Rule 3772-15-03 | Requirements of certification.
(A) To be certified and maintain certification, the independent testing laboratory must meet the following requirements:
(1) Be independent of any entity or product for which the laboratory provides testing services;
(2) Maintain "Professional Liability (Errors and Omissions) Insurance" of not less than one million dollars;
(3) Maintain accreditation from a reputable accrediting body to International Organization for Standardization (ISO) standards 17020 and 17025, and any other standards as required by the executive director;
(4) Employ a full-time quality manager who is responsible for ensuring compliance with national accreditation standards and Chapter 3772. of the Revised Code and the rules adopted thereunder;
(5) Maintain physical security at each laboratory facility, including but not limited to, surveillance systems and alarms to minimize the risk that confidential information is misappropriated;
(6) Maintain IT security necessary to minimize the risk that confidential information is misappropriated;
(7) The laboratory must utilize verification methodologies required by the executive director. The laboratory must request approval from the executive director to use alternative verification methodologies. If approved, the laboratory must provide the verification tool utilizing the alternative verification methodologies to the commission;
(8) Ensure that testing and support procedures are performed consistently at all laboratory locations;
(9) Make available to the commission, upon request, all policies, procedures and records of the independent test laboratory;
(10) Make available to the commission, upon request, a master list of all test methods, standards, forms, and other relevant documents used in the independent test laboratory;
(11) Not subcontract any testing without the prior written approval of the executive director;
(12) Maintain all records for a minimum of five years unless otherwise specified as follows:
(a) Maintain for a minimum of five years after an associated commission approval is no longer in effect, an electronic database containing testing data, reports, and related materials and provide access to the commission. Data, reports, and related materials must be provided in a format and through a mechanism required by the commission;
(b) If not available from the manufacturer, maintain an inventory of gaming equipment and versions of software tested by the laboratory and approved by the commission for a minimum of five years after an associated commission approval is no longer in effect; and
(c) Maintain for a minimum of five years after the end of the laboratory's certification period in which the submission occurred, all software and associated documentation and source code submitted for testing, but not subsequently approved by the commission. The information must be stored in a manner which is secure and readily accessible to appropriately approved laboratory personnel.
(13) Assist the commission in investigations when requested, at the expense of the independent testing laboratory. The independent testing laboratory may seek reimbursement from the owner of the devices subject to investigation;
(14) When requested, a laboratory must assist or train commission agents in accounting, auditing, compliance, security, technology, and verification practices for any submission to that laboratory seeking approval from the commission; and
(15) Any additional condition imposed by the commission at a meeting held under section 3772.02 of the Revised Code.
(B) The independent testing laboratory must notify the executive director immediately if it fails to maintain compliance with any of these requirements.
Last updated July 5, 2022 at 11:51 AM