Guest data, payment data, and investor data each require different controls. We align to the SOC 2 trust-services criteria, PCI DSS scope minimization via tokenization, and the Hilton Worldwide Information Security Policy for brand-operated properties.
SSO with MFA for all employee access. Role-based access control. Quarterly access reviews. No shared credentials on production systems.
TLS 1.2+ on all web and API traffic. Certificate management automated. Strict HSTS on all public properties.
Encryption at rest on managed databases and object storage. Key management through cloud KMS with audit logging.
PCI DSS scope minimized via tokenization. Card data is never stored on Allencrest systems; token vaults are hosted by PCI-compliant third parties.
Immutable audit logs for sensitive actions: investor document access, financial transactions, and administrative changes. Retention aligned to regulatory minimums.
Third-party risk assessment before onboarding. Annual re-assessment of material vendors. Data-processing agreements where personal data is handled.
| Data estate | Examples | Primary controls |
|---|---|---|
| Guest | Name, contact, reservation, ID verification result, preferences | Hilton ISP alignment, minimization, retention, deletion on request |
| Payment | Tokenized card reference, settlement detail | PCI DSS scope minimization, tokenization, third-party vault |
| Employee | Payroll, benefits, HR records via PEO | PEO-hosted, role-limited access, retention per labor law |
| Investor | Accreditation evidence, subscription docs, K-1s, capital account | MFA-gated portal, audit logs, 7-year retention, investor-only visibility |
| Operational | PMS data, P&L, QA, PIP, comp-set | Role-based access, daily backups, change logging |
We maintain a documented incident response plan covering detection, triage, containment, eradication, recovery, and notification. Material-incident notification paths to Hilton, the servicer, and investors are pre-defined. The plan is reviewed quarterly and exercised annually.
Our technology strategy intentionally favors vendors with their own BC/DR capabilities. Our integration layer is thin and replaceable. Any single vendor failure is recoverable without rebuilding the portfolio.
Important. The controls described above are the framework we operate to. Specific third-party certifications (SOC 2, PCI DSS) may be held by vendors in our supply chain rather than by Allencrest directly. Certification status for any given layer is available to counterparties under NDA on request.