Why ISO 27001 Certification?

ISO/IEC 27001 is an internationally recognised information security management standard which assists organisations in identifying and managing risks to information security. It considers confidentiality, integrity, and availability requirements across all relevant business operations.

eCOGRA is the first testing agency that specialises in online gambling to have been awarded ISO/IEC 17021-1:2015 accreditation, which is a prerequisite for carrying out third-party ISO/IEC 27001 audits and accredited certifications of Information Security Management Systems (‘ISMS’).

It is evident that online gambling regulators are already moving towards requiring licence holders and their service providers to obtain ISO/IEC 27001 certification. Jurisdictions such as Czech Republic, Colombia, Denmark, Great Britain, Greece, Portugal, Romania, Spain, Sweden and Switzerland currently waive certain security auditing requirements if licence holders are ISO/IEC 27001 certified, enabling the independent regulatory testing and certification process to be expedited with potentially significant cost savings, less effort and a quicker time to market.

Benefits of Certification

An ISMS certified to ISO/IEC 27001 provides defensible due diligence for various stakeholders.

Certification allows your company to go one step further by offering your customers the peace of mind that you have the best controls in place to identify and reduce any risks to confidential information.

A demonstration of trust and credibility to players and other stakeholders, that sensitive information is appropriately secured and managed in accordance with an internationally recognised standard;

Cost savings and reputational protection through reduction in security incidents;

Improvement of an organisation’s ability to recover from disasters and continue business as usual;

The implementation of a management system that assists in identifying information security risks consistently and proactively, and mechanisms to manage or reduce these risks;

An appropriate internal control environment for sustaining and supporting organisational growth;

Creating a business differentiator (competitive advantage) over similar organisations in the industry;

Provision of significant third-party attestation that an organisation has successfully structured its processes into a management system that ensures confidentiality, integrity, and availability of information assets pursuant to the requirements of regulators, applicable laws and business needs; and

Augmentation of management confidence in the information security arrangements.


Precertification and GAP Analysis

eCOGRA can provide GAP analysis services against ISO/IEC 27001:2013 clauses 4-10, or a pre-certification assessment against ISO/IEC 27001:2013 clauses 4-10 and the Annex A Controls, to assist client's in being ready for final certification.


We pride ourselves on our independence and integrity, and we are committed to ensuring that the work conducted by our employees demonstrates the highest possible standard of professionalism.

eCOGRA ensures all its employees are free from any undue internal and external commercial, financial and other pressures and influences that may adversely affect the quality of their work.

We have implemented policies and procedures to avoid involvement in any activities that would diminish confidence in our competence, impartiality, judgment, or operational integrity.

eCOGRA has instituted an independent Impartiality Committee. The purpose of the Committee is to help safeguard the integrity of eCOGRA's inspection and certification activities, by enabling a consultation between appropriate third parties to advise on matters affecting impartiality within eCOGRA including openness and public perception.



eCOGRA takes complaints against itself or its clients seriously.

Complaints about eCOGRA should be addressed via an email to the Chief Executive Officer of eCOGRA ( If the complaint involves the Chief Executive Officer, then the complaint is to be addressed to the Board of Directors of eCOGRA (

Upon receipt of a complaint, eCOGRA will investigate the matter and deal with the complaint fairly and promptly.

The person or entity responsible for submitting the complaint will be kept informed of the results of the investigation and the outcome determined.

Complaints against eCOGRA or its clients are not made public unless required by a court of law. eCOGRA clients may appeal certification and/or suspension decisions made by the company, when the client believes the assigned audit team has not provided a suitable resolution.

Appeals should be addressed via an email to the Chief Executive Officer of eCOGRA ( The client will be informed of the decision resulting from the appeal.