Product Certification

---

eCOGRA’s Online Gambling Certification System uses product schemes that are classified as Type 1a schemes in accordance with ISO/IEC 17067:2013.

Online gambling products are certified against jurisdictional requirements based on a client’s request. Conformity assessments are conducted in accordance with ISO/IEC 17025:2017; ISO/IEC 17020:2012 and 17065:2012.

Online gambling products include, but are not limited to:

• RNG driven games (Slots, table games, virtual sports, video poker, etc);
• Betting products (real event-based wagering);
• Random number generators;
• Casino platforms and websites;
• Internal control systems including regulator reporting systems; and
• Information security management systems.

---

The certification system incorporates the requirements of:

• ISO/IEC 17020:2012 Conformity assessment — Requirements for the operation of various types of bodies performing inspection
• ISO/IEC 17025:2017 Testing and calibration laboratories
• Jurisdictional specific requirements / standards / specifications

Use of certificates

eCOGRA is the owner of the certification system and controls all decisions on certifications. Certification agreements provide all the information to the client regarding the use of certificates.

Incorrect or fraudulent references to the certification system or the misleading use of certificates and other misleading mechanisms for indicating a product is certified, found in documentation or other publications, shall be dealt with by eCOGRA in a suitable manner.

Management of impartiality

Conformity assessment activities are undertaken impartially and structured and managed in a way to safeguard impartiality. eCOGRA ensures that all staff and committees that are involved in the conformity assessment activities are not exposed to commercial, financial, or other pressures that could compromise their objectivity and independence. To obtain and maintain independence, eCOGRA’s decisions are based on objective evidence of conformity (or nonconformity) obtained and its decisions are not influenced by other interests or by other parties.

Liability and financing

eCOGRA ensures that potential liabilities/risks arising from its certification operations are mitigated and the amount of professional indemnity insurance cover reflects the risks associated with the services provided, which covers all geographic locations and all activities of eCOGRA’s operations. eCOGRA ensures that it has the financial stability and resources required for all its conformity assessment activities.

Non-discriminatory conditions

eCOGRA makes its services available to all applicants whose activities fall within the scope of eCOGRA’s operations. The policies and procedures under which eCOGRA operates, ensures that there is neither discrimination towards potential applicants nor an inhibition of access by potential clients.

Confidentiality

eCOGRA, through legally enforceable agreements, has policies and arrangements to manage the confidentiality of all information obtained or created during the performance of conformity assessment activities at all levels of its organisation. eCOGRA informs the client, in advance, of the information it intends to place in the public domain. All other information, except for information that is made publicly accessible by the client, is considered as confidential and not shared. Information about a client that is obtained from sources other than the client, shall be treated as confidential.

Publicly available information

eCOGRA maintains and provides all relevant information via online media platforms or upon request. Online platforms include the eCOGRA website and LinkedIn.

Maintenance and improvement of System

eCOGRA will review the effectiveness of the system on a periodic basis in order to confirm its validity and to identify aspects requiring improvement, considering feedback from stakeholders. The review will include provisions for ensuring that the system requirements are being applied in a consistent manner.

Resources

eCOGRA ensures that it has competent resources available to meet company, client and jurisdictional requirements. Competence is monitored on an ongoing basis.

---

All clients applying for certification services shall provide eCOGRA with the necessary information, including but not limited to:

• Details of the product to be certified (name, version, etc.);
• Relevant assessable jurisdictional requirements related to the product;
• Details of the client (name, physical addresses, relevant legal obligations, etc.);
• General information of the client (human and technical resources, relationship to a parent organisation, etc.);
• Information concerning all outsourced processes used by the client that will affect its conformity to requirements. This includes other legal entities for producing the certified products;
• All other information needed in accordance with the relevant certification requirements.

Application review

eCOGRA conducts a review of the information obtained from the client submission to ensure that:

• The information about the client is sufficient to conduct the certification process;
• Differences in understanding between the client and eCOGRA are resolved, including the agreement of standards and other normative documents;
• The scope of certification requested is defined;
• eCOGRA has the resources available, competence and capability to perform all evaluation and certification activities.

Evaluation

Based on the scope of the client’s certification needs, the client will be assigned a client relationship manager that will manage the certification activities. The client relationship manager will ensure that the work that needs to be conducted is assigned to competent staff.

The scope of certification is based on a combination of the client’s request and jurisdictional specific requirements. The client relationship manager ensures that the evaluation of the client’s product does not fall outside the agreed scope.

Review

Once the evaluation process has been completed, an indepedent review of all the documentation, information and results is performed by senior management not involved in the evaluation process.

