WLA-SCS: 2020

everything you need to know to ensure your lottery operations are safe, secured, & operating with integrity.

Streamlining Lotteries' Security Control Standards To Optimize Operations

There's no surprise that cyber attacks continue to rise. Not only are the numbers growing but cyber threats are becoming more sophisticated too. 86% of data breaches were financially motivated and will attack any type of organization, even lotteries.* Cyber threats can come from external and internal sources. Either way, the fallout from a security breach can be catastrophic. And if you operate in highly regulated industries, like lotteries then your risks are amplified.


70% of cyber attacks come from external sources - it's critical to safeguard your lottery operations more than ever.*

Lotteries must ensure player protection and gaming integrity at the forefront to have a successful operation.  It is critical that lotteries continuously assess their security to understand risks and to determine a corrective action plan. The World Lottery Association (WLA) Security Control Standard (SCS) certification continues to be a best practice for lottery security. They've made recent changes to the WLA-SCS: 2020 to simplify and streamline the certification process. We'll walk you through the changes and how our Bulletproof team can help you.

*2020 Verizon Data Breach Report

World Lottery Association Logo

The WLA Security Control Standard

According to WLA, the WLA Security Control Standard is the lottery sector's only internationally recognized security standard. It assists lotteries around the world in obtaining a level of security controls in line with generally accepted best practices, to enable an increased reliance on the integrity of lottery operations. The WLA SCS specifies the required practices for an effective security management structure by which a lottery may maintain the integrity, availability, and confidentiality of information vital to its secure operation.


Untitled design (10)The WLA-SCS is drafted and updated by the WLA Security and Risk Management Committee.

Untitled design (11)The committee includes experts from lottery and gaming operators from around the world.

Current security & integrity practices used in the industry are compared & approved by lottery experts. 

Key Highlights of WLA-SCS: 2020 Changes

Below you will find key highlights of the WLA-SCS: 2020 changes that were implemented to streamline the certification process. To access the full WLA-SCS: 2020 briefing, please click on the button to the right. 


1 Newly structured security standard addressing lottery operators, lottery technology suppliers and multijurisdictional games.
2 Truly international recognized standard with increase in the inclusiveness of audiences and the quality of the standard and resulting certifications.

Two level certification providing easier access to WLA certification:

  • Level 1: For lottery operators, does not require ISO/IEC 27001 certification as prerequisite.
  • Level 2: Full certification for Lottery operators, lottery technology suppliers, and vendors.
4 Access to WLA certification for US lotteries subject to conform to MUSL rules providing Level 1 WLA certification, thus enabling a lottery operator to certify against WLA-SCS:2020. To be granted the WLA-SCS Level 1 certificate, the WLA Regular Member must successfully pass the assessment against the applicable controls of the WLA-SCS. For a period of three years, extending until October 31, 2023, MUSL lotteries certified to MUSL Rule 2 automatically qualify for WLASCS:2020 Level 1 certification.
5 Live (wiki) Code of Practice provides guidance for control interpretation, implementation, and compliance.
6 Transition rules allow WLA certified organizations two years to adopt WLA SCS:2020. Organizations wishing to initially certify have six months where they can choose to certify to WLA SCS:2016 or WLA SCS:2020.
7 WLA SCS:2020 certification program provides global access to WLA Assessment Service Entities (ASE) and WLA accredited auditors.


Securing Lotteries From The Start


Our knowledge of lotteries and the gaming industry provides tremendous value to your organization. Our comprehensive portfolio of best-in-class solutions includes significant expertise in cybersecurity, enabling us to bolster our existing security services for Lotteries. When you complement your existing resources with our deep technical proficiency and the expertise of our industry-certified IT professionals, the result is tailored solutions that meet your specific business needs at a fraction of traditional in-house setup costs. Companies rely on us for accurate and up-to-date professional risk assessment, audit, testing, and advisory services. Our Bulletproof team is here to support you every step of the way. 


Cybersecurity Solutions To Minimize Your Risk and Maximize Your Confidence

We offer a wide range of cybersecurity solutions to help lotteries identify risks throughout your business operations. Not only will we help identify the risks and threats, but we will provide the right solutions to help you correct the risks for a better tomorrow. 

Whether you've been the victim of a breach, worry that your last security audit was lacking or you require a risk assessment as part of financial or operational audit requirements, our vulnerability and penetration assessments are a powerful tool to help you proactively manage those risks. 


The average data breach goes undetected for around 200 days.

Comprehensive Solutions To Protect Your Assets

Identify and react to threats to your organization quickly by being proactive from the start. Bulletproof works with lotteries to deliver internal and external vulnerability assessments and penetration testing and firewall assessments to ensure there are no gaps in your defenses.

Protect your lottery reputation against lost shareholder, customer, and public confidence
Protect intellectual property (IP) from external and internal threats
Detect breaches and risks quicker and know if threats are real or "false positives"
Safeguard against insider theft, fraud or malicious activity
Validate network security and the safety of customer
Comply with vulnerability and penetration testing requirement as part of your financial audit
Gap Assessment helps you prepare for a PCI audit

Cybersecurity Solutions:

Internal & external vulnerability assessments and penetration testing

Bulletproof will gather all possible known vulnerabilities against a published vulnerabilities database and scan all ports for possible areas that will help a hacker gain access to the property network.

