Transcript Accor Group Presentation

Accor PCI DSS Project
Marie-Christine Vittet
PCI DSS Program Director
July 2013
Accor Group Presentation
2
Accor Group Presentation
3
Accor Group Presentation
4
PCIDSS scope in Accor
 Accor Central (Merchant Level 1)
Accor central covers the distribution system: central reservation systems, web & ecommerce systems, call centers, different interfaces with Global Distribution Systems
and online Travel Agency systems available for Accor hotels
 Hotels (Merchant Level 4)
QSA audit
o Owned & Leased hotels (subsidiaries)
Operated and controlled by ACCOR Group, Owned and Lease hotels
are under the ACCOR responsibility
o Managed & Franchised hotels
- Managed hotels: ACCOR manages a hotel on behalf of an owner
under an ACCOR brand. The hotel benefits from all the distribution
and marketing know-how of the group
SAQ
- Franchised hotels: On the opposite of the management contract, the
hotel is managed by an independent owner who uses an ACCOR
brand and the distribution system
5
PCI DSS - Accor Governance

ACCOR Steering Committee
 Accor Executive Attendance
 Quarterly basis

ACCOR Coordination Committee
Support & Validate
Organize & Monitor
 Track Leader Attendance
(Operations, IT, Distribution, Call Center, Legal & Treasury)
 Monthly basis

ACCOR Country Committee
Roll-Out
 Local Representative Attendance
(IT, Operations, Finance, HR & Legal)
 Monthly basis

ACCOR Meeting with Schemes
 Biannual
 Bilateral meetings
6
Report
PCI DSS - Accor Program Kit
PCI Program kit is ready to be implemented!




PCI DSS Compliance in Accor document
Accor PCI eModule
Policies and Procedures (3 Quick-wins)
Guideline for hotels renovation
Under construction: PCI Hotel Portal




7
User training
IP Scanning
Policies and Procedures Templates
Online SAQ
Accor PCI eModule
This formal security
awareness program is based
on a 50 minutes eModule.
Each Accor employee dealing with payment card data
must follow this program at least one time per year.
8
The training will end with a questionnaire in
order to get the certification.
Accor PCI eModule testimony
The PCI e-Module clearly demonstrates how the hotel staff could
comply to PCIDSS in their daily work in a very simple and easy to
understand approach. NG Joseph, PMS Manager - Asia/Singapore
The e-module is very clear and
pointed out risks I was not aware
of. I have learned a lot!
Lassing Annelies, Pricing &
Distribution Support Manager/
STAR - HQ Amsterdam
It’s really good – and simple to understand. Think it’s a good tool
to remind everybody about security rules – also for his personal
interest and data.
Frankenhauser Silvia, Manager Distribution Systems/
Commercial - HQ Munich
9
Accor PCI project Contact
Contact:
Marie-Christine VITTET
Accor - PCI DSS Program Director
Email: [email protected]
Thank you for your attention
10
?