eCommerce and Online Gaming Regulation and Assurance - eCOGRA

In order for eCOGRA to assess the feasibility and determine the audit fees of conducting an ISO/IEC 27001:2013 certification assessment for your organisation, kindly complete this application form with as much detail as possible and return it to the sender, along with a digital copy of your organisations latest documented ISMS Scope and Statement of Applicability (SoA).

Type of service:

Initial certification

Re-certification

Transfer of certification from another certification body

Would you like to include a pre-certification assessment prior to the main certification audit?

(Pre-certification assessments assist in identifying any major issues and in ensuring readiness prior to the main certification audit)

Yes

Company Details

Physical locations and legal entities included in the scope of the Information Security Management System (“ISMS”)

Please list the physical (geographical) locations in scope for the ISMS and detail the business functions carried out and the primary business language used at each location.

Further below, please also list the names of the legal entities in scope for the ISMS.

Site 1

List of legislation and regulations the organisation complies with (for the country the site is located in)

Site 2

List of legislation and regulations the organisation complies with (for the country the site is located in)

Site 3

List of legislation and regulations the organisation complies with (for the country the site is located in)

Site 4

List of legislation and regulations the organisation complies with (for the country the site is located in)

Legal Entities

Physical locations and legal entities excluded in the scope of the ISMS

Please list the physical (geographical) locations excluded from the ISMS scope and detail the business functions carried out at each location.

Further below, please also list the names of the legal entities excluded from the scope of the ISMS.

Site 1

Site 2

Site 3

Site 4

Legal Entities

1. What is your organisation’s main reasons/objectives for wanting to achieve ISO/IEC 27001:2013 certification?

2. Please provide a brief description of the products/services your organisation provides to its clients/customers.

3. Please provide a brief description of the main processes and operations within the organisation. (Indicate the main business departments/functions in your organisation)

4. What are the organisations operating hours in terms of staff being onsite (Please detail if you have any shift workers and if there are staff onsite at any of the premises 24 hours a day)

5. Technologies (Please provide details of the technologies utilised at your sites, including types of platforms, servers, operating systems, databases, networks and encryption methods used)

6. Does your company outsource any of its ISMS-relevant business processes? (e.g. network management, infrastructure to cloud providers, background checks, etc.)

Yes

(If YES, please provide details)

7. Does your company have any ISO/IEC 27001:2013 certifications granted by any other organisations?

Yes

(If YES, please provide details)

8. Did you use consultants in the implementation or part-thereof of your ISO/IEC 27001:2013 ISMS?

Yes

(If YES, please provide details)

9.Is there any additional information you feel may help us prepare your proposal? (I.e. exclusions from scope,critical ISMS documents, internal audit reviews of the ISMS, current/ planned development of the ISMS etc.)

10.Is there any ISMS information that will not be made available to the audit team?

Yes

(If YES, please provide details)

11.In determining the size of your organisation, kindly provide the following information:

Total number of employees and contractors falling within the scope of the ISMS (whole group or corporation including head office and all sites)?

Effective number of employees falling within the scope of the ISMS (across all locations included in ISMS scope)?

Number of IT system users (across all locations included in ISMS scope)?

Number of physical sites in ISMS scope?

Number of servers (across all locations included in ISMS scope)?

Number of workstations (across all locations included in ISMS scope)?

Number of staff involved in in-house system development and maintenance (across all locations included in ISMS scope)?

How many months/years has your organisation been operating an ISMS?

Has the organisation implemented any other management systems (e.g. an ISO/IEC 9001 quality management system)? If yes, please indicate what type of management system and how many months/years this has been operating for?

Legal significance of non-compliance:
Is prosecution imminent if non-compliant? Will a financial penalty be applied if non-compliant? Will non-compliance lead to goodwill damage?
Is certification a licensing jurisdiction requirement?

Products & Services

Type of service:

Company Details

Site 1

List of legislation and regulations the organisation complies with (for the country the site is located in)

Site 2

List of legislation and regulations the organisation complies with (for the country the site is located in)

Site 3

List of legislation and regulations the organisation complies with (for the country the site is located in)

Site 4

List of legislation and regulations the organisation complies with (for the country the site is located in)

Legal Entities

Site 1

Site 2

Site 3

Site 4

Legal Entities

1. What is your organisation’s main reasons/objectives for wanting to achieve ISO/IEC 27001:2013 certification?

2. Please provide a brief description of the products/services your organisation provides to its clients/customers.

3. Please provide a brief description of the main processes and operations within the organisation. (Indicate the main business departments/functions in your organisation)

4. What are the organisations operating hours in terms of staff being onsite (Please detail if you have any shift workers and if there are staff onsite at any of the premises 24 hours a day)

5. Technologies (Please provide details of the technologies utilised at your sites, including types of platforms, servers, operating systems, databases, networks and encryption methods used)

6. Does your company outsource any of its ISMS-relevant business processes? (e.g. network management, infrastructure to cloud providers, background checks, etc.)

(If YES, please provide details)

7. Does your company have any ISO/IEC 27001:2013 certifications granted by any other organisations?

(If YES, please provide details)

8. Did you use consultants in the implementation or part-thereof of your ISO/IEC 27001:2013 ISMS?

(If YES, please provide details)

9.Is there any additional information you feel may help us prepare your proposal? (I.e. exclusions from scope,critical ISMS documents, internal audit reviews of the ISMS, current/ planned development of the ISMS etc.)

10.Is there any ISMS information that will not be made available to the audit team?

(If YES, please provide details)

11.In determining the size of your organisation, kindly provide the following information:

Total number of employees and contractors falling within the scope of the ISMS (whole group or corporation including head office and all sites)?

Effective number of employees falling within the scope of the ISMS (across all locations included in ISMS scope)?

Number of IT system users (across all locations included in ISMS scope)?

Number of physical sites in ISMS scope?

Number of servers (across all locations included in ISMS scope)?

Number of workstations (across all locations included in ISMS scope)?

Number of staff involved in in-house system development and maintenance (across all locations included in ISMS scope)?

How many months/years has your organisation been operating an ISMS?

Has the organisation implemented any other management systems (e.g. an ISO/IEC 9001 quality management system)? If yes, please indicate what type of management system and how many months/years this has been operating for?

Legal significance of non-compliance:Is prosecution imminent if non-compliant? Will a financial penalty be applied if non-compliant? Will non-compliance lead to goodwill damage?Is certification a licensing jurisdiction requirement?

12. If you are a new client, how did you hear about eCOGRA?

Name & Surname

Position

Digital Signature

Date

Helpful Links

Contact Info

Newsletter Sign Up

Legal significance of non-compliance:
Is prosecution imminent if non-compliant? Will a financial penalty be applied if non-compliant? Will non-compliance lead to goodwill damage?
Is certification a licensing jurisdiction requirement?