Last updated - December, 2024

Purpose

This policy outlines how ScorePlay conducts security assessments to ensure the reliability and security of its systems, processes, and controls. Regular reviews help us identify areas for improvement and ensure we meet both internal goals and external expectations.

Scope

The audit process applies to all key systems, security controls, processes, and procedures at ScorePlay. It covers data protection, system access, infrastructure, and any critical aspects related to the security and stability of our platform.

Audit Approach

Our audits and assessments are planned, practical, and designed to ensure ScorePlay’s systems are secure and performing as expected.

• Frequency: Internal security reviews are conducted at least annually. External audits may occur upon major milestones such as accreditation renewals, significant platform changes, or at the request of key stakeholders.
• Method: We use a mix of documentation checks, technical reviews, and external security testing (like penetration tests) to assess our systems.
• Focus Areas: Key areas include access controls, data encryption, system resilience, and process security.

Audit Process

1. Planning

Audits and reviews are scheduled based on risk and priorities. External audits may be planned around accreditation renewals, major updates, or customer requirements. Plans focus on systems, processes, or areas that impact platform security and reliability.

1. Execution

   Assessments include:

   • Reviewing documentation, policies, and processes.
   • Evaluating technical configurations, security controls, and access systems.
   • Running penetration tests (with external partners) to identify vulnerabilities.

2. Reporting

   A summary report will be prepared following each assessment, including:

   • Findings: Areas for improvement, prioritized by importance.
   • Recommendations: Practical actions to address gaps or strengthen controls.
   • Observations: Notes on current strengths and minor suggestions.

Reports will be reviewed by leadership, and corrective actions will be assigned where needed.

External Audits

External audits may be conducted for a variety of reasons, including:

• Renewal of certifications or accreditations (e.g., SOC 2).
• Customer or stakeholder requirements.