Configuration
Organization
Draft Not saved
Property mode
One hotel or multiple locations.
Monthly reporting day
When the Executive Summary auto-generates.
Require MFA
Force MFA for managers and vendors. (Core proof item.)
Password standard
Minimum length + rules.
Session timeout
Auto log-out on shared front desk computers.
Block shared passwords
Warn when multiple people use the same account.
Data handling rule
Prevent guest data being copied into unsafe places.
Reality check
This app is about stopping mistakes and creating proof. These toggles are the “proof knobs” hotels can show to owners and insurers.
Front desk role limits
Front desk should not access finance/admin settings.
Manager approval for risky actions
Example: exporting guest lists, adding vendors, password resets.
Role-based access templates
Use templates so hotels don’t guess permissions.
Auto-disable inactive users
Stops old staff accounts staying open.
Vendor access expires
Vendor access should not be permanent.
Vendor must accept rules
Proof the vendor agreed to hotel security rules.
Vendor MFA required
MFA is the easiest “insurance proof” checkbox.
Vendor access window
Only allow access during approved hours.
Why this matters
Vendors are a common weak spot. Your app makes vendor access limited, logged, and provable.
Daily risk digest
A short email: what got worse + what to fix.
Instant alerts
High-risk actions like shared logins and vendor changes.
Where to send
Who receives alerts.
Owner/GM IT/MSP Security Lead
Branding is leverage
Your reports should look board-room ready. That’s what makes owners trust it and insurers respect it.
Log every high-risk action
Exports, vendor changes, role changes, policy misses.
Evidence pack auto-build
One-click proof set for insurers/audits.
Retention
How long logs are stored.
Compliance mapping
Show simplified NIST/ISO/PCI mapping in reports.
This is the product
Most “cyber” tools sell fear. You sell proof. Proof reduces blame, reduces insurance friction, and reduces chaos.