Marie-Christine VittetPCI DSS Program Director
July 2013
Accor PCI DSS Project
2
Accor Group Presentation
3
Accor Group Presentation
4
Accor Group Presentation
5
PCIDSS scope in Accor
Accor Central (Merchant Level 1)Accor central covers the distribution system: central reservation systems, web & e-commerce systems, call centers, different interfaces with Global Distribution Systems and online Travel Agency systems available for Accor hotels
Hotels (Merchant Level 4)o Owned & Leased hotels (subsidiaries)
Operated and controlled by ACCOR Group, Owned and Lease hotelsare under the ACCOR responsibility
o Managed & Franchised hotels
- Managed hotels: ACCOR manages a hotel on behalf of an ownerunder an ACCOR brand. The hotel benefits from all the distributionand marketing know-how of the group
- Franchised hotels: On the opposite of the management contract, thehotel is managed by an independent owner who uses an ACCORbrand and the distribution system
QSA audit
SAQ
6
ACCOR Steering Committee Accor Executive Attendance Quarterly basis
ACCOR Coordination Committee Track Leader Attendance
(Operations, IT, Distribution, Call Center, Legal & Treasury)
Monthly basis
ACCOR Country Committee Local Representative Attendance
(IT, Operations, Finance, HR & Legal)
Monthly basis
ACCOR Meeting with Schemes Biannual Bilateral meetings
PCI DSS - Accor Governance
Support & ValidateSupport & Validate
Organize & MonitorOrganize & Monitor
Roll-OutRoll-Out
ReportReport
7
PCI Program kit is ready to be implemented!
PCI DSS Compliance in Accor document Accor PCI eModule Policies and Procedures (3 Quick-wins) Guideline for hotels renovation
Under construction: PCI Hotel Portal
User training IP Scanning Policies and Procedures Templates Online SAQ
PCI DSS - Accor Program Kit
8
This formal security awareness program is based on a 50 minutes eModule.
Accor PCI eModule
Each Accor employee dealing with payment card data must follow this program at least one time per year.
The training will end with a questionnaire in order to get the certification.
9
Accor PCI eModule testimony
The PCI e-Module clearly demonstrates how the hotel staff could comply to PCIDSS in their daily work in a very simple and easy tounderstand approach. NG Joseph, PMS Manager - Asia/Singapore
It’s really good – and simple to understand. Think it’s a good tool to remind everybody about security rules – also for his personal interest and data. Frankenhauser Silvia, Manager Distribution Systems/ Commercial - HQ Munich
The e-module is very clear and pointed out risks I was not aware of. I have learned a lot! Lassing Annelies, Pricing & Distribution Support Manager/ STAR - HQ Amsterdam
10
Accor PCI project Contact
Contact:Marie-Christine VITTETAccor - PCI DSS Program DirectorEmail: [email protected]
Thank you for your attention
?