What security obligations does an Even Hotels franchisee have regarding the PMS Solution?

According to Even Hotels' 2025 Franchise Disclosure Document, franchisees have specific security obligations related to the Property Management System (PMS) Solution. The franchisee (referred to as 'Hotel' in the FDD) must implement and maintain commercially reasonable and industry-standard measures to prevent unauthorized access to the PMS Solution. This includes ensuring that all designated users, such as employees or contractors authorized to access the system for business purposes, comply with industry best practices for secure passwords. These users must implement secure passwords, change them regularly, and protect the security and privacy of their user logins and the PMS data.

The Even Hotels franchisee is solely responsible for any claims and losses resulting from unauthorized third-party access to the PMS Solution or PMS data if it arises from a breach of these security obligations. Furthermore, the franchisee must comply with any additional security requirements that HotelKey (the PMS provider) or IHG (InterContinental Hotels Group, the franchisor) provides in writing, which may be updated periodically. The franchisee is also responsible for informing each designated user of the agreement's terms and restrictions and ensuring that these restrictions are enforced.

In practical terms, this means an Even Hotels franchisee needs to invest in appropriate security infrastructure and training for their staff. They must stay updated on the latest security recommendations from HotelKey and IHG and implement those recommendations promptly. Failure to comply with these security obligations could result in financial liability for any data breaches or unauthorized access incidents. This is a standard requirement in the hotel franchising industry, as protecting guest data and maintaining system security are critical for brand reputation and legal compliance.