Information security; is your TMC taking it seriously? - Click Travel

In recent years the travel management industry has been dragged out of the musty era of the GDS and mammoth spreadsheets and into the modern era, bolstered by the increasing adoption of mobile technology, virtual payments and instant reporting.

However, as the world of business travel becomes more and more integrated with technology the volume of sensitive information that is shared increases, and it’s vital that travel management companies (TMC) keep up with these changes. A TMC should be aiming to assist you in operating and benefiting your organisation, and this very much includes protecting your assets and data.

That said, ‘information security processes’ is hardly the sexiest subject in the world and unless you know the travel management industry very well, it’s hard to know what indicates that your TMC is proficient in information security.

Here are four things to look out for when assessing how seriously your TMC takes information security:

1. Official certifications and recognition
The topic of ISO certificates can be a pretty dense mass of numbers, so here’s a quick outline of what to look for in regards to information security. If your TMC has achieved ISO 27001: 2013 then this is a good sign; this is the international benchmark for information security management and the qualification process involves an extensive two-stage audit process of your TMC’s internal procedures.

In short, being awarded this certification means that your TMC is committed and compliant to global best practice for information security.

2. Regular security tests
Any TMC worth their salt should take a proactive approach to protecting data and regularly subject their systems and processes to vulnerability testing. This allows them to identify any areas of potential weakness in a safe space, rather than being forced into action during a crisis.

It’s highly possible that you’ve never thought to enquire about your TMC’s security testing, and if it’s something that you’re interested in or concerned about then you should feel free to discuss it with them.

3. Staff training and policies
All staff at your TMC should be provided with thorough training on the risks of information security and should be familiar and active in following the business travel industry’s best practices, regardless of their role within the company.

Your TMC should also carry out regular refresher courses in order to keep staff up to date with industry changes.

4. Collaboration and transparency
Your TMC should feel like an extension of your existing team and so they should be as committed as your teams is to protecting your organisation’s assets, as well as being willing to work with you to understand what your priorities are when it comes to how you’d prefer your data to be handled; as such, any questions or concerns that you have should be addressed in a transparent way.

If you’re concerned about the security of the processes and systems of your TMC then you’ll only gain peace of mind by talking to your travel management account manager. Knowing the extent of the situation and getting your queries answered will give you the chance to assess whether your TMC needs to make some tweaks to how they handle your information, which once resolved will give you one less thing to worry about.

To find out more about what you should look out for in a TMC, you can download our complimentary guide to procuring a TMC here:


About Author:

Alice Tew