Policies – We maintain various security policies which are maintained and communicated by our security management team.
    • Partner management – We require all partners and third-party vendors to fill out a security questionnaire. Partners and suppliers are monitored.

    Security Incident Response

    • Response team – We maintain an Incident response team.
    • Response policy + plan – We maintain an Incident Management Process and playbooks to facilitate decision-making during critical situations.
    • Communication – Network and security incidents are published to clients.
    • Vulnerability Reporting – we offer a way for 3rd parties to report vulnerabilities to us.

    Network & Data Security

    Network Security

    Internal systems auditing – We maintain a formal audit programme governing application events, system events, hardware events, and physical access. This includes the what, when, and where of the event, its source, its object, its outcome, and the person associated with it.

    Architecture – Our architecture consists of multiple layers of data security including a DMZ, bastion hosts, and firewalls.

    Data Security

    Traffic encryption – All data in transit is encrypted via TLS and SSH.

    Data Backup – We maintain a Data Backup Policy that requires restoration capabilities within typical industry timelines.

    Application Security

    Secure Development

    Secure coding – Our Secure Development Policy & Test Policy dictates delivery, review and merge processes to minimise rollbacks, downtime, design flaws and security incidents.

    Site Reliability – We employ monitoring tools to ensure the application security layers are consistently maintained.

    Application-Level Security

    OWASP Top 10 – Our application is designed to withstand OWASP Top 10 matters such as injections, broken authentication and session management, cross-site scripting (XSS), insecure direct object references, missing function level access control, cross-site request forgery (CSRF), unvalidated redirects and forwards.

    Application penetration testing – Third-party penetration testers are hired yearly to test the application for vulnerabilities. Coverage ranges from OWASP Top 10 to threat modelling of new product features.

    Was this article helpful?
    0 out of 0 found this helpful