1

REGULATION OF MINISTER OF TOURISM AND CREATIVE ECONOMY OF

THE REPUBLIC OF INDONESIA

NUMBER: PM.106/PW.006/MPEK/2011

REGARDING

HOTEL SAFEGUARDING MANAGEMENT SYSTEM

BY THE MERCY OF ONE SUPREME GOD

THE MINISTER OF TOURISM AND CREATIVE ECONOMY OF THE REPUBLIC OF INDONESIA

Considering : a. that to provide the protection to accommodation service business activity in hotel sector, it is necessary to increase the safeguarding in the hotel;

b. based on the consideration as referred to in point a and

to encourage the hotel businessman’s role in creating the sense of safeguarding and comfort for the tourists in the hotel, it is necessary to stipulate the Regulation of the Minister of Tourism and Creative Economy on Hotel Safeguarding Management System;

Recalling : 1. Law Number 8 of 1999 regarding Consumer Protection

(Official Gazette of the Republic of Indonesia of 1999 Number 22, Supplement Number 3821);

2. Law Number 2 of 2002 regarding National Police of the

Republic of Indonesia (Official Gazette of the Republic of Indonesia of 2002 Number 2, Supplement Number 4168);

3. Law Number 13 of 2003 regarding Manpower (Official

Gazette of the Republic of Indonesia of 2003 Number 39, Supplement Number 4279);

2

4. Law Number 32 of 2004 regarding Regional Government (Official Gazette of the Republic of Indonesia of 2004 Number 125, Supplement Number 4437) as already amended by the Law Number 12 of 2008 (Official Gazette of the Republic of Indonesia of 2008 Number 59, Supplement Number 4844);

5. Law Number 10 of 2009 regarding Tourism (Official

Gazette of the Republic of Indonesia of 2009 Number 11, Supplement Number 4966);

6. Government Regulation Number 38 of 2007 regarding

Distribution of Government Affairs between Central, Provincial and Municipal Governments (Official Gazette of the Republic of Indonesia of 2007 Number 82, Supplement Number 4737);

7. Regulation of the Head of National Police of the

Republic of Indonesia Number 24 of 2007 regarding Safeguarding Management System, Organization, Company and/or Government’s Agency/Institution;

HAS DECIDED:

To Stipulate: REGULATION OF MINISTER OF TOURISM AND CREATIVE ECONOMY REGARDING HOTEL SAFEGUARDING MANAGEMENT SYSTEM

CHAPTER I GENERAL PROVISIONS

Article 1

In this regulation, by: 1. Safeguarding Management System, hereinafter abbreviated to SMS,

shall mean the part of management thoroughly covering the company’s organizational structure, planning, responsibility, implementation, procedure, process and resources required for the application development, achievement, study and maintenance of policy on safeguarding to control the risk relating to the business activity to create the safe, efficient and productive environment.

2. Hotel shall mean the provision of accommodation on daily basis in

terms of rooms in 1 (one) building, that can be equipped with the food and beverage services, entertainment activity as well as other facilities.

3. Top Management shall mean the highest person in charge for the

safeguarding issues and Hotel SMS.

3

4. Self-support Safeguarding shall mean safeguarding and orderliness system managing the existence of the role and responsibility in the Community’s Safeguarding and Orderliness Development (CSOD/kamtibmas) based on the community’s own desire and capacity to generate the community’s deterrent, preventive and control powers to every possibility of disturbance to the community’s safeguarding and orderliness.

5. Natural disaster shall mean a natural event resulting the significant

damage, loss, or destruction. 6. Threat shall mean a tendency toward damage or injury, as an indication

of inconsistencies resulting from internal or external resources. 7. Incident shall mean something that happens in the security context. 8. Risk shall mean the possibility of loss resulted from threat, incident or

event generating impact on security. 9. Supervision shall mean the process of activities aimed at ensuring the

conformity level between one condition relating to the activity of an identity to its criteria.

10. Independent Partner shall mean a team appointed by the Ministry to

assist to make supervision to the application of Hotel SMS to ensure the achievement, maintenance, and implementation level of Hotel SMS.

11. Assets shall mean the hotel business property and hotel personnel, can

be felt or not tangible or intangible owned by the hotel business or individual which can valued in term of money.

12. Consequence shall mean a result of action or decision. 13. Cost and Benefit Analysis shall mean the process of planning, relating

to the decision for commitment in cost or asset. 14. Critical level shall mean the impact of loss event, calculated based on

the net cost of an event. 15. Loss Incident shall mean an event that may cause the financial loss

generating negative impact on asset. 16. Qualitative shall mean those relating to the characteristic of anything

and place to make it. 17. Quantitative shall mean those relating to the consideration or based on

a quantity or a calculation that can be measured or described in numeric.

4

18. Risk Analysis shall mean the detail testing including risk assessment, risk evaluation and risk management alternative, carried out to understand an undesired matter, negative consequence for the human life.

19. Statistic shall mean the data gained by collection, processing,

presentation and analysis as well as served as system regulating the relationship between the elements in the statistic administration.

20. Security Unit, hereinafter abbreviated as SU/Satpam shall mean the

unit or group of officers established by the agency/business entity to carry out the safeguarding in the framework of implementing self support security in its work environment.

21. Hotel Management shall mean a person or group of people carrying out

the activities in the hotel business. 22. Ministry shall mean the ministry be responsible for government affairs

in tourism sector. 23. Minister shall mean the minister responsible for government affairs in

tourism sector.

CHAPTER II OBJECTIVES AND PRINCIPLES OF

HOTEL SAFEGUARDING MANAGEMENT SYSTEM

Article 2

Hotel SMS shall be aimed at: a. preventing and decreasing the loss as the consequence of threat,

disturbance and/or calamity in the hotel; and b. creating the convenience, safety and security in the hotel.

Article 3

The principles of Hotel SMS shall cover: a. planning and developing policy on SMS; b. stipulating policy on SMS; c. applying policy on SMS effectively by developing the capability and

supporting mechanisms required to attain the objective and target of safeguarding;

5

d. measuring, monitoring and evaluating the safeguarding performance as well as carrying out the corrective and preventive acts; and

e. reviewing the policy on SMP regularly and continuously to increase the

safeguarding performance.

