iGaming Vendor Cybersecurity Scorecard: Rate Your Critical Vendors in 10 Minutes
DORA requires you to formally assess the cybersecurity of every critical ICT vendor. Most operators don't know where to start. This scorecard gives you a structured 25-point assessment framework that generates a risk rating for each vendor — and produces the documentation the MGA will ask for.
DORA requires a formal risk register of all critical ICT third-party providers.
What the Scorecard Assesses
- Security certifications: ISO 27001, SOC 2, PCI DSS — valid, current, scope-appropriate
- Incident response: notification SLAs, documented procedures, breach history
- Data handling: what they hold, where it's stored, sub-processors used
- Business continuity: RTO/RPO commitments, disaster recovery test evidence
- Contractual provisions: right to audit, security obligations, liability caps
- External security posture: public-facing vulnerability rating (powered by Panorays methodology)
Frequently Asked Questions
Can I use this scorecard for my MGA third-party risk register?
Yes. The scorecard output format is designed to be directly usable as DORA-compliant third-party risk documentation. Include it in your ICT vendor register with the date of assessment and next review date.
Score your critical vendors
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.