(a) Biennially, at the beginning of the calendar year, the Commission shall engage an independent firm experienced in security procedures, including computer security and systems security, to conduct a comprehensive study and evaluation of all aspects of security in the operation of the Commission and of the Lottery. At a minimum, such a security assessment should include a review of network vulnerability, application vulnerability, application code review, wireless security, security policy and processes, security/privacy program management, technology infrastructure and security controls, security organization and governance, and operational effectiveness.
(b) The portion of the security audit report containing the overall evaluation of the Commission and of lottery games in terms of each aspect of security shall be presented to the Commission, to the Governor, and to the General Assembly.
(c) The portion of the security audit report containing specific recommendations shall be confidential, shall be presented only to the Director and to the Commission, and shall be exempt from Chapter 132 of the General Statutes. The Commission may hear the report of such an audit, discuss, and take action on any recommendations to address that audit under G.S. 143-318.11(a)(1).
(d) Biennially at the end of the fiscal year, in addition to the audits required by G.S. 18C-116 and by subsection (a) of this section, beginning in 2010, the Commission shall engage an independent auditing firm that has experience in evaluating the operation of lotteries to perform an audit of the Lottery. The results of this audit shall be presented to the Commission, to the Governor, and to the General Assembly. (2005-344, s. 1; 2005-276, s. 31.1(i); 2009-357, s. 15.)
Sections: Previous 18C-112 18C-113 18C-114 18C-115 18C-116 18C-120 18C-121 18C-122 18C-130 18C-131 18C-132 18C-133 18C-134 18C-140 18C-141 Next
Last modified: March 23, 2014