Louisiana Administrative Code
Title 42 - LOUISIANA GAMING
Part III - Gaming Control Board
Chapter 28 - Casino Computer Systems
Section III-2803 - Assessment Audits
Current through Register Vol. 50, No. 9, September 20, 2024
A. A licensee and casino operator shall develop and maintain computer systems and procedures in compliance with standards recognized as industry accepted "information security standard" as selected by the licensee or casino operator.
B. A licensee and casino operator shall, no later than 36 months from its last assessment, submit the results of an independent network security risk assessment to the division for review, subject to the following requirements:
C. At the discretion of the division, additional network security risk assessments may be required.
D. A licensee and casino operator shall periodically, but no later than 36 months from its last assessment, assess the risk to operations, assets, patrons, employees, and other individuals or entities resulting from the operation of the casinos computer systems and the processing, storage, or transmission of information and data. The assessment shall be documented and recorded in a manner that can be displayed or printed upon demand by the board or division and shall be maintained for a period of five years. Licensees and casino operators shall assess the collection of personnel and patron data annually to ensure that only information necessary for the operation of the business is collected and maintained. No unnecessary personal information shall be retained.
AUTHORITY NOTE: Promulgated in accordance with R.S. 27:15 and 24.
