WLA-SCS: 2020

everything you need to know to ensure your lottery operations are safe, secured, & operating with integrity.

Streamlining Lotteries' Security Control Standards To Optimize Operations

There's no surprise that cyber attacks continue to rise. Not only are the numbers growing but cyber threats are becoming more sophisticated too. 86% of data breaches were financially motivated and will attack any type of organization, even lotteries.* Cyber threats can come from external and internal sources. Either way, the fallout from a security breach can be catastrophic. And if you operate in highly regulated industries, like lotteries then your risks are amplified.


70% of cyber attacks come from external sources - it's critical to safeguard your lottery operations more than ever.*

Lotteries must ensure player protection and gaming integrity at the forefront to have a successful operation.  It is critical that lotteries continuously assess their security to understand risks and to determine a corrective action plan. The World Lottery Association (WLA) Security Control Standard (SCS) certification continues to be a best practice for lottery security. They've made recent changes to the WLA-SCS: 2020 to simplify and streamline the certification process. We'll walk you through the changes and how our Bulletproof team can help you.

*2020 Verizon Data Breach Report

World Lottery Association Logo

The WLA Security Control Standard

According to WLA, the WLA Security Control Standard is the lottery sector's only internationally recognized security standard. It assists lotteries around the world in obtaining a level of security controls in line with generally accepted best practices, to enable an increased reliance on the integrity of lottery operations. The WLA SCS specifies the required practices for an effective security management structure by which a lottery may maintain the integrity, availability, and confidentiality of information vital to its secure operation.


Untitled design (10)The WLA-SCS is drafted and updated by the WLA Security and Risk Management Committee.

Untitled design (11)The committee includes experts from lottery and gaming operators from around the world.

Current security & integrity practices used in the industry are compared & approved by lottery experts. 

Key Highlights of WLA-SCS: 2020 Changes

Below you will find key highlights of the WLA-SCS: 2020 changes that were implemented to streamline the certification process. To access the full WLA-SCS: 2020 briefing, please click on the button to the right. 


1 Newly structured security standard addressing lottery operators, lottery technology suppliers and multijurisdictional games.
2 Truly international recognized standard with increase in the inclusiveness of audiences and the quality of the standard and resulting certifications.

Two level certification providing easier access to WLA certification:

  • Level 1: For lottery operators, does not require ISO/IEC 27001 certification as prerequisite.
  • Level 2: Full certification for Lottery operators, lottery technology suppliers, and vendors.
4 Access to WLA certification for US lotteries subject to conform to MUSL rules providing Level 1 WLA certification, thus enabling a lottery operator to certify against WLA-SCS:2020. To be granted the WLA-SCS Level 1 certificate, the WLA Regular Member must successfully pass the assessment against the applicable controls of the WLA-SCS. For a period of three years, extending until October 31, 2023, MUSL lotteries certified to MUSL Rule 2 automatically qualify for WLASCS:2020 Level 1 certification.
5 Live (wiki) Code of Practice provides guidance for control interpretation, implementation, and compliance.
6 Transition rules allow WLA certified organizations two years to adopt WLA SCS:2020. Organizations wishing to initially certify have six months where they can choose to certify to WLA SCS:2016 or WLA SCS:2020.
7 WLA SCS:2020 certification program provides global access to WLA Assessment Service Entities (ASE) and WLA accredited auditors.


Securing Lotteries From The Start


Our knowledge of lotteries and the gaming industry provides tremendous value to your organization. Our comprehensive portfolio of best-in-class solutions includes significant expertise in cybersecurity, enabling us to bolster our existing security services for Lotteries. When you complement your existing resources with our deep technical proficiency and the expertise of our industry-certified IT professionals, the result is tailored solutions that meet your specific business needs at a fraction of traditional in-house setup costs. Companies rely on us for accurate and up-to-date professional risk assessment, audit, testing, and advisory services. Our Bulletproof team is here to support you every step of the way. To learn more, you can visit our website here.


Cybersecurity Solutions To Minimize Your Risk and Maximize Your Confidence

We offer a wide range of cybersecurity solutions to help lotteries identify risks throughout your business operations. Not only will we help identify the risks and threats, but we will provide the right solutions to help you correct the risks for a better tomorrow. 

Whether you've been the victim of a breach, worry that your last security audit was lacking or you require a risk assessment as part of financial or operational audit requirements, our vulnerability and penetration assessments are a powerful tool to help you proactively manage those risks. 


