S.D. Admin. R. 20:18:35.01:08

Current through Register Vol. 51, page 67, December 16, 2024
Section 20:18:35.01:08 - Integrity and security assessment - Report

The full independent information technology security professional's report on the assessment must be submitted to the executive secretary no later than 30 days after the assessment is conducted and must include:

(1) A scope of review;
(2) The name and company affiliation of the individual or individuals who conducted the assessment;
(3) The date of assessment;
(4) Findings;
(5) Recommended corrective action, if applicable; and
(6) The licensee's or sports wagering services provider's response to the findings and recommended corrective action.

Where approved by the executive secretary, it is acceptable for the independent information technology security professional to leverage the results of prior assessments within the past year conducted by the same professional against standards from the International Organization for Standardization, the International Electrotechnical Commission, the National Institute of Standards and Technology, the Payment Card Industry, or equivalent. Such leveraging shall be noted in the professional's report. Components unique to the state must be given fresh assessments.

S.D. Admin. R. 20:18:35.01:08

48 SDR 014, effective 8/22/2021

General Authority: SDCL 42-7B-7, 42-7B-11(13).

Law Implemented: SDCL 42-7B-2.1(1), 42-7B-43.