CHAPTER III REQUIREMENTS AND APPLICATION OF

HOTEL SAFEGUARDING MANAGEMENT SYSTEM

Article 4

Every Hotel Business shall comply with the requirements and application of Hotel SMS carried out according to the provisions in the Appendix, and forming integral part hereof.

CHAPTER IV

SUPERVISION AND MONITORING

Article 5

To ensure the application of Hotel SMS, the supervision and monitoring shall be carried out by the Ministry, the Indonesian National Police, Local Government and Independent Partner.

Article 6

(1) The Supervision as referred to in Article 5 shall cover: a. dissemination in terms of providing information on obligation to

apply Hotel SMS to the hotel business; b. technical guidance on implementation of Hotel SMS ; and

c. training to:

1. provide the understanding on requirements and application of Hotel SMS; and

2. fulfillment of qualifications and competence of hotel personnel

according to the standard stipulated by the Ministry or the Indonesian National Police.

(2) The dissemination, technical assistance and training as referred to in

paragraph (1) shall be carried out according to the need of the hotel business.

6

Article 7

The training, training material and instructor as well as training place for Security Unit members shall be carried out according to the provisions in the legislation.

Article 8

(1) Supervision as referred to in Article 5 shall be carried out through the audit Hotel SMS with phases:

a.submitting confirmation and schedule of activity to the hotel business;

b. holding the initial meeting;

c. conducting the document review, record and practice of Hotel SMS requirements application;

d. conducting interview with the relevant parties in the hotel business;

e. analyzing the result of review and interview;

f. providing assessment by using the weighting method in every

element according to the method: 1. score 0 if the element is not applied at all; 2. score 1 if the element is partially applied; and 3. score 2 if the elements are applied fully.

f. calculating the presentation of attainment by summing up total score of the 16 (sixteen) elements and divided by 32 (thirty two) elements, and

h. holding the closing meeting by submitting the report on result of monitoring and score value to the Minister.

(2) To carry out the supervision as referred to in paragraph (1), the Ministry

shall prepare the Supervision Annual Plan (SAP). (3) The supervision as referred to in paragraph (1) shall be carried out

within not later than 1 (one) year. (4) The verification of report on supervision result as referred to in

paragraph (1) shall be carried out by the Ministry, the Indonesian National Police and Local Government.

(5) The result of supervision and score value as referred to in paragraph (1)

shall be submitted by the Ministry to the Hotel Business.

7

(6) The hotel business shall follow up the result of supervision as referred to in paragraph (1) and submit the follow-up plan to the Ministry.

Article 9

(1) The Ministry shall provide award to the hotel business already

implementing Hotel SMS according to the provisions stipulated herein. (2) The award as referred to in paragraph (1) shall be provided based on the

supervision result as referred to in Article 5.

CHAPTER V FUNDING

Article 10

The funding for the implementation of Hotel SMS supervision and monitoring shall be charged to the State Budget (SB/APBN) and Regional Budget (RB/APBD) or from other valid and not binding sources according to the provisions in the legislation.

CHAPTER VI SANCTION

Article 11

Every hotel business failing to implement the provisions as referred to in Article 4 and Article 8 (6) shall be subjected to sanction according to the provisions in the legislation.

CHAPTER VII MISCELLANY

Article 12

(1) The 4-star and 5-star hotel business shall adjust to Hotel SMS as

stipulated herein upon the stipulation date hereof. (2) The 1-star, 2-star and 3-star hotel business shall adjust to Hotel SMS

as stipulated herein within not later than 3 (three) years after the stipulation date hereof;

(3) The non-star hotel business shall adjust to Hotel SMS as stipulated

herein within not later than 5 (five) years after the stipulation date hereof.

8

CHAPTER VIII FINAL PROVISIONS

Article 13

This Regulation of Minister shall become effective as of the promulgation date. For public cognizance, it is instructed to promulgate this Regulation of Minister by inserting the same in the State Gazette of the Republic of Indonesia.

Stipulated in Jakarta on December 28, 2011

MINISTER OF TOURISM AND CREATIVE

ECONOMY OF THE REPUBLIC OF INDONESIA

Enacted in Jakarta On January 9, 2012 Ministry of Justice and Human Rights The Republic of Indonesia

State Gazette of the Republic of Indonesia of 2012 number 37

1

APPENDIX TO REGULATION OF MINISTER OF TOURISM AND CREATIVE ECONOMY OF THE REPUBLIC OF INDONESIA NUMBER: PM.106/PW.006/MPEK/2011 REGARDING HOTEL SAFEGUARDING MANAGEMENT SYSTEM

REQUIREMENTS AND APPLICATION OF HOTEL SAFEGUARDING MANAGEMENT SYSTEM

A. Scope of Requirements and Application of Hotel Safeguarding

Management System The scope of requirements and application of Hotel SMS shall cover the explanation of 16 (sixteen) elements, reference (types of input), application process and expected result (types of output), in every element of Hotel SMS. It is carried out to facilitate its understanding and application.

B. General Requirements

The general requirements of Hotel SMS shall cover: 1. Safeguarding management standard is intended to assist the hotel

business in effectively managing the 16 (sixteen) elements contained in Hotel SMS that are able to be integrated to the other management standard requirement. This standard may also assist the hotel business to attain the safeguarding target and economic interest.

2. The requirements of standard allows a hotel business to develop

and apply a policy on safeguarding, safeguarding objective and responsibility to the fulfillment of requirements of legislation and safeguarding risk. Hotel SMS can be implemented in all commercial stars and non-star hotels whether owned by private or state. The basis of standard approach of Hotel SMS are contained in the figure hereinbelow.

2

Continual improvement

Evaluation & Management Review Policy on

Security

Measurement & Monitoring

Planning

Implementation

REMARKS: Hotel SMS standard is based on the methodology known as Planning-Implementation-Check-Improvement. This can be described as follows: a. policy on safeguarding: stipulating a framework direction of

Hotel SMS and commitment of all levels and departments or divisions in the hotel to apply the safeguarding management system;

b. planning: stipulating a target of safeguarding and process

required to attain the result according to the policy on hotel safeguarding;

C. implementation : process of elaborating and implementing the

policy on safeguarding and hotel target; d. check : monitoring and measuring of implementation process of

policy on safeguarding, safeguarding target, legislation and other technical requirements as well as reporting of results;

e. evaluation and management review: an effort to assess the

effectiveness of Hotel SMS implementation; and f. improvement: stipulating an act to continuously improve the

performance of Hotel SMS.