Threat Risk Assessment (TRA)

Bulletproof will conduct a thorough TRA to identify risks early in the system development/delivery life cycle. Risks that are identified early on will reduce costs and better secure the organizations system and data. Bulletproof will provide an assessment of all the security weaknesses and provide options how you can better strengthen your security.

Social engineering

Social engineering can be broken into two types: human-based and technology-based. Human-based refers to a person-to-person interaction to obtain the desired action. Technology-based refers to having an electronic interface that attempts to retrieve the desired outcome. Within in these two types of attacks there are numerous attack techniques that can be used.

Web application security assessments

Bulletproof will validate the security of the submitted application. This will enable Bulletproof to identify possible vulnerabilities or holes in the application that a potential hacker might use to circumvent the intended operation of the application. Our Web application testing methods are used in conjunction with the OWASP methodology.

IT security policy and procedure reviews

Bulletproof applies a holistic approach to assessing your organization's information security policies and procedures. Bulletproof integrates our understanding of your security goals with our experience in achieving best practices compliance. Bulletproof verifies that your policies conform to the controls established in the ISO 27001 Industry Leading IT Security Standard. The goal of every information security program is to maintain the confidentiality, integrity, and availability of data.

PCI Health Check

Bulletproof will review as a combination of documentation/evidence review and onsite discussions. We will identify documentation that we require for review prior to the planning meeting and during the scope validation exercise.

Virtual Chief Information Security Officer

Through our vCISO service, you can leverage a block time retainer with a CISO to advise on governance and policy, security architecture, incident response and remediation, or vendor selection of IT Security products. A vCISO provides all the benefits of a CISO without the associated overhead costs. Our vCISO service gives you direct access to top tier security experts, who will manage you through your cybersecurity program, working for your organization and ensuring your information stays secures, reducing the risk – and exposure – of a cyber-attack.


Quality Assurance & Testing To Reduce Your Time-to-Market, Lower Costs, and Mitigate Risk

Quality is never a coincidence. Producing top-tier products takes time, calculated effort, and expertise that’s derived only from years of experience. Furthermore, when you’re dealing with software in an increasingly complex digital landscape, security needs to be a top priority to mitigate risk. For large or complex projects, you need a team of professionals who can bring strategic thinking, objectivity, and a strong regard for security to the table. 

Bulletproof’s QA & testing team brings an unbiased perspective to your QA practices. We assess your processes, identifying gaps and opportunities for optimization. Then, we deliver a formal report which outlines our findings and strategic recommendations, including an improvement roadmap that will help you take the right next steps.

software development cycle

Bulletproof offers the following solutions to meet your lottery needs:

Functional Testing This type of testing is the process of applying industry best-practice testing methodologies to support today’s development processes. Some test methodologies employed include: system integration, user acceptance, mobile, compatibility and interoperability, usability, localization, and data warehousing BI testing. This testing is performed against the business and system requirements of the application and involves the complete integration of the end-to-end system.
Load & Performance Testing Our performance testing is the process of evaluating an application or system against performance requirements through analysis, tuning, optimization or refactoring. This testing includes validating response times, throughput and finding breaking points using load, stress, endurance, volume and scalability testing techniques.
Test Automation Process of automating repetitive but necessary tests in a formalized testing process such as regression tests but does not replace manual testing. The automation tests augment the testing suite to improve test coverage, efficiency and speed to market.
QA Assessment Process of providing an independent review of the Quality Assurance and Quality Control processes employed in the SDLC to determine the methodologies, processes, policies and procedures that may or may not be in place. At the conclusion of a QA Assessment, a report of findings including an Improvement Roadmap, will be provided with recommendations for implementation.
book meeting

Discover How To Optimize Your Lottery Operations with First-Class IT Security Services

We work with you to identify opportunities for improvement in your systems and form a customized plan to help meet your lottery’s security goals. Ready to learn more about how Bulletproof’s services can help your lottery succeed? Book a meeting today! 


Security Aware Icon


A whopping 95% of cyber-attacks and incidents exploit unsuspecting and uninformed employees.*

Bulletproof’s Security Aware service is the only user awareness solution in market today that solves the difficult problem of end user adoption and buy in. With Security Aware, you can transform your people from cybercrime targets to active contributors to your cybersecurity.


*IBM X-Force Threat Intelligence Index

Why Bulletproof?


  • Microsoft 2021 Global Security Partner of the Year Winner.
  • Microsoft Solutions Partner for Modern Work + Security, specializing in Threat Protection and Cloud Security.
  • Decades of technology, compliance, and security knowledge serving various industries of all sizes​.
  • We work with top gaming organizations, lotteries, U.S. Tribal Nations, government and local organizations, etc. across the globe. ​
  • Users on six continents trust Bulletproof to strengthen their IT & security posture.
  • State-of-the-art 24/7 Security Operations Centre (SOC).​
  • Our security professionals hold industry-recognized certifications, including ISO/IEC 27001, WLA-SCS, CISSP, CISA, CEH, CPT, OSCP, and PCI-QSA.​
  • Awarded GSA Multiple Award Schedule (MSA) with holder of Highly Adaptive Cybersecurity Services (HACS)​.
  • Member of the Microsoft Intelligent Security Association. 

Microsoft Solutions Partner Logo White Transparent

“These remarkable partners have displayed a deep commitment to building world-class solutions for customers—from cloud-to-edge—and represent some of the best and brightest our ecosystem has to offer.”

-Rodney Clark, Corporate VP, Global Partner Solutions, Channel Sales and Channel Chief, Microsoft

Call Us