Select regional store:


IT Governance helps Harino win its regulatory race

This case study shows how IT Governance helped Harino achieve compliance with the Gambling Commission and PCI DSS requirements. Enter your email address at the bottom of this page if you would like a PDF version of this case study. Call us on +44 (0) 845 070 1750 to discuss your own data security consultancy requirements.

Harino Case Study

To bring its mould-breaking virtual horse racing game to market, online gaming company Harino had first to comply with the UK Gambling Commission’s data security requirements and payment card processing standard PCI DSS. IT Governance helped the company address both issues in record time, thanks to an innovative programme of consultancy and security awareness training, paving the way for an eagerly anticipated product launch.


Harino sets a totally new standard for horse racing games, with exciting, realistic graphics. It features a minutely researched user experience, with elements such as the horses’ draw, rating, handicap, form, jockey, training input and condition all positively contributing to the computer generated result. The tightly policed, secure gaming interface allows eligible gamers to play for real money using credit and debit cards; alternatively, users can choose just to “Play for Fun”.

Harino is primarily targeted at players from the UK and Ireland, and the company decided to physically base its operations within the UK as well. This was quite unusual, as many online gaming and betting companies targeting the UK base themselves instead in offshore centres such as Alderney or Gibraltar, thereby avoiding the oversight of the UK Gambling Commission. In contrast, Harino opted for the more regulated and financially onerous onshore location as part of a strategy to establish the credibility of its product, using the Gambling Commission’s stamp of approval to reassure gamers that Harino is a reliable business operated responsibly.

To be awarded a Remote Gambling Operational Licence, Harino had to comply with the Gambling Commission’s many regulations, including 58 information security controls taken from the global best practice standard, ISO27001. In order to demonstrate compliance with these controls, Harino had to submit to and pass a demanding audit by a third party inspector approved by the Gambling Commission.

Click here to read more »


‘Our launch deadline meant we were effectively learning to swim at the deep end when it came to compliance,’ says administration manager Eric Hwang.

This in turn led to a conversation with IT Governance about its compliance consultancy and training services. Although Harino had approached several consultancies, it was quickly attracted to IT Governance’s comprehensive approach and affordable fee levels. In particular, IT Governance’s extensive experience of ISO27001 and PCI DSS, and of how they overlap, enabled it to suggest an innovative approach that would simultaneously meet both sets of regulatory goals.


To meet the demanding deadlines for the project, IT Governance assigned a consultant to work full- time with Harino for extended periods. As Harino was a new business with few existing policies and procedures, the consultant’s task was effectively to build a new compliance regime from the ground up.

Using a proactive approach, IT Governance drew upon its extensive practical experience to create a comprehensive set of documentation that was cross-mapped to the requirements of the Gambling Commission and PCI DSS. As part of the process, Harino had purchased IT Governance’s ISO27001 Toolkit, which is designed to help organisations create their own best practice Information Security Management Systems (ISMSs). The IT Governance consultant was able to tailor this to the particular requirement of Harino, ensuring that work was completed in the shortest possible time.

In addition to creating the required policies and procedures, IT Governance delivered a staff awareness training session for the growing Harino team. The purpose of this training was to establish an information security mindset as part of the company’s culture, particularly important given the Gambling Commission’s annual audits and the PCI DSS quarterly scans and annual questionnaires. The session included a classroom-style test, designed to enable managers to measure their employees’ levels of security awareness, and to form a benchmark for future checks.


The acid test was faced when Harino’s independent auditors visited to assess the company’s controls against the Gambling Commission’s requirements. They were similarly complimentary and Harino passed the audit with flying colours, paving the way for beta testing to begin on schedule.

Reflecting on Harino’s experience with IT Governance, general manager Harold Kim said, ‘It was a very successful relationship. IT Governance took us from almost zero knowledge and were able to accommodate our particular business requirements. We particularly liked the way they used their experience to offer practical examples of how other organisations had achieved compliance.’

‘We not only feel fully prepared for our immediate needs, but well positioned for when we pursue ISO27001 certification for the entire business.’

Download this case study now

To get a PDF version of this case study enter your email address below and we will send you a copy straight away.

Just as we have helped Harino achieve compliance with the Gambling Commission and PCI DSS requirements on time and within budget so we can help you. Call us now on 00 800 48 484 484.

This website uses cookies. View our cookie policy