Grupo Iberostar is a 100% family-owned Spanish multinational company with more than 60 years of history. Iberostar Hotels & Resorts is its core business, with a portfolio of more than 120 4- and 5-star hotels in 19 countries and a team of more than 34,000 employees. Iberostar is a benchmark in responsible tourism and consolidates its quality through the innovation and renovation of its product, through concepts that promote an authentic culture of personal wellness and propose a healthy gastronomy that values local products.

The quality and satisfaction of Iberostar Group’s customers has always been and is one of its pillars and the commitment to protect the information of its customers at all times from the management of the reservation, the stay and the customer service it provides.

Within the framework of security, Grupo Iberostar has a roadmap of projects to protect all the assets and information it manages and this roadmap includes compliance with the PCI DSS card payment regulations.

Grupo Iberostar contacted A2SECURE to evaluate the hotel chain’s compliance with PCI DSS and to become certified in this security standard and to be able to consolidate the protection of information that has been carried out for years by a QSA PCI DSS company.

Card Data Protection, the Lever for Increased Security in all Processes

PCI DSS compliance in the tourism sector is sometimes complex due to the number of different business processes in which card data is involved.

For this type of project, it is important to understand all the business processes, the assets involved, the data being managed and above all to have key partners throughout the process to accompany the consulting company (in this case A2SECURE) in identifying the processes and gaps with the regulations for compliance.

With Grupo Iberostar, thanks to the collaboration of the different departments, the commitment to understand the regulations and how they affect each of the processes has been the key to bring the project to a successful conclusion and improve security in all business processes.