Risk Management Plan for Siam Samui Resort - Hospitality Sector

Verified

Added on 2021/06/14

AI Summary

This report focuses on the risk management plan for the hospitality sector, specifically addressing data privacy and cybersecurity challenges faced by the Siam Samui Resort. It details the business operations, identifies key risks, and analyzes threats associated with online data management and customer transactions. The report highlights the importance of data protection, referencing strategies employed by other hotels like Reno, Nevada, and the Como group. It outlines the roles of management and the audit process for risk assessment, while also evaluating the 5-step risk management control process, including risk identification, analysis, evaluation, treatment, and monitoring. The report emphasizes the need for legislative compliance, such as GDPR, and the utilization of tools like project risk registers to monitor and mitigate risks effectively. The report also includes references to support the analysis.

Running head: COMPLIANCE AND RISK MANAGEMENT IN HOSPITALITY
Compliance and Risk Management in Hospitality
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1COMPLIANCE AND RISK MANAGEMENT IN HOSPITALITY
1.0 Introduction
This report highlights the risk management plan for the hospitality sector named Siam
Samui Resort with the area of hospitality risk which is selected as data privacy and cyber
security. The management roles allocated to committee members and the audit process for risk
assessmen will also be presented. Lastly, the 5 step risk management control process will be
demonstrated to evaluate the significance and purpose of each step of the control process.
2.0 Discussion
2.1 Description of business and analysis of risk management threats
The resort ‘Siam Samui Resort’ provides air-conditioned deluxe accommodations,
guestroom amenities, food and drink venues, Wi-Fi for all guests, laundry services, souvenir
shop, airport and local transfers and Recreation facilities. The company also maintains the
registration and booking for the organization through online and also provides the user with
online payment transactions. Thus, the top risk in this case is data privacy and cyber security for
the registered users.
The database for the online data and customer’s details is handled by the resort
administrator and the team members of the administrator department are also liable for managing
and categories the data according to the attributes. Hotel like Reno, Nevada utilizes Digital IDs,
Intrusion Detection System, Firewall, Encryption and Biometrics for data privacy1. Moreover, in
hotel like Como group, personal data of the customer are protected by the privacy policy
following Personal Data Protection Act2. Moreover, for the hotel like Pan Pacific hotel, the Data
1 Arxiv.Org, https://arxiv.org/ftp/arxiv/papers/1705/1705.02749.pdf. Accessed 9 May 2018 (2018).
2 Comohotels.Com. https://www.comohotels.com/privacy-policy. Accessed 9 May 2018 (2018).

2COMPLIANCE AND RISK MANAGEMENT IN HOSPITALITY
Step 1: Identify the Risk
Step 2: Analyze the risk
Step 3: Evaluate or Rank the Risk
Step 4: Treat the Risk
Step 5: Monitor and Review the risk
Protection Policy for collecting, using and disclosing the personal data of the user through Data
Protection Policy3.
2.2 Evaluating the 5 step risk management control process
Risk Identification- The Siam Samui Resort faces the risk of unauthorized access of cyber
criminals and hackers in the database of the personal data of the users. Moreover, risk of
accessing the payment details can also be compromised.
Risk Analysis- The likelihood of the risk occurrence is high as the hotel target majority of the
tourists in Thailand. Since the organization is new, implementing the effective data protection
software is challenging and intruders might access the user’s details for misusing their personal
details4. Intruders might access the payment options for accessing the bank details and
unauthorized money transfer. Another risk is asking for ransom in return of the user details from
the resort.
3 Business.Tas.Gov.Au, https://www.business.tas.gov.au/__data/assets/pdf_file/0005/119327/Chapter-4-Motivate-
Manage-Reward.pdf. Accessed 7 May 2018 (2018).
4 Nasu, Hitoshi, and Helen Trezise. "Cyber Security in the Asia Pacific." (2015).

3COMPLIANCE AND RISK MANAGEMENT IN HOSPITALITY
Risk Evaluation- In this case, risk for the protection of the hotel data is the priority task for
securing the hotel system followed by the protection of the customer details. In this process, risk
matrix can also be used for prioritize the risk.
Treating the Risk- The highest risk is data protection of the hotel which is maintained through
the legislation like General Data Protection Regulation (GDPR), Official Information Act, Credit
Information Business Operation Act, and the National Health Security Act5.
Risk monitoring- The risk is monitored by the administrative department using project risk
register. The sales of the hotel should also be evaluated in order to assess the impact of the risk
and to what extend the risk need to be overcome.
5 Shepherdson, Kevin, William Hioe, and Lyn Boxall. 88 Privacy Breaches to Beware of: Practical Data Protection
Tips from Real Life Experiences. Marshall Cavendish International Asia Pte Ltd, 2016.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4COMPLIANCE AND RISK MANAGEMENT IN HOSPITALITY
3.0 Reference List
Arxiv.Org, https://arxiv.org/ftp/arxiv/papers/1705/1705.02749.pdf. Accessed 9 May 2018 (2018).
Business.Tas.Gov.Au. https://www.business.tas.gov.au/__data/assets/pdf_file/0005/119327/
Chapter-4-Motivate-Manage-Reward.pdf. Accessed 7 May 2018 (2018).
Comohotels.Com, https://www.comohotels.com/privacy-policy. Accessed 9 May 2018 (2018).
Nasu, Hitoshi, and Helen Trezise. "Cyber Security in the Asia Pacific." (2015).
Shepherdson, Kevin, William Hioe, and Lyn Boxall. 88 Privacy Breaches to Beware of:
Practical Data Protection Tips from Real Life Experiences. Marshall Cavendish International
Asia Pte Ltd. (2016).