What must Even Hotels franchisees do to establish and maintain proper application access control for the PMS?

According to Even Hotels' 2025 Franchise Disclosure Document, franchisees are responsible for establishing and maintaining proper application access control to align with Payment Card Industry Data Security Standards (PCI-DSS). This means that Even Hotels franchisees must implement security measures to protect credit card and other sensitive data processed through the Property Management System (PMS). These measures are designed to prevent unauthorized access and data breaches, ensuring compliance with industry security standards.

To maintain the PMS, franchisees must ensure that operating systems, databases, and other programs are kept up-to-date with current approved security patches that are fully supported by the software vendors. The PMS must also be periodically updated and maintained to conform to SCH-approved software versions, technology advancements, and security requirements. This may involve replacing or upgrading certain hardware or software components.

At a minimum, the PMS hardware and software must be replaced at least every 48 months. PMS hardware includes servers, workstations, printers, monitors, UPS, back-up devices, and associated network components. This regular updating and maintenance is crucial for protecting sensitive data and maintaining the integrity of the PMS, which is a critical component of hotel operations. Failing to comply with these requirements could result in security vulnerabilities, data breaches, and non-compliance with PCI-DSS standards, potentially leading to financial and legal repercussions for the franchisee.