3

The key success of this system depends on the commitment of every level and department or division in the hotel business, especially from the top management. Hotel SMS standard allows a hotel business to: a. develop a policy on safeguarding; b. establish the hotel safeguarding objectives and processes to

achieve the commitments of policy on safeguarding;

c. take action of safeguarding activity as needed to improve its performance; and

d. demonstrate the fulfillment of requirements of this Hotel SMS

standard.

Over all, the objective of Hotel SMS standard shall be to improve the safeguarding implementation that is good and in balanced with the socio-economic needs.

3. Hotel SMS shall contain 16 (sixteen) elements that can be audited objectively to achieve the performance according to the commitment in the policy on hotel safeguarding to comply with applicable legal requirements and other technical requirements stipulated by the hotel business to prevent the occurrence of safeguarding disturbance and carry out the continual improvement.

4. Hotel SMS shall provide the requirements for the implementation of

safety management system, in order that the hotel business is able to control the threat, disturbance and able to develop the hotel business safeguarding performance. Hotel SMS does not establish the special element for performance of hotel safeguarding and does not provide detail specification for safeguarding configuration pattern, but the safeguarding configuration pattern is made by each hotel business.

5. Hotel SMS can be applied in the hotel business to:

a. establish a safeguarding management system to mitigate or decrease the risk of occurrence of safeguarding threat against the hotel’s personnel, guests and other relevant parties, covered in the profile of hotel safeguarding threat;

b. apply, maintain and implement the continual improvement to

Hotel SMS ; c. ensure the implementation of policy on hotel safeguarding

already determined by the hotel business; and

4

d. indicate the compliance to provisions on safeguarding by: 1) carrying out all legislation on safeguarding; 2) preparing the internal safeguarding procedure of hotel

business; 3) providing confirmation on achievement of Hotel SMS to the

relevant parties and those already entered into cooperation with the hotel business, such as customers, community, local police, and

4) providing confirmation that the hotel business has implemented Hotel SMS and or able to be certified by the independent certification agency already accredited by the National Accreditation Committee (NAC) and registered by the Indonesian National Police (INP).

6. All requirements in the safeguarding specification shall constitute

the part of Hotel SMS. The scope of application depends on several factors according to the policy on hotel safeguarding, type of hotel and its business activities, risks as well as operational complexity of the hotel.

C. Specification of Application of Hotel Safeguarding Management

System

The Specification of Application of Hotel SMS has 16 (sixteen) elements covering: 1. Element One: Maintenance and Development of Hotel

Safeguarding Commitment a. Policy on Hotel Safeguarding

The hotel business shall have the policy on hotel safeguarding stipulating the direction and framework of complete activity principles for a hotel business. The policy on hotel safeguarding also serves as guidelines to stipulate the hotel safeguarding target as the materialization of responsibility and performance that should be attained by the hotel business. The policy on hotel safeguarding indicates the formal commitment and consistent to the hotel business process and other management system. The hotel safeguarding policy document shall be prepared, dated and stipulated by the top management. 1) Reference (types of input).

In establishing the policy on hotel safeguarding, the hotel business shall use the references hereinbelow: a) the policy on hotel safeguarding and its target shall be in accordance with the overall hotel business management;

5

b) the safeguarding threat already and potentially occurred in the hotel, such as theft, child sexual exploitation, drug abuse, and trafficking in person in the hotel;

c) the requirements of legislation on safeguarding and other technical requirements;

d) the history and current condition of hotel safeguarding performance;

e) the needs of the relevant parties and those already entered into cooperation with the hotel business, such as customers, community, local police;

f) the opportunity and need for continual improvement of Hotel SMS ; and

g) the need for resources such as human being, fund, equipment.

To obtain an effective formulation and communication, the policy on hotel safeguarding shall: a) be established according to the characteristic and scale of threat risk existing in the hotel business by carrying out: the threat identification, risk assessment, and control thereof. The policy on hotel safeguarding shall be consistent to the future vision of the hotel business and realistic and shall not exceeding the actual hotel security risk;

b) cover the commitment to continual improvement thereby the hotel business is able to minimize the security risks in the hotel;

c) cover the commitment to comply the regulation on safeguarding and other technical requirements that should be fulfilled by the hotel business;

d) become an information for the community;

e) be documented, applied and maintained;

f) be communicated to all hotel’s employee continuously making the hotel’s employee are aware to the individual responsibility in case of hotel safeguarding; Involvement and commitment of every hotel’s employee is the important matter for the success of safeguarding. The hotel’s employee in every level and department or

6

division shall be provided with awareness of the benefit of implementation of Hotel SMS for his work environment and can be empowered to provide the effective contribution in Hotel SMS implementation. The hotel business shall deliver the policy on safeguarding and target of hotel safeguarding to all hotel’s employee clearly, guiding them to have the work guideline that is able to measure their safeguarding performance.

g) be made available for the relevant parties and those already entered into cooperation with the hotel business, such as customers, community, local police;Any person or group both internally and externally in hotels are included in the scope of the policy on hotel safeguarding. To this end, an implementation process of policy on hotel safeguarding shall be communicated and ensured that the relevant parties are able to accept the policy on hotel safeguarding; and

h) be reviewed periodically to ensure that the policy on hotel safeguarding is always relevant and consistent to the objectives of hotel business to ensure the conformity and effectiveness of hotel business continuity.

