Marie-Christine Vittet
PCI DSS Program Director
July 2013
2
3
4
Accor Central (Merchant Level 1)
Accor central covers the distribution system: central reservation systems, web & ecommerce systems, call centers, different interfaces with Global Distribution Systems and online Travel Agency systems available for Accor hotels
Hotels (Merchant Level 4) QSA audit o Owned & Leased hotels (subsidiaries)
Operated and controlled by ACCOR Group, Owned and Lease hotels are under the ACCOR responsibility
SAQ o Managed & Franchised hotels
-
Managed hotels : ACCOR manages a hotel on behalf of an owner under an ACCOR brand. The hotel benefits from all the distribution and marketing know-how of the group
-
Franchised hotels : On the opposite of the management contract, the hotel is managed by an independent owner who uses an ACCOR brand and the distribution system
5
ACCOR Steering Committee
Accor Executive Attendance
Quarterly basis
Support & Validate
ACCOR Coordination Committee
Track Leader Attendance
Organize & Monitor
(Operations, IT, Distribution, Call Center, Legal & Treasury)
Monthly basis
ACCOR Country Committee
Local Representative Attendance
(IT, Operations, Finance, HR & Legal)
Monthly basis
6
ACCOR Meeting with Schemes
Biannual
Bilateral meetings
Roll-Out
Report
PCI Program kit is ready to be implemented!
PCI DSS Compliance in Accor document
Accor PCI eModule
Policies and Procedures (3 Quick-wins)
Guideline for hotels renovation
7
Under construction: PCI Hotel Portal
User training
IP Scanning
Policies and Procedures Templates
Online SAQ
This formal security awareness program is based on a 50 minutes eModule.
Each Accor employee dealing with payment card data must follow this program at least one time per year.
8
The training will end with a questionnaire in order to get the certification.
The PCI e-Module clearly demonstrates how the hotel staff could comply to PCIDSS in their daily work in a very simple and easy to understand approach. NG Joseph, PMS Manager - Asia/Singapore
The e-module is very clear and pointed out risks I was not aware of. I have learned a lot!
Lassing Annelies, Pricing &
Distribution Support Manager/
STAR - HQ Amsterdam
9
It’s really good – and simple to understand. Think it’s a good tool to remind everybody about security rules – also for his personal interest and data.
Frankenhauser Silvia, Manager Distribution Systems/
Commercial - HQ Munich
10
Contact:
Marie-Christine VITTET
Accor - PCI DSS Program Director
Email : marie-christine.vittet@accor.com
Thank you for your attention
?