Hospitality
ZenGRC allows large hospitality organizations to manage their compliance and risk efforts in a simple, easy-to-use GRC solution, so they can turn these efforts in increasing customer trust and, in turn, revenue.
GET A DEMO
The Regulatory Burden
The hospitality industry thrives by collecting data so they understand customer behavior and can anticipate their needs. They also try to design as many self-service options as possible (automated check-in, room entry by smart phone, location-based services and so forth), both to keep costs low and to give the customer as much control as he wants over his stay.
And for large hospitality businesses with many outlets, the business wants to achieve uniformity of experience: a high-value customer is always pre-booked into his preferred room, with the same gift basket waiting and the same meal discount arriving via email 20 minutes after she checks in.
Always ensuring that the customer receives his or her favorite gift bag is not easy. Consider some of the data a hospitality chain is likely to collect:
- Personal Identifiable Information
- Sensitive financial information
- Customer purchasing behavior data
- Data security and privacy policies
- Data retention policies
Hospitality businesses today also live or die on preferred customer programs — so they also collect user IDs, passwords and, possibly, location data.
All of that data is subject to protection from multiple laws that can reach across various jurisdictions. A U.S. hotel chain, for example, might be subject to European Union data privacy law if it rents rooms to EU citizens. Any data collected about minors requires parental consent. Credit card data is protected by federal law. User IDs might be stored on multiple devices that the customer owns.
Compliance Objectives
Businesses can work with multiple frameworks to achieve their objectives. Credit cards can be secured with the PCI DSS framework. Other sensitive data can be governed by the NIST security protocols or the ISO framework. Tracking risk assessments, gap analyses and remediation efforts across multiple frameworks can be daunting.
-
Assess vulnerabilities in the network and application layers.
-
Study data collection practices for non-compliant behaviors (say, failure to secure consent for collecting data from EU citizens).
-
Remediate any weaknesses, either through security patches to software or through changes to data collection practices.
-
Map progress on those remediation efforts.
-
Be prepared to report those risk assessments and remediations to other parties as necessary.
-
Integrate new threat alerts or updated regulations into your compliance program as they come along.
Ebooks
Guides
Preparing for a SOX Audit Using COSO: Internal Controls and Security at the Heart of SOX
Read Guide
Webinars
Top Initiatives for Infosec Teams to Consider in Implementing Business Continuity & Resiliency
Watch WebinarVendor Risk Management: What your organization can and cannot do under the GDPR
Watch WebinarHow GRC planning protects your company’s brand against the next cyberattack
Watch WebinarBlazing the Trail: Develop a Compliance and Risk Management Plan in 6 Weeks
Watch Webinar
Articles
The Difference Between Vulnerability Assessment and Vulnerability Management
Read ArticleCCPA Exemptions: The California Consumer Privacy Act and the Gramm-Leach-Bliley Act
Read ArticleHow Big Data Analysis Helps Compliance & Business Leaders Make Better Decisions
Read ArticleCompliance Offers Internal Stakeholder Value: Automation as Transmogrifier
Read ArticleRisk Management Automation and Customer Engagement: Rupees in the Grass
Read Article7 Challenges of Being an IT Compliance Manager: Automation Makes You an American Ninja Warrior
Read ArticleCybersecurity Awareness Training Game to Celebrate Cybersecurity Awareness Month
Read ArticleiPhone X and Security: Becoming James Bond and Protecting Your Organization
Read ArticleProtecting Your Corporate Website as an Enterprise Risk Management Strategy
Read ArticleCloud Security Compliance: 11 Steps on the Stairway to Cloud Services Heaven
Read ArticleLegal Liability in Information Security: How Compliance Can Be Used to Protect Assets
Read ArticleWebinar Recording Now Available – 6 Time Saving Steps to Simplify Your GRC Strategy
Read ArticleHow to Conduct a Compliance Self-Assessment – an Excerpt from our GRC Software Buyers’ Guide
Read ArticleWhen to Implement a GRC Tool? – An Excerpt from Reciprocity’s GRC Software Buyer’s Guide
Read ArticleSmarter Compliance, Less Risk – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide
Read ArticleWhat is GRC – an Excerpt from Reciprocity’s GRC Software Buyer’s Guide
Read ArticleZenGRC v2.4 Release Features New Audit and Evidence Request Dashboards, and More
Read Article“Competent Compliance” Webinar Recording Now Available, Learn How to Move Beyond Spreadsheets
Read ArticleJoin Our Live Webinar – Competent Compliance: 3 Ways to Move Beyond Spreadsheets
Read ArticleJune News Round-Up: More Data Breach News, Crypto Wars 2.0, and Acer Hack
Read ArticleZenGRC v2.2 Release Features New System of Record Dashboard, Tree View Updates
Read ArticleZenGRC v2.1 Release Features Improved Audit Capabilities, Simplified Customer Support
Read ArticleHow to Tell if it is Time to Start a Compliance Program [Infographic]
Read ArticleA Perfect Nightmare: Compliance and Record Keeping Disaster Waiting to Happen
Read ArticleChanges Are Coming For The Trust Services Principles And Criteria – Are You Ready?
Read ArticleSelecting the Right Service Organization Control Report for Outsourced Operations
Read Article
FAQs
Infographics
Hospitality related Use Cases
Learn how we can fit into your business.
Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.