2) Expected result (types of output). The expected result is a comprehensive understanding of the policy on hotel safeguarding that has been communicated to all hotel’s employee and the relevant parties concerned and those already entered into cooperation with the hotel business, such as customers, community, local police.

b. Structure and Responsibility With the availability of policy on hotel safeguarding containing the stipulation of rule, responsibility and authority, then the hotel business shall: 1) provide the sufficient and adequate resources to carry out the safeguarding tasks in every level and department or division in the hotel;

2) designate the official as the person in charge of safeguarding that shall not be allowed to hold concurrent position, and

3) the official so appointed shall be the Indonesian citizen and

his position is according to the hotel business scale. 1) References (types of inputs) used in arranging the structure and responsibility of hotel safeguarding are:

7

a) hotel business organizational structure; b) result of identification of threat, assessment to risk in

terms of threat, and risk control; c) hotel safeguarding target; d) requirements of legislation and other technical

requirements; e) job description; and f) hotel’s employee qualification standard.

2) Arrangement process of policy on hotel safeguarding. Responsibility and authority of all hotel’s personnel carrying out the tasks of Hotel SMS shall be stipulated, including clear definition therefore there is no overlapping between the existing level and department or division.

3) Positions that can be assigned to the safeguarding’s task and responsibility are: a) top management; b) management of department or division in every level in

the hotel business; c) executive; d) person in charge for contractor’s work; e) person in charge of training; f) person in charge of equipment (engineering) important

for safeguarding; g) hotel’s employee with certain safeguarding

qualification or special safeguarding officer in the hotel business; and

h) hotel’s employee representing in the safeguarding consultation meeting.

4) Responsibility of top management shall cover the obligation

to stipulate the policy on hotel safeguarding and ensure that SMP Hotel has been applied.

5) Top management shall appoint the Management Representative (MR) provided with responsibility and authority to apply Hotel SMS. The Management Representative (MR) shall constitute one of Executive Committee and may be assisted by the hotel’s employee having responsibility to monitor all operation of the safeguarding level and department or division in the hotel.

6) Management Representative shall regularly submit the report on performance of Hotel SMS and carry out periodical review as well as prepare the target of hotel safeguarding.

8

7) Management in the level and department or division outside

safeguarding division shall ensure that the safeguarding has been managed in the hotel area that being their responsibility.

8) Documentation of rule and responsibility.

Documentation of responsibility and authority can be in form of: a) guideline on safeguarding system management; b) work procedure and job description; and c) job description.

9) Communicating the task and responsibility. Responsibility and authority of safeguarding shall be communicated effectively to the hotel’s employee having relationship in every level and departments or division.

10) Resources. The hotel business shall prepare the sufficient resources and facilities to carry out the hotel safeguarding.

2. Element Two: Fulfillment of Requirements of Legislation

a. The hotel business shall understand and apply the legislation and other technical requirements relating to the hotel safeguarding.

b. the hotel business shall communicate the legislation and other technical requirements to the permanent and non permanent hotel’s employee as well as subcontractor’s employee.

c. References (types of input) used are:

1) clear description of hotel business process; 2) result of identification of threat, risk assessment and control; 3) practical standard of safeguarding (hotel’s employee

safeguarding standard, information, property); 4) legislation on safeguarding; 5) list of information on resources; 6) national, regional and international standard of

safeguarding; 7) internal requirements in hotel business; and 8) technical requirements of the relevant parties and those

already entering into cooperation with the hotel business such as customers, community, local police.

d. Process to fulfill Element Two.

Legislation on safeguarding and other relevant technical requirements shall be identified. The hotel business shall

9

establish the appropriate method to access the information, including using the supporting media such as books, CDs, disks, or internet. The hotel business shall evaluate the legislation on safeguarding and other relevant technical requirements and shall apply, as well as determine who is parties relevant to receive any information on requirements of legislation and other technical requirements.

e. Expected results (types of output) are: 1) availability of procedure of work guidance to identify and

access the information;

2) availability of identification of requirements that should be fulfilled;

3) availability of requirements such as legislation, standard text, summary and results of analysis are available in the location already designated by the hotel business; and

4) availability of procedure on work guidance to monitor the implementation constituting the consequence of regulation on safeguarding.

3. Element Three: Safeguarding Risk Management

a. First Implementing Direction; Understanding Hotel Business and Carrying Out Identification of Asset from Risks on Threat and Disturbance to Safeguarding. First step shall be the designated hotel’s employee shall understand the activity process (business process) in every level and department or division in the hotel business. Considerations to carry out identification shall be based on the factors such as business hours, customer’s profile, characteristic of hotel business activities, types of service made available or service made available, processing, storage, supply chain, competitiveness characteristic of hotel business, sensitive information, hotel business culture, and risk tolerance perception. The types of critical/sensitive information that should be collected and processed are: 1) operation hours of every level and department or division; 2) hotel’s employee level of every shift; 3) type of service made available and or services made

available, storage, management, supply chain, etc;

10

4) competition characteristic of hotel business; 5) every specific issues associated with fabrication processes

such as environmental waste, noise pollution, vibration, waste disposal/toxic and hazardous materials, as well as air pollution;

6) type of manpower such as labor union, outsourcing, contractor, untrained personnel, as well as their number;

7) relationship between the employee and management of hotel business; and

8) crime index based on information from the Indonesian National Police (INP).

The second step in the identification process shall be carrying out the identification of several assets in every level and department or division of hotel business as well as risky to obtain dangerous threat, namely: 1) People

Covering hotel’s employee, customer, visitor, guest, contract employee in which legally become the hotel’s responsibility.

2) Property There are 3 (three) types of property in the hotel: a) property that can be seen and felt, such as land, building, food and beverage supplies, room equipment, kitchen supplies, money, and all goods easy to be stolen, destroyed, or that affecting the safeguarding risk and can be used for the criminal instrument in the hotel;

b) Property also includes “goodwill” or reputation/ image of the hotel which is likely to have loss from an incident, for example the hotel business’s capability to attract the customers can be influenced by the bad reputation or criminal incident in the hotel, or information on safeguarding threat in the hotel; and

c) properties also includes information, covering the rights in data, such as the confidentiality of service sale, service sale planning, business expansion plan, confidentiality of individual information with respect to hotel’s employee, list of customers, and other data.

If the three types of properties mentioned above is stolen or destroyed, it may endanger the hotel business.

