Why Assessing and Mitigating the Security Risks of PMS Data Should be a Top Priority fo... - 0 views
-
here are two components of the puzzle: the booking engine used by hotels, and the actual PMS. Since guest data can be self-hosted by hotels, managed on-property by a third party, or handled entirely off site, it’s up to hoteliers to decide what works best for their property.
-
However, even if your hotel’s data is out of sight, it is a hotel’s responsibility to keep their data partners accountable.
-
To stay informed on the status of your property’s data storage, operators should become familiar with the management at work in their hosting facility. Request information on the hosting facility’s certifications for GDPR, PCA, SOC 2, and others. It will also be useful for learning who oversees rolling updates out to your hotel’s machines, as well as firewall rules, antivirus requirements and more.
- ...2 more annotations...
-
No matter how a hotel stores its data, operators will always be liable for securing it on some level. This is particularly true for PCI compliance, as hotels still physically handle credit cards properly and store guests’ card data well locally.
-
In general, hosted environments, whether multi tenanted or dedicated, reduce some of the operational load of your IT team in various ways, dependent on the level of interaction coming from your data partner. A fully managed implementation could absolve hoteliers from overseeing updates, watching alerts for threat monitoring, and more. These systems also give operators the benefit of accessing their systems from anywhere, often through and ideally via browser-based user interfaces.