Current through Register Vol. 43, No. 49, December 5, 2024
Section 112-107-31 - Remote system access(a) In emergency situations or as an element of technical support, an employee of a gaming supplier may perform analysis of, or render technical support with regard to, a facility manager's electronic gaming monitoring system, casino management system, player tracking system, external bon-using system, cashless funds transfer system, wide-area progressive system, gaming ticket system, or other approved system from a remote location. All remote access to these systems shall be performed in accordance with the following procedures:(1) Only an employee of a gaming supplier who separately holds an occupation license under article 103 may remotely access a system sold, leased, or otherwise distributed by that gaming supplier for use at a gaming facility.(2) The gaming supplier shall establish a unique system account for each employee of a gaming supplier identified by that supplier as potentially required to perform technical support from a remote location. All system access afforded pursuant to this regulation shall meet the following requirements: (A) Be restricted in a manner that requires the facility manager's management information systems department to receive prior notice from the gaming supplier of its intent to remotely access a designated system;(B) require the facility manager to take affirmative steps, for each instance of access, to activate the gaming supplier's access privileges; and(C) be designed to appropriately limit the ability of any person authorized under this regulation to deliberately or inadvertently interfere with the normal operation of the system or its data.(3) A separate log shall be maintained by both the gaming supplier and the facility manager's management information systems department. Each log shall contain, at a minimum, the following information:(A) The system accessed, including manufacturer, and version number;(B) the type of connection;(C) the name and license number of the employee remotely accessing the system;(D) the name and license number of the employee in the management information systems department activating the gaming supplier's access to the system;(E) the date, time, and duration of the connection;(F) the reason for the remote access, including a description of the symptoms or malfunction prompting the need for remote access to the system; and(G) any action taken or further action required.(4) All communications between the gaming supplier and any of the systems identified in subsection (a) shall occur using a dedicated and secure communication facility which may consist of a leased line approved in writing by the executive director.(b) Each modification of, or remedial action taken with respect to, an approved system shall be processed and approved by the commission either in accordance with the emergency modification provisions of K.A.R. 112-107-3(l) or as a standard modification submitted under K.A.R. 112-107-3(h).(c) If an employee of a gaming supplier is no longer employed by, or authorized by, that manufacturer to remotely access a system pursuant to this regulation, the gaming supplier shall notify, by the end of that business day, the commission and each facility manager that has established a unique system account for that employee of the change in authorization and shall verify with each facility manager that any access privileges previously granted have been revoked.(d) All remote system access shall be performed in accordance with article 110.(e) Each facility manager authorizing access to a system by a gaming supplier under this regulation shall be responsible for implementing a system of access protocols and other controls over the physical integrity of that system and the remote access process sufficient to ensure appropriately limited access to software and the system-wide reliability of data. Kan. Admin. Regs. § 112-107-31
Authorized by and implementing K.S.A. 2007 Supp. 74-8772; effective April 24, 2009.