11

3) Information The valuable information for hotel that should be maintained, namely: a) issue on guests’ confidentiality, hotel’s blueprint

confidentiality; b) safeguarding of credit card transaction ; c) safeguarding of intellectual property rights such as

amenities exclusive and interior design; and d) safeguarding of data base of transaction and

communication.

b. Second Implementing Direction; Determining Risk of Loss of An Incident/Susceptibility. The second step in the methodology to assess the safeguarding risk shall be carrying out the identification of type of incident to occur based on: 1) incident already occurred previously in every level and

department or division; 2) incident with the same situation/repeated; 3) incident occurring such as crime potentially occurring in

every level and department or division; and 4) natural disaster according to the geographical location. The risk of loss of an incident can be divided into three categories: 1) incident relating to the crime.

There are several sources for information/data on crime relating to events that may harm the hotel business. The hotel business may take into account several sources hereinbelow as effort to assist to minimize the safeguarding risks in the hotel among others: a) statistical data on crime and call of local police

assistance service for 3 (three) to 5 (five) years; b) data on crime published by the local police to be

known by the public; c) internal record of threat report the hotel business; d) data on demography, social, economic conditions,

population level, population transition, unemployment rate (Ideology, politic, economic, social and cultural aspects of the hotel);

e) a prominent crime and complaint from the surrounding community against the existence of hotel that may disturb the hotel business’s activity;

f) information, issue on community’s safeguarding and orderliness from the police relating to the threat or condition affecting the hotel business activities;

12

g) professional groups and relevant association that may provide data and other information relating to specific problem in the hotel business environment or tendency of criminal activity in the hotel business environment; and

h) other factors such as the environmental situation and condition, access to hotel location, and any matters that may lead to crime such as robbery, hostage taking, terrorist act, bombing, drug cases and child sexual exploitation and trafficking in person.

2) Non criminal incident.

The hotel business shall take into account 2 (two) categories, of non criminal incident namely the man-made disasters and natural disasters The man-made disaster such as riot, strike, electrical power source failure, work accident, and scarcity of essential sources of life. Natural disasters such as storm, hurricane, earthquake, and tsunami.

3) Consequences of incident.

A consequence of incident shall be the result gained from an incident. Such incident is as the consequence of relation between several events or among hotel business. The hotel business receives many types of loss as a consequence of the incident. For example if a business hotel relates to the illegal activity or producing an illegal service, it may ruin the reputation of hotel business and its partners such as vendor, suppliers, distributor, and partner.

c. Third Implementing Direction; Stipulating Opportunity Level for Loss Risk and Frequency of Incident.

1) Opportunity for loss risk.

Opportunity of loss is not only based on the mathematical calculation, but also take into account about: a) frequency of a lost/loss event that may occur in the

future; b) data on past incident in the hotel; c) data on incident in a similar level and department or

division; d) surrounding environmental condition, geographical location

condition, socio-political, and economic changes and e) other factors that may affect the opportunity of event. For example the hotel location in the flood or coastal areas that has higher chance of occurrence of flood and hurricane than the hotel business located in the highlands

13

and far from the coast. Although the flood and hurricane were never occurred in the location, but the risk level will remain higher since such locations has incident potential. As another example, a hotel business having criminal history both inside and outside the property area, will remain to have high risk of crime in the future if prevention measures to improve the safeguarding aspect are not taken. The factors relating to the safeguarding aspects such as economic, social, and political issues. Risk level of incident will affect the decision-making process to determine the appropriate solutions to control the potential event.

2) Frequency of Incident. Seen from the perspective of incident, the hotel business shall stipulate the frequency of potential occurrence of incident such as robbery of guest occurring in the parking area, lost of goods in the hotel and natural disaster.

d. Fourth Implementing Direction; Determining the Consequences of an Incident. Hotel business shall take into account all potential costs both directly and indirectly and psychological consequences of an incident risk that give impact on the hotel business. Although the opportunity of loss is small but it generates impact on high cost, therefore the solution of safeguarding personnel is still required to manage the safeguarding risk. 1) Direct costs are:

a) Financial loss caused by an incident such as loss of goods value or damage to the goods;

b) increase in cost of insurance premium in every year after the occurrence of significant loss;

c) pay for insurance premium; d) loss of business from a risk of incident; e) labor cost resulting from an incident; f) time management relating to disaster or incident such

as media handling; and g) damage due to punishment that cannot be covered by

regular insurance.

2) Indirect costs are: a) negative media exposure; b) negative perception of customer within long period,

such as unsafe hotel location;

14

c) extra cost for public relations to follow up issues on bad reputation of hotel business;

d) insufficiency of insurance coverage for high risk handling;

e) needs for significant higher wage to attract hotel’s employee due to negative perception of the prospective manpower on the hotel business;

f) claims to the shareholders caused by mismanagement; and

g) bad morale of the hotel’s employee leading to dismissal and high in and out of the hotel’s employee.

e. Fifth Implementing Direction; Developing Options for Mitigation

of Risk of Loss. The hotel business shall have several minimum options to handle the risk of loss encountered by the hotel business. Theoretically the hotel business will face several non appropriate options both due to not feasible and since financially will spend a lot of money. The options cover the safeguarding acts to minimize the risk of incident.

f. Sixth Implementing Direction; Feasibility Study of Option of Risk Control Strategy Applied. Financial aspect frequently becomes the consideration factor to determine the option of risk control strategy applied. The consequence of option of risk control strategy applied may cause the decrease in number of hotel’s guests though they are potential customers. For the hotel business it may render the loss. The hotel business’s challenge shall be the obligation to stipulate the balance between the risk control strategy applied to the business’s need.

g. Seventh Implementing Direction; Cost and Benefit Analysis. The final phase of safeguarding risk analysis shall be considering the cost and benefit gained from the safeguarding strategy.

