Accor Group Presentation

advertisement

Accor PCI DSS Project

Marie-Christine Vittet

PCI DSS Program Director

July 2013

2

Accor Group Presentation

3

Accor Group Presentation

4

Accor Group Presentation

PCIDSS scope in Accor

 Accor Central (Merchant Level 1)

Accor central covers the distribution system: central reservation systems, web & ecommerce systems, call centers, different interfaces with Global Distribution Systems and online Travel Agency systems available for Accor hotels

 Hotels (Merchant Level 4) QSA audit o Owned & Leased hotels (subsidiaries)

Operated and controlled by ACCOR Group, Owned and Lease hotels are under the ACCOR responsibility

SAQ o Managed & Franchised hotels

-

Managed hotels : ACCOR manages a hotel on behalf of an owner under an ACCOR brand. The hotel benefits from all the distribution and marketing know-how of the group

-

Franchised hotels : On the opposite of the management contract, the hotel is managed by an independent owner who uses an ACCOR brand and the distribution system

5

PCI DSS - Accor Governance

ACCOR Steering Committee

 Accor Executive Attendance

 Quarterly basis

Support & Validate

ACCOR Coordination Committee

 Track Leader Attendance

Organize & Monitor

(Operations, IT, Distribution, Call Center, Legal & Treasury)

 Monthly basis

 ACCOR Country Committee

 Local Representative Attendance

(IT, Operations, Finance, HR & Legal)

 Monthly basis

6

ACCOR Meeting with Schemes

 Biannual

 Bilateral meetings

Roll-Out

Report

PCI DSS - Accor Program Kit

PCI Program kit is ready to be implemented!

 PCI DSS Compliance in Accor document

 Accor PCI eModule

 Policies and Procedures (3 Quick-wins)

 Guideline for hotels renovation

7

Under construction: PCI Hotel Portal

 User training

 IP Scanning

 Policies and Procedures Templates

 Online SAQ

Accor PCI eModule

This formal security awareness program is based on a 50 minutes eModule.

Each Accor employee dealing with payment card data must follow this program at least one time per year.

8

The training will end with a questionnaire in order to get the certification.

Accor PCI eModule testimony

The PCI e-Module clearly demonstrates how the hotel staff could comply to PCIDSS in their daily work in a very simple and easy to understand approach. NG Joseph, PMS Manager - Asia/Singapore

The e-module is very clear and pointed out risks I was not aware of. I have learned a lot!

Lassing Annelies, Pricing &

Distribution Support Manager/

STAR - HQ Amsterdam

9

It’s really good – and simple to understand. Think it’s a good tool to remind everybody about security rules – also for his personal interest and data.

Frankenhauser Silvia, Manager Distribution Systems/

Commercial - HQ Munich

10

Accor PCI project Contact

Contact:

Marie-Christine VITTET

Accor - PCI DSS Program Director

Email : marie-christine.vittet@accor.com

Thank you for your attention

?

Download