ZenGRC allows large hospitality organizations to manage their compliance and risk efforts in a simple, easy-to-use GRC solution so they can turn these efforts in increasing customer trust, and in turn, revenue.


The regulatory burden

The hospitality industry thrives by collecting data so they understand their customers’ behavior and can anticipate their needs. They also try to design as many self-service options as possible (automated check-in; room entry by smart phone; location-based services, and so forth), both to keep costs low and to give the customer as much control as he wants over his stay.

And for large hospitality businesses with many outlets, the business wants to achieve uniformity of experience: a high-value customer is always pre-booked into his preferred room, with the same gift basket waiting, and the same meal discount arriving via email 20 minutes after she checks in.

Always ensuring that the customer receives his or her favorite gift bag is not easy. Consider some of the data a hospitality chain is likely to collect:

  • Personal Identifiable Information
  • Sensitive financial information
  • Customer purchasing behavior data
  • Data security and privacy policies
  • Data retention policies

Hospitality businesses today also live or die on preferred customer programs — so they also collect user IDs, passwords, and possibly location data.

All of that data is subject to protection from multiple laws, that can reach across multiple jurisdictions. A U.S. hotel chain, for example, might be subject to European Union data privacy law if it rents rooms to EU citizens. Any data collected about minors requires parental consent. Credit card data is protected by federal law. User IDs might be stored on multiple devices that the customer owns.

The compliance objectives:

The compliance objectives:

Businesses can work with multiple frameworks to achieve those objectives. Credit cards can be secured with the PCI DSS framework. Other sensitive data can be governed by the NIST security protocols or the ISO framework. Tracking risk assessments, gap analyses, and remediation efforts across multiple frameworks, however, can be daunting.

Assess vulnerabilities in the network and application layers;

Study data collection practices for non-compliant behaviors (say, failure to secure consent for collecting data from EU citizens);

Remediate any weaknesses, either through security patches to software or through changes to data collection practices;

Map progress on those remediation efforts;

Be prepared to report those risk assessments and remediations to other parties as necessary;

Integrate new threat alerts or updated regulations into your compliance program as they come along.

Click on one of the tabs to learn more about ZenGRC's compliance, risk or reporting features.

Centralized Dashboard

Program Progress

Control Completion

Risk Assessment

Unified Control Management

Map Controls Across Frameworks

ZenGRC risk dashboard

System of record

Streamlined Workflow

Continuous System Monitoring

What You Should Know About PCI DSS Penetration Testing

What can ZenGRC do for you?

As a cloud-based solution, ZenGRC deploys simply and quickly (six to eight weeks) even across a large enterprise. It also provides a unified platform to manage controls across multiple frameworks, and a dashboard that lets CISOs monitor key performance indicators for compliance and IT security efforts.

ZenGRC allows full visibility into risks and deficient controls so you can coordinate remediation, and bring consistency to compliance and security policies across an operating environment that might include many physical locations.

Learn More