4. Element Four: Objectives and Target a. The hotel business shall ensure the objective and target of

measurable safeguarding to implement the policy on hotel safeguarding. References (types of inputs) in stipulating the objective and target of safeguarding are: 1) policy on hotel safeguarding relevant to overall hotel

business; 2) results of identification of threat, risk assessment and

control;

15

3) requirements of legislation and other technical requirements;

4) technology option; 5) financial, operation and business restrictions; 6) description of the hotel’s personnel and relevant parties; 7) previous performance analysis for establishing of

safeguarding target; 8) recording of non conformity, incident, disturbance already

occurred; and 9) results of hotel business management review.

b. Process In establishing the target of safeguarding, the hotel business shall carry out the following matters: 1) identifying and prioritizing the input data above;

2) holding the regular meeting in every level and department

or division minimum by monthly;

3) implementing the safeguarding target thoroughly in all levels and departments or divisions in the hotel business;

4) having clear, relevant and monitored indicator;

5) having commitment basis and reference to attain, to this

end, the hotel business shall have the capability to attain the same and monitor the progress. The logical and achievable timeframe shall be stipulated to attain every safeguarding target;

6) it is possible to reduce to several safeguarding target and

depending on the type of hotel business, complexity of safeguarding target as well as its time frame; and

7) safeguarding target already stipulated to be communicated

to the relevant hotel’s employee.

c. Expected result (types of output) shall be the measurable and documented hotel safeguarding target for every level and department or division in the hotel business.

5. Element Five: Safeguarding Program and Plan a. The hotel business shall prepare the safeguarding program and

plan containing the hotel safeguarding development and strategy of activity to be implemented. The hotel safeguarding program and plan shall be documented and communicated to the hotel’s employee as well as be monitored, reviewed, and updatable if required.

16

b. References (types of input) in the implementation of Element Five are: 1) hotel safeguarding policy and target; 2) review of requirements of legislation and other technical

requirements; 3) results of identification of danger, risk assessment, and

control thereof; 4) realization of the process of service provided; 5) information from the consultation result between the

management of the business hotel and hotel’s personnel; 6) information as the result of review and change of activity in

the hotel; 7) existence of continual improvement activity; 8) resources available to achieve the safeguarding target; and 9) special event/program held in the hotel.

c. Process The safeguarding program and plan shall contain the identification of: 1) hotel’s employee be responsible for achieving of the safeguarding target in every level and department or division;

2) sufficient responsibility and authority for every hotel’s employee, and

3) other tasks required to achieve the safeguarding target.

d. Expected results (types of output) shall be the annual program, safeguarding plan (special and general), contingency plan, and hotel safeguarding action plan.

6. Element Six: Training, Awareness and Competence of

Safeguarding

The hotel business shall ensure that every safeguarding officer shall have the competency based on the education, training and experience according to the legislation and documented the evidence of training. Hotel business shall identify the need for training according to the safeguarding risk and Hotel SMS. The training shall be conducted to meet these needs and the evaluation shall be made to the effectiveness of training implementation.

The hotel business shall establish, implement and maintain the procedure to make the hotel’s employee aware of :

17

a. the safegurading consequences of potential safeguarding or safeguarding already occurred in operation activity, and profit of the performance improvement of hotel’s employee ;

b. obligation and responsibility to implement the policy on safeguarding and procedures to fulfill the requirements of Hotel SMS, including the other technical requirements for the readiness to face and handle the emergency condition; and

c. potential consequence arising from certain operational procedure.

The safeguarding training procedure shall be stipulated in every different level and department or division according to: a. responsibility; b. capability and skill; and c. safeguarding risk.

The hotel business shall established the procedure to ensure the competence of the hotel’s employee in carrying out its function. Any matters that should be taken into account are: a. definition of authority and responsibility of safeguarding tasks; b. more detail job description including control of danger in the

task implementation; c. assessment of hotel’s employee performance; d. identification of danger, safeguarding risk assessment and risk

control outputs; e. operational procedure and guidelines; f. policy on safeguarding and safeguarding target, and g. hotel safeguarding program. Several matters that should be taken into account: a. systematic identification of safeguarding awareness and

competency requirements in all levels and departments or division in the hotel;

b. regulation to identify and develop several insufficiency of competence between the individual hotel’s employee to technical requirements, safeguarding awareness and competence requirements;

c. considering all trainings already identified according to the regular and systematic needs;

d. individual assessment to ensure that the hotel’s personnel have obtained and maintain the knowledge and competency required; and

e. properly maintain all records of result of training and competence of the hotel’s employee.

The hotel safeguarding awareness and training program shall be applied and maintained to follow up several following matters:

18

a. understanding about the safeguarding regulation and tasks as well as responsibility of every individual in the hotel business;

b. systematic orientation and training programs for all hotel’s employee being transferred to any levels and departments or divisions;

c. training on local safeguarding and safeguarding risk to identify the prevention measures and procedures that should be implemented. This training shall be conducted prior to the performance of work ;

d. training for controlling the security risk and risk control ; e. specific in-house and external trainings that can be established

as technical requirements for specific tasks in the safeguarding aspect, including the management representative;

f. training for all individuals assigned to be responsible to lead and direct the hotel’s employee, contractor and temporary employee. It is to ensure that all hotel’s permanent and non permanent employee are under the control of their superiors and understand and aware of the security risk during performing their tasks in the hotel. In addition, it is also to ensure that they are already competent in performing their tasks according to the procedure;

g. the top management and all hotel’s employee shall be assigned and be responsible to implement Hotel SMS and control the security risks to prevent the loss of the hotel business; and

h. training and awareness programs for the contractor, temporary employee and visitors based on the level of risk.

The effectiveness of training and competency level of the hotel’s employee shall be evaluated. The assessment mechanism may also become the part of training conducted and monitoring at field shall be made properly. Expected results (types of output) are: a. safeguarding competence requirement for every task of hotel’s

employee; b. training need analysis; c. training program for every hotel’s employee; d. training material to be used in the hotel business; e. training record and evaluation of training effectiveness; f. limited requirements of police functions competency, namely:

garda pratama, garda madya, garda utama; and g. requirements of safeguarding competence specialization in the

hotel such as First Aid, fire extinguisher, investigator, hotel internal safeguarding auditor, intelligent, safeguarding equipment.

19

7. Element Seven: Consultation, Communication and Participation

The hotel business shall establish, implement and maintain a procedures to: a. implement the internal communication to all levels and

departments or division in the hotel, permanent and non permanent hotel’s employee, and subcontractor’s employee;

b. receive, document and respond the communication from the external relevant parties; and

c. generate the participation of the permanent and non permanent hotel’s employee, and subcontractor’s employee by arranging the plan to: 1) involve them in the development and review of policy on

hotel safeguarding, safeguarding target and procedure to control the security risk, and

2) consult where there any changes that affect security risk.

