Independent audit and consultancy for licensed remote gambling and software operators required to meet UKGC RTS technical and security obligations.
The Remote Gambling and Software Technical Standards (RTS) detail the specific technical standards and security requirements that all licensed remote gambling operators and gambling software operators must meet as a condition of their UK Gambling Commission licence.
The RTS comprises two principal components: Technical Standards, which govern the integrity and fairness of remote gambling systems and software; and Security Requirements, which are a subset of the ISO/IEC 27001:2022 information security controls mandated by the UKGC for all licence holders.
Simbix provides independent audit and advisory services to help operators demonstrate compliance, identify gaps, and align their security posture with both the RTS and the broader ISO/IEC 27001 framework.
The RTS Technical Standards govern the design, integrity, and operation of remote gambling systems and software. They cover game fairness, random number generation, system availability, data retention, and the software development lifecycle — ensuring that gambling products operate transparently and within the rules of the licence.
The RTS Security Requirements are a mandated subset of the ISO/IEC 27001:2022 information security standard. Operators must demonstrate that information security controls — covering access management, incident response, cryptography, physical security, and supplier relationships — are implemented and operating effectively to protect customer data and system integrity.
Because the RTS Security Requirements are drawn directly from ISO/IEC 27001:2022, operators who pursue or hold ISO 27001 certification are well-positioned to satisfy the UKGC's security obligations. Simbix maps your existing controls against both frameworks simultaneously — reducing duplication and maximising the value of your compliance investment.
We conduct independent, senior-led audits against the full RTS framework — both Technical Standards and Security Requirements — providing operators with the documented assurance needed to satisfy UKGC licensing obligations and demonstrate continuous compliance.
For operators preparing for their first RTS audit or addressing findings from a previous review, we provide a structured gap analysis identifying control deficiencies, prioritised remediation guidance, and re-assessment support to close gaps efficiently.
Where operators are pursuing ISO 27001 certification alongside RTS compliance, our advisors map requirements across both frameworks — avoiding duplication, identifying shared controls, and building a unified compliance programme that satisfies the Gambling Commission and certification bodies simultaneously.
Gambling software operators supplying B2B products to licensed operators face their own RTS obligations. We assess software development practices, testing and release processes, and the security controls embedded in your products — providing the assurance your operator clients require.
RTS compliance is not a one-time exercise. Simbix provides ongoing advisory and annual audit services to ensure your organisation keeps pace with regulatory updates, technology changes, and evolving UKGC expectations throughout the licence period.
We produce clear, board-ready audit reports and compliance attestations suitable for submission to the UKGC and for use in operator due diligence. Our reports identify findings, evidence reviewed, and the assurance opinion in a format regulators and auditors recognise.
Use our free interactive self-assessment tool to evaluate your organisation's compliance against the UKGC RTS Security Requirements — the mandated subset of ISO/IEC 27001:2022 controls.
Work through each control domain, record your status, add findings and evidence notes, and generate a downloadable audit report — all in your browser with no data sent externally.
Remote Gambling Compliance Tool
