Section 1350-03-.10 - THIRD-PARTY SYSTEMS(1) The Licensee shall have policies and procedures for managing third parties who provide information system services, hardware, and/or software or interact with the Sports Gaming System. Licensees are responsible for monitoring their adherence to relevant security requirements, including: (a) Agreements with third-party service providers involving accessing, processing, communicating, or managing the system and/or its components, or adding products or services to the system and/or its components shall cover all relevant security requirements.(b) The services, reports, and records provided by the third-party service providers shall be monitored and reviewed annually.(c) Changes to the provision of third-party service providers, including maintaining and improving existing security policies, procedures, and controls, shall be managed, taking account of the criticality of systems and processes involved and re-assessment of risks.(d) The access rights of third-party service providers to the system and/or its components shall be removed upon termination of their contract or agreement or adjusted upon change.(e) Verification that third-party service providers are registered as a Vendor in accordance with the Rules as may be required.(2) Third parties who provide information system services and/or software must comply with the requirements set forth in Sections 1350-03-.12 and 1350-03-.13.Tenn. Comp. R. & Regs. 1350-03-.10
Emergency rules filed December 22, 2021 to become effective January 1, 2022; effective through June 30, 2022. New rules filed March 22, 2022; effective 6/20/2022.Authority: T.C.A. §§ 4-49-106, 4-49-110, 4-49-115, and 4-49-125.