N.J. Admin. Code § 13:70-29A.4

Current through Register Vol. 56, No. 21, November 4, 2024
Section 13:70-29A.4 - Written internal control procedures requirement for the single-pool wagering provider
(a) The single-pool wagering provider shall maintain written internal control procedures that address the following areas:
1. Procedures to demonstrate that the odds calculation engine is subject to an actively managed security policy, which meets auditable recognized information security management standards. The security procedures shall comply and conform to the existing security requirements of the totalisator and hub facility, that is, the in-State location where the totalisator is located;
2. Procedures to effectively operate the odds calculation engine in connection with single-pool wagering, and to protect the fiscal soundness, technical reliability, and integrity of single-pool wagering;
3. Procedures to insure that the odds calculation engine hardware and networked communication infrastructure between the odds calculation engine and totalisator support redundancy sufficient to prevent the implementation from being subject to any single point of failure;
4. Procedures to insure that any extensions of the totalisator requirements, as a result of interfacing with the odds calculation engine, or as a result of changes to hardware or software to the odds calculation engine, including alterations to the calculation engine algorithm or odds calculation engine system software, shall result in successful testing of both the totalisator and odds calculation engine. Prior to implementation of any such changes to the totalisator or odds calculation engine, the totalisator operator and single-pool wagering provider shall each provide a written certification to the Racing Commission, signed respectively by a high managerial agent, certifying that the changes to the equipment and/or software under their control were successfully tested, and such report shall affirmatively disclose any actual or potential concerns as to technical reliability and integrity of wagering. If, however, the totalisator and odds calculation engine are operated by the same Racing Commission licensee, a single certification consistent with this paragraph shall be provided to the Racing Commission;
5. Procedures to insure that any extensions of the odds calculation engine system requirements, as a result of interfacing with the totalisator, or as a result of changes to hardware or software to the totalisator, shall result in successful testing of the totalisator and odds calculation engine. Prior to implementation of any such changes to the totalisator system or odds calculation engine, the totalisator operator and single-pool wagering provider shall each provide a written certification to the Racing Commission, signed respectively by a high managerial agent, certifying that the changes to the equipment and/or software under their control were successfully tested, and such report shall affirmatively disclose any actual or potential concerns as to technical reliability and integrity of wagering. If, however, the totalisator and odds calculation engine are operated by the same Racing Commission licensee, a single certification consistent with this paragraph shall be provided to the Racing Commission;
6. Procedures to insure the secure maintenance of a written record documenting access to the odds calculation engine, including its software, hardware, and any peripheral devices;
7. Procedures to insure that the odds calculation engine allows for an independent integrity check of its devices and software, including the ability to read the critical software files or code of the odds calculation engine for the purpose of performing a cryptographic hash to create an electronic signature of the software; and
8. Procedures to insure that data for reports and logs are maintained directly or through backup for a period equal to the totalisator system's data retention period, which time period shall be identified as part of the procedure.
(b) Where the odds calculation engine is to operate as a separate computer component to the totalisator, or by a single-pool wagering provider other than the totalisator operator, the internal control procedures of the single-pool wagering provider shall additionally address the following areas:
1. Procedures setting forth a defined protocol by which the odds calculation engine and totalisator shall communicate, which communication protocol shall employ methods of error detection and handling;
2. Procedures setting forth a documented method for odds calculation responsibilities to fall back to the totalisator in the event of communication failure;
3. Procedures to insure that logs, automated or otherwise, are maintained showing the detected communication failures and mechanical breakdowns, and if discernible, the cause of the failure. Such procedures shall further insure that logs, automated or otherwise, are maintained showing the resolution or restoration of communications after such failures. Logs shall include times and dates of any failure, and the times and dates of the restoration of communication; and
4. Procedures to allow for the totalisator to perform certain functions of the odds calculation engine where within the existing technological capabilities of the totalisator, including the calculation of single-pool wagering odds calculations in those circumstances where the odds calculation engine is technologically incapable of directly supporting the calculation of odds, and in the event of a mechanical breakdown of the odds calculation engine.

N.J. Admin. Code § 13:70-29A.4