For us, nothing is more important than confidentiality and data security.
Compliance And authorisations
Jumbo Interactive takes the security of our platform seriously. We partner with security organisations to ensure that our platform is built, deployed, and maintained securely.
Compass Assurance Services https://cas.com.au/ – ISO27001certification of our Information Management Security System (ISMS)
ES2 – https://www.es2.com.au/ – Penetration Testing, Incident Simulations and Information Security consultancy
Office of Liquor and Gaming Regulation (https://www.justice.qld.gov.au/about-us/services/liquor-gaming) – certification of our random number generator (RNG).
Product Security Features
Get the compliance, security, and audit logging features that you need.
- Config policies – Enforce organisational and regulatory compliance with a set of configuration controls
- Permission System – Tailored admin roles can be created based on a broad set of feature permissions.
- Regulatory compliance – The platform’s business rules can be configured to comply with state and government regulations around responsible gambling controls.
- Audit logging – Use audit logs to monitor anomalies, assist in forensics, and demonstrate compliance.
- Data isolation – Each of our clients operates on its own isolated database.
- Securing our interfaces – Encryption is employed over the wire using HTTPS for both the customer-facing and administration sites.
- Two-factor authentication – Our platform can enable two-factor authentication for both clients and customers.
- Content Delivery Network – We use a world-class CDN that provides key security features such as a web application firewall and DDOS protection.
Compliance And Certification
ISO 27001
Our Information Security Management System is certified ISO27001 compliant. The goal of the system is to look at Information Security through the lenses of availability, integrity and confidentiality following a risk-based approach.
See our Statement of Applicability and our ISO 27001 certification.
Random Number Generator
Australia: OGR-2432668 Drawmaster v1.1 Certification of Approval
UK: RNG Certificate UK Jumbo Interactive
PCI-DSS
2024-06-06 Certificate of PCI DSS Merchant Compliance. As part of this, we perform quarterly PCI scans on our application.
GDPR (in relevant jurisdictions)
We are committed to the protection of Personal Data and to maintaining the highest possible standards of privacy. We seek to implement practices, procedures, and systems that comply with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”)
Business Practices
Personnel & Processors
- Background checks – Employees and contractors must pass a work history check and sign confidentiality agreements.
- Employee security awareness – Jumbo mandates that new employees attend classes covering security best practices. All employees undergo a yearly refresher.
- Engineer security education – Engineers are required to undergo additional technical security training.
- Policies – We maintain various security policies which are maintained and communicated by our security management team.
- Partner management – We require all partners and third-party vendors to fill out a security questionnaire. Partners and suppliers are monitored.
Security Incident Response
- Response team – We maintain an Incident response team.
- Response policy + plan – We maintain an Incident Management Process and playbooks to facilitate decision-making during critical situations.
- Communication – Network and security incidents are published to clients.
- Vulnerability Reporting – we offer a way for 3rd parties to report vulnerabilities to us.
Network & Data Security
Network Security
Internal systems auditing – We maintain a formal audit programme governing application events, system events, hardware events, and physical access. This includes the what, when, and where of the event, its source, its object, its outcome, and the person associated with it.
Architecture – Our architecture consists of multiple layers of data security including a DMZ, bastion hosts, and firewalls.
Data Security
Traffic encryption – All data in transit is encrypted via TLS and SSH.
Data Backup – We maintain a Data Backup Policy that requires restoration capabilities within typical industry timelines.
Application Security
Secure Development
Secure coding – Our Secure Development Policy & Test Policy dictates delivery, review and merge processes to minimise rollbacks, downtime, design flaws and security incidents.
Site Reliability – We employ monitoring tools to ensure the application security layers are consistently maintained.
Application-Level Security
OWASP Top 10 – Our application is designed to withstand OWASP Top 10 matters such as injections, broken authentication and session management, cross-site scripting (XSS), insecure direct object references, missing function level access control, cross-site request forgery (CSRF), unvalidated redirects and forwards.
Application penetration testing – Third-party penetration testers are hired yearly to test the application for vulnerabilities. Coverage ranges from OWASP Top 10 to threat modelling of new product features.