The average data breach goes undetected for around 200 days.

Comprehensive Solutions To Protect Your Assets

Identify and react to threats to your organization quickly by being proactive from the start. Bulletproof works with lotteries to deliver internal and external vulnerability assessments and penetration testing and firewall assessments to ensure there are no gaps in your defenses.

Protect your lottery reputation against lost shareholder, customer, and public confidence
Protect intellectual property (IP) from external and internal threats
Detect breaches and risks quicker and know if threats are real or "false positives"
Safeguard against insider theft, fraud or malicious activity
Validate network security and the safety of customer
Comply with vulnerability and penetration testing requirement as part of your financial audit
Gap Assessment helps you prepare for a PCI audit

Cybersecurity Solutions:

Internal & external vulnerability assessments and penetration testing

Bulletproof will gather all possible known vulnerabilities against a published vulnerabilities database and scan all ports for possible areas that will help a hacker gain access to the property network.

Threat Risk Assessment (TRA)

Bulletproof will conduct a thorough TRA to identify risks early in the system development/delivery life cycle. Risks that are identified early on will reduce costs and better secure the organizations system and data. Bulletproof will provide an assessment of all the security weaknesses and provide options how you can better strengthen your security.

Social engineering

Social engineering can be broken into two types: human-based and technology-based. Human-based refers to a person-to-person interaction to obtain the desired action. Technology-based refers to having an electronic interface that attempts to retrieve the desired outcome. Within in these two types of attacks there are numerous attack techniques that can be used.

Web application security assessments

Bulletproof will validate the security of the submitted application. This will enable Bulletproof to identify possible vulnerabilities or holes in the application that a potential hacker might use to circumvent the intended operation of the application. Our Web application testing methods are used in conjunction with the OWASP methodology.

IT security policy and procedure reviews

Bulletproof applies a holistic approach to assessing your organization's information security policies and procedures. Bulletproof integrates our understanding of your security goals with our experience in achieving best practices compliance. Bulletproof verifies that your policies conform to the controls established in the ISO 27001 Industry Leading IT Security Standard. The goal of every information security program is to maintain the confidentiality, integrity, and availability of data.

PCI Health Check

Bulletproof will review as a combination of documentation/evidence review and onsite discussions. We will identify documentation that we require for review prior to the planning meeting and during the scope validation exercise.

Virtual Chief Information Security Officer

Through our vCISO service, you can leverage a block time retainer with a CISO to advise on governance and policy, security architecture, incident response and remediation, or vendor selection of IT Security products. A vCISO provides all the benefits of a CISO without the associated overhead costs. Our vCISO service gives you direct access to top tier security experts, who will manage you through your cybersecurity program, working for your organization and ensuring your information stays secures, reducing the risk – and exposure – of a cyber-attack.

Security Aware Icon


A whopping 95% of cyber-attacks and incidents exploit unsuspecting and uninformed employees.*

Bulletproof’s Security Aware service is the only user awareness solution in market today that solves the difficult problem of end user adoption and buy in. With Security Aware, you can transform your people from cybercrime targets to active contributors to your cybersecurity.


*IBM X-Force Threat Intelligence Index

Why Bulletproof?


  • Microsoft 2021 Global Security Partner of the Year Winner.
  • Microsoft Solutions Partner for Modern Work + Security, specializing in Threat Protection and Cloud Security, and Digital &  App Innovation Azure.
  • Decades of technology, compliance, and security knowledge serving various industries of all sizes​.
  • We work with top gaming organizations, lotteries, U.S. Tribal Nations, government and local organizations, etc. across the globe. ​
  • Users on six continents trust Bulletproof to strengthen their IT & security posture.
  • Two State-of-the-art 24/7 Security Operations Centre (SOC) in North America.
  • Our security professionals hold industry-recognized certifications, including ISO/IEC 27001, WLA-SCS, CISSP, CISA, CEH, CPT, OSCP, and PCI-QSA.​
  • Awarded GSA Multiple Award Schedule (MSA) with holder of Highly Adaptive Cybersecurity Services (HACS)​.
  • Member of the Microsoft Intelligent Security Association. 

Microsoft Solutions Partner Logo White Transparent

“These remarkable partners have displayed a deep commitment to building world-class solutions for customers—from cloud-to-edge—and represent some of the best and brightest our ecosystem has to offer.”

-Rodney Clark, Corporate VP, Global Partner Solutions, Channel Sales and Channel Chief, Microsoft

Call Us