Check List

Check if the printing related system changes to screen lock status in the case of no-use for a predetermined time, and asks a user to input password for in-use status

Purpose

To review that the printing related system is allowed to access for only the person in charge of related work

Audit resources

Procedure

Verification

Document

Printing process management guide, Game data printing system manual

Product

Game data printing system being operated

Detailed study list and method

-    Check if the screen saver function is set in the game data printing system with password

-    Check if the screen saver is activated in a case where the game data printing system is not operated for a predetermined time, and check if the screen is restored when the printing staff inputs password

-    Check if screen saver password is managed by the printing staff

Check List

Check if all the activities including “start” and “end” of the game data printing system are recorded, and if the records cannot be changed or deleted.

Purpose

To assure that the game data printing records, and the details of events, data changes, and setting changes, which occur in the printing control system, must be used for audit by being correctly recorded. Therefore, these records must not be changed or deleted on purpose by the same system users.

Audit resources

Procedure

Verification

Document

Log, Press diary, Log access right status, System user account, Printing computation management guide

Product

Game data printing system

Detailed study list and method

-    Check if the log management procedures are in place and observed by printing staff

-    Check if the system log can be changed or deleted by the user account using the game data printing system during lottery ticket printing

-    Log recorded by generating various events in the game data printing system

-    Details of log related to operation ( start, end, program settings change, print, etc.) of the game data printing system

Check List

The appropriateness of physical/logical/technical access control for the game data handling system

Purpose

To check if the security control on game data printing system (printing machine controller etc) is established and operational. Here, usually the operational status of server security is checked

Audit resources

Procedure

Verification

Document

Game data generation program system document

Product

Detailed study list and method

-    Check if access to the area in which game data generation system and printing system are located, is restricted to authorized personnel only

-    Check if the monitoring results are recorded when a large number of unspecified personnel secures access

-    Check if the number of personnel with the access right to the game data is kept at minimum

-    Check if the game data generation location is protected by a separate locking device

-    Check if the game data -processing server or PC is isolated from the external network if possible, and if at times of its connection to the external network, a defense measure is devised

-    Check if protection plan is being developed for the game data

Check List

The appropriateness of managerial security activities for game data generation/use/ storage process

Purpose

To check whether managerial security is concerning the generation / use / storage and discard process of game data needed for lottery ticketing is properly implemented. Important matter here is to check the integrity and security of the data from the viewpoint of the game data’s life span.

Audit resources

Procedure

Verification

Document

Game data-related media register, Game data media discard register

Product

Detailed study list and method

Check if the transfer of game data, when the media is used, is performed in a coded format (generation personnel<->audit personnel<->printing personnel<->prize verification structure personnel).

-    The existence of procedure to have the presence of a third party personnel at the time of game data generation to ensure integrity

-    Check if the media storing of game data is not left unattended, and stored in a coded format

-    Check if the media storing of game data is properly disposed after use

-    Check if the game storing media capable of reproduction is treated as top classified level

-    Server or PC that processes game data must not designate a shared folder

-    Server or PC that processes game data must strictly restrict the use of devices susceptible to information leakage such as P2Pprogram and messenger