The permanent and non permanent hotel’s employee, and subcontractor’s employee shall be informed about their participation in the hotel safeguarding issues. The hotel business shall make coordination with the external relevant parties, among others, with the local Police and Agency responsible for tourism affair and Police and Community Partnership Forum (PCPF/FKPM) of at least by semi-annually, with the discussion material on: a. current trend of crime index; b. security alert; c. Recent intelligence information; and d. current information on community’s security and orderliness

disturbance

8. Element Eight: Control of Document and Record a. All documents and data containing the important information

on operational performance of Hotel SMS shall be identified and controlled.

b. References (types of input) used are: 1) breakdown of documentation and data system of hotel

business developed to support Hotel SMS ; 2) safeguarding activity to fulfill Hotel SMS requirements;

and 3) details of role and responsibility of every level and

department or division in the hotel.

c. Process The preparation processes of document and record control are: 1) writing of procedure containing the identification, approval,

issuance and disposal of safeguarding documentation; and

20

2) document and data shall be available and can be obtained if required in routine and in emergency situation.

d. Expected results (types of output) are:

1) document control procedures, including role and responsibility and assignment:

2) document registration, list of document master or index; 3) list of document control in every level and department or

division; and 4) record archive.

9. Element Nine: Handling Emergency Situation a. The hotel business shall have procedure in handling emergency

situations to respond to the emergency situations, and tested periodically for serving as operating procedures in actual incidents.

The testing of procedure of emergency condition handling shall regularly performed by the hotel’s employee having competence. The testing activity to procedure of emergency condition handling such as in the installation or equipment having potential significant threat, for example, the test to extinguish the fire and overcome the bomb threat in the hotel in coordination with the relevant competent agency.

b. The hotel business shall establish, implement and maintain an emergency handling procedure to: 1) identify the potential occurrence of emergency condition; 2) handle the emergency situation; and 3) implementing direction for the crisis management team.

c. In the emergency condition handling planning, the hotel business shall contain the responsibility to the relevant parties.

d. The hotel business shall anticipate the emergency situation, prevent and minimize the impact on security status.

e. The hotel business shall periodically test the emergency

handling procedure in order to remain well-trained by involving the relevant parties.

f. The hotel business shall review the emergency condition

handling procedure regularly and where necessary. The revision of emergency condition handling procedure and planning can be made after the regular testing and after the occurrence of the emergency condition.

21

The document record on the emergency condition shall cover: Disaster Recovery Plan, Business Continuity Plan, Emergency Management Plan, Crisis Management Plan and other relevant procedures. The activities carried out to control the emergency condition in the hotel are among others: 1) Bomb threat:

a) training - explosive basic training; b) hotel’s guest and employee screening; c) background check by the hotel business party to the

permanent, non permanent hotel’s employee, outsourcing, contractor’s employee, supplier or hotel’s partner;

d) Human Resources Development/HRD; e) having bomb-handling equipment; f) conducting environmental patrol; g) any matters that should be carried out when obtaining

bomb threat; h) the operator shall provoke conversation/ extend the

communication with the unidentified caller; i) the operator shall contact the security stafs; j) the security stafs shall contact the police; and k) the security stafs shall prepare the report on incident.

2) Murder: a) providing CCTV recording devices; b) the security stafs shall conduct patrol; c) the bell boy shall recognize guest & room; and d) create the access key in every elevator/room.

3) Robbery: a) the hotel’s employee are prohibited to provide

information of the guests to the not relevant parties; b) the room shall always be closed, despite being cleaned;

and c) the valuables properties owned by the guests shall

always be kept in the safety deposit box.

4) Food Poisoning : a) First In First Out System/FIFO, expire date; b) raw product; c) storage system; d) proper food preparation; and e) safe food serving.

5) Fire. Availability of: a) fire equipment;

22

b) completing the fire protection devices; c) light fire extinguisher; d) water pipe (hydrant) system; e) sprinkler system; f) smoke detector; g) heat detector; h) public announcement devices; i) emergency exit; j) assembly point; k) evacuation route sign; 1) equipment maintenance; and m) planning and implementing the local evacuation area.

6) Handling of Very Important Person/VIP. The hotel business shall: a) carry out the examinations to the relevant employee; b) carry out the area inspection; c) establish and maintain the zone/area prohibited to

public; d) provide all information relating to the employee; e) install and test the communication safeguarding and

equipment; f) design the central shelter; and g) perform final examination.

7) Theft/Loss. The hotel business shall: a) comply with the lost and found procedure; b) complete the documentation of loss and found; and c) comply with the property claim procedure.

8) Demonstration The hotel business shall: a) contact the local police; b) the Security Team shall localize the demonstration

area; and c) coordinate with the coordinator of demonstration.

9) Earthquake. the hotel business shall establish the on: a) upon earthquake:

(1) stay at room; (2) protect your head; (3) get under the table; and (4) stay away from glass.

b) after earthquake: (1) evacuate all guests and employees; (2) examine the building condition, and

23

(3) allow the guests and employees to re-enter if it is declared safe.

10) Flooding

The hotel business shall: a) make available vacuum pump; b) clean up the flooding area, and c) make available the sands in sack.

10. Element Ten: Process and Infrastructure Control a. Explanation.

The hotel business shall establish and maintain the safeguarding planning to ensure the effectiveness of application of the control act to control the security risk, fulfill the policy on and target of hotel safeguarding, as well as fulfill the legislation and the other technical requirements.

b. The reference (type of input) used shall be: 1) the policy on safeguarding and target of hotel safeguarding; 2) identification of threat, risk assessment and result of its

control; and 3) identification of legislation and other technical requirements.

c. Process.

Hotel business shall establish the control procedure to control all security risks already identified including those that can be generated by the permanent and non permanent hotel’s employee, contractor and visitor. The security risk control procedure shall be reviewed periodically to assess its adequacy and effectiveness, as well as the changes already identified. In several areas, the specific security risk are able to arise and its control efforts are: 1) Purchase and relocation of goods as well as purchase of

services from third parties: a) there should be approval for purchase or relocation of

valuable material; b) there should be the availability of documents to handle

safely the valuable goods such as machine, raw material, etc upon the purchase;

c) the evaluation and periodical re-evaluation shall be conducted to safeguarding performance, and

d) there should be approval of the safeguarding design to the change of layout of workplace or equipment change.

