Managing Operational Risk

Learn how Hotel Link is actively managing operational risk through comprehensive security measures, scalability, and disaster recovery planning.

Security

We take security seriously and have implemented a variety of measures to ensure the safety of our clients' data. We encrypt all sensitive data in transit and at rest, and we store tokenized credit card data on secure and PCI-DSS compliant servers.

Our application login is protected by two-factor authentication (2FA), and access to our servers is strictly controlled and limited to authorized personnel with multi-factor authentication (MFA) enabled. Additionally, we use AWS WAF service to protect our system from common web threats and AWS API Gateway service to control access to our APIs.

These security measures give our clients peace of mind and ensures that their data remains safe and secure while using our payment service.

Scalability

Our system is designed to be highly scalable and capable of meeting the demands of future growth. With the auto-scaling feature activated for AWS services such as ECS/Fargate, behind an AWS Load Balancer and Aurora DB, our system can automatically adjust to handle an increasing number of transactions and support higher traffic volumes.

The microservice architecture allows us to quickly increase capacity for the services that are needed, which can also help to save costs by avoiding the need to scale up the entire system.

Additionally, we continuously monitor the system's performance and implement proactive measures to ensure that it can handle any future growth demands.

Risk Management and Disaster Recovery

We prioritize risk management and disaster recovery measures and utilize the capabilities of AWS services to ensure the continuous and stable operation of our service. Our system is monitored by AWS CloudWatch, which alerts us to any anomalies or issues that may arise, enabling us to respond quickly.

We also have a comprehensive disaster recovery plan in place, utilizing AWS services such as AWS Backup, AWS Disaster Recovery, and AWS CloudFormation to quickly recover from unexpected failures. Our risk management practices include encryption of sensitive data, access control, permission management, and regular security audits and assessments to ensure compliance with industry standards.

Our system is designed for seamless integration with any external service, with no impact on the operation of other services. When integrating with PMS / BE / OTA partners, we use our API Gateway, which can be easily isolated and blocked in the event of any problems, such as flooding requests. This enables us to maintain the smooth operation of our system for other partners while resolving any issues with the affected partner.