Certification decision

eCOGRA is responsible for and retains authority for its decisions relating to certification. The certification decision is decided by at least a single senior management member based on information, results, independent review and other relevant findings during the entire certification process. In some cases, the certification decision is assigned to multiple senior management members. All certification decisions are made by eCOGRA.

If eCOGRA decides to grant the certification, the client will be provided with a final certification report that provides information on the certification findings in accordance with the agreed upon scope. If eCOGRA decides not to grant the certification, it shall notify the client and provide the reasons for this decision.

eCOGRA will issue the client with a formal certificate in accordance with the following conditions:

• A decision to grant or extend the certification has been made;
• Certification requirements are fulfilled;
• The certification agreement has been signed.

Directory of certified products

eCOGRA maintains a directory of all certified products. This includes all working documents as well as the formal certificate of the certified product. The information retained includes, but is not limited to:

• Identification of the product;
• The standards and other normative documents to which conformity has been certified;
• Identification of the client.

eCOGRA will make available the required documents to relevant parties upon request.

Changes affecting certification

eCOGRA works in a dynamic and evolving industry and therefore requirements and standards are updated and changed often. In the case that International or jurisdictional requirements/standards/specifications are updated or changed, eCOGRA will communicate these updates and changes to all affected clients. eCOGRA will then verify the implementation of the changes by the client and shall act accordingly.

In cases where the client has initiated changes, eCOGRA will review, verify and take appropriate actions regarding the certification.

Termination, reduction, suspension, or withdrawal of certification

eCOGRA performs ‘point in time’ product certifications with records of digital signatures of critical software evaluated where applicable. Therefore eCOGRA would not ordinarily suspend certifications, but rather supersede them upon additional conformity assessment.

When a non-conformity with certification requirements is substantiated, eCOGRA will consider and decide upon appropriate action. This includes but is not limited to:

• Superseding of the certification once non-conformity has been rectified and re-assessed;
• Withdrawal of the certification if information from client is not correct; or
• Termination of the certification if non-conformities are not addressed.

Where a product has had a major update, eCOGRA shall perform all the relevant assessments to ensure that the product meets all relevant requirements. Once the conformity assessment staff have confirmed that the product meets the relevant requirements, eCOGRA shall draft a new certificate with the updated details and supersede the previous certificate.

eCOGRA reserves the right to withdraw its certification if any non-conformities are subsequently detected by or reported to eCOGRA.

Complaints and appeals

eCOGRA considers the professional handling of complaints, appeals and feedback from clients and staff to be very important.

Complaints about eCOGRA should be addressed via an email to the Chief Executive Officer of eCOGRA (info@ecogra.org). If the complaint involves the Chief Executive Officer, then the complaint is to be addressed to the Board of Directors of eCOGRA (info@ecogra.org).

Upon receipt of a complaint, eCOGRA will investigate the matter and deal with the complaint fairly and promptly.

The person or entity responsible for submitting the complaint will be kept informed of the results of the investigation and the outcome determined.

eCOGRA is responsible for all decisions at all levels of the complaints and appeals handling process. eCOGRA ensures that any submission, investigations, and decisions on appeals shall not result in any discriminatory actions against the organisation or individual making the appeal (appellant).

Certification agreement

eCOGRA has established legally enforceable agreements for the provisions of conformity assessment activities it undertakes with its clients. The agreements cover all eCOGRA’s office sites and facilities, as well as all clients’ sites and facilities.

By completing and signing the certification agreement, the client agrees to fulfil the certification requirements which include but are not limited to:

• Implement appropriate changes when they are communicated by eCOGRA;
• Ensure certified products continue to fulfil the product requirements;
• Make necessary arrangements for conducting product evaluation (examining documentation and records, access to relevant equipment, personnel and locations), investigation of complaints and participation of observers (if applicable);
• Make claims about certification that is consistent with the scope of certification;
• Do not use their product certifications in a manner that could bring eCOGRA into disrepute, as well as not make any statements regarding their product certifications that eCOGRA may find misleading;
• Discontinue all advertising matter that contains product certification references upon suspension, withdrawal or termination of certification;
• Provide copies of the certification documents to others only in their entirety;
• Comply with requirements from eCOGRA when referring to the product certification;
• Comply with eCOGRA requirements regarding the use of conformity marks;
• Retain records of all complaints made known to the client relating to compliance with certification requirements and make these records available to eCOGRA upon request.
• Inform eCOGRA, without delay, on any changes that may affect the client’s ability to conform with the certification requirements.