Background Click here to REGISTER for the Compliance Program
CCTC system components were grouped into 4 major areas. These are represented in the chart shown to the right in the center circle. These represent the core of the CCTV system. For each core section, there is a corresponding cyber-security element necessary to ensure that section’s successful participation in the overall system.
For a site to be considered fully compliant, each of these eight segments must be itself compliant with Hyatt standards. When a deficiency exists in one or more of the cyber security sections, the overall system will likely be classified as “Elevated” or “High” risk.
There is no intention at this stage of implementation to extend compliance activities to include auditing specific camera placement or resolutions within the system. The current focus is more broadly scoped to achieve basic system compliance rather than granular coverage audits. Those hotels looking for detailed reviews of their camera placements and counts are welcome to seek guidance through the support program, but these factors will not be considered in establishing a hotel’s compliance characterization.
Core vs. Cyber Compliance
Fully Compliant hotels need to achieve both Core and Cyber components. Core compliance is achieved by simply having the right type of hardware and software operating within the CCTV system (the blue areas in the graphic above). This type of compliance is project based in one or more phases and/or budget cycles. It has clearly defined scopes that progress linearly from start through completion.
Cyber-security compliance (the tan areas in the graphic above) may be initially achieved with a project but then has a reoccurring requirement. Cyber compliance requires monthly updates and patches to remain compliant. This cyber-security process must be performed at all hotels. All owned and managed hotels are required to enroll in the CCTV Compliance Program to perform and report these monthly updates and patches.
CCTV Compliance Program Activities
The simple, yet critical, program contains these basic elements.
- Audit and Inventory of the CCTV system
- Review of the networking topography used to connect devices
- Risk mitigation plans issued for cyber-security vulnerabilities
- A gap analysis, with budget, outlining the path to Core compliance
- Regular, monthly patching/updates to Operating Systems and/or component firmware, as available, on existing hardware/software
These activities, performed for all enrolled hotels, are part of a corporate reporting process documenting cyber-security compliance.