24

2) Dangerous task, its controls are: a) identification of dangerous activities; b) pre-determination and approval of work method/

procedure; c) pre-qualification of hotel’s employee carrying out the

dangerous activities; and d) work permit system procedure to control the entry and

exit of hotel’s employee to the dangerous work area.

3) Dangerous Goods, its controls are: a) identification of the goods stored and its storage place; b) safe storage and control to enter the storage place; and c) provide the material safety data sheet and other

relevant information.

4) Safe Maintenance at the workplace and equipment, its controls are: a) the provision, control and maintenance of workplaces

and equipment; b) the provision, control and maintenance of safeguarding

equipment; c) access separation and control; d) inspection and testing of the relevant safeguarding

equipment and integrated system such as: (1) operate the protection system; (2) physical and non physical protection equipment; (3) shut down system; and (4) equipment to detect fire.

5) Expected output (types of output) are: a) control procedure; b) work instruction; c) certification, and d) physical and non physical techniques for safeguarding

control.

Several identification of security threat in the hotel area shall be among others: 1) Purchasing/Receiving

a) goods counterfeit; b) suppliers’ monopoly; c) conspiracy; d) error of suppliers’ selection; and e) error in the goods receipt.

2) Warehouse Storage: a) in and out management process not in accordance with

the procedure; b) expired date; and

25

c) non conformance of data on goods in the record and inventory in the storage warehouse (stock system)

3) Food and Beverage/FB Kitchen:

a) fire; b) expired date of goods; c) injured (knife wound, burn); d) poisoned; and e) theft.

4) Luggage Seat-Front Office: a) manipulation of payment data/money; b) counterfeit money; c) hypnotic; d) robbery/hold-up; e) credit card fraud; f) false data; and g) 2nd key procedure.

5) Accounting and Back Office: a) general cashier:

(1) data manipulation; and (2) money embezzlement.

b) accounts payable (1) data manipulation; (2) money embezzlement; and (3) conspiracy.

c) cashier: (1) data manipulation; (2) money embezzlement; and (3) conspiracy.

d) information technology: (1) data fraud (2) cyber crime

6) Food and Beverage/FB Service: a) poisoning (food hygiene); b) employee hygiene c) bill manipulation; and d) loss of goods.

7) Housekeeping a) rubbish accumulation rendering fire; b) cleaning/wet floor, and c) theft of goods owned by the guests (customers), hotel’s

employee in the locker, and the hotel’s property.

26

8) Building engineering and maintenance: a) fire; b) accident; c) non availability of personal protective equipment; d) theft of hotel’s goods; and e) power failure.

Several control efforts in the hotel area shall be among others: 1) Security:

a) requesting the visitors’/contractors’ identities; b) screening of the guest’s/employees’ luggage; c) employees’ background check; d) people screening system, and e) cash in transit service.

2) Human resources (HR) and Work Safety and Health (WSH): a) hotel’s employee facilities; b) hotel’s employee welfare; c) policy and regulation on hotel business; d) industrial relation; and e) work safety and health.

11. Element Eleven: Monitoring and Measurement of Safeguarding Performance. a. Business hotel shall identify the comprehensive safeguarding

performance indicator thoroughly for the hotel business.

The hotel safeguarding performance indicators are: 1) policy on safeguarding and safeguarding target; 2) risk management implemented and run effectively; 3) experience of failure of the safeguarding management

system including the occurrence of threat such as theft, loss etc.; and

4) awareness, training, communication and consultation programs for the hotel’s employee and relevant parties run effectively.

b. Reference (types of input) used are:

1) identification of threat, risk management and result of risk control;

2) requirements of regulation, standard and application direction;

3) policy on hotel safeguarding and safeguarding target; 4) procedure relating to non conformance; 5) measurement equipment and calibration records; 6) training records; and 7) report to management.

27

c. Process. Monitoring and measurement process of safeguarding performance are as follows: 1) Proactive and reactive monitoring.

Monitoring to Hotel SMS shall be done proactively and reactively such as: a) monitoring to the non conformance of hotel

safeguarding activities; and b) reactive to the monitoring, investigation, analysis and

record of the failure of SMP Hotel SMS including loss or theft.

2) Monitoring technique.

The method used to measure the hotel safeguarding performance are: a) result of identification of threat and control of threat; b) inspection of workplace by using checklist; c) availability and effectiveness of utilization of hotel’s

employee who are experienced and having formal qualification;

d) analysis of document and other hotel’s record; e) carry out the comparative study with the other hotel

business already applied the good safeguarding system, and

f) survey to the hotel’s employee behavior relating to Hotel SMS application.

Hotel business shall establish the type of monitoring and carry out monitoring at least by monthly in every level and department or division based on the risk level. The monitoring schedule shall be prepared based on the identification result of threat, risk management, and legislation as well as other technical requirements.

3) Inspection/examination. a) Equipment.

The equipment shall be examined according to the technical requirements and included in the inspection program of which the result describes the status and examination technique by the relevant hotel’s employee.

b) work place condition. The business hotel shall establish the special criteria such as in the room area by using the room locking system required for every workplace and documented. On periodical basis, the top management shall carry out the inspection based on the determined special criteria.

28

Checklist shall provide the detail criteria and all items inspected. The inspection record shall be documented and stored.

4) Equipment measurement. The measurement of equipment used to assess the security conditions shall be registered and having the use direction as well as controlled, such as metal detector. The accuracy of equipment shall be known when required and there should be the written procedure explaining the measurement implementation. The equipment shall provide the measurement capability according to the technical requirements. If required, the calibration scheme shall be documented for equipment measurement. This scheme shall cover: a) calibration schedule; b) test method reference when used; c) identification of equipment used for calibration; and d) follow-up carried out if the condition are inappropriate. The equipment used for calibration shall be in accordance with the national standard. The record for all calibration and its results shall be stored and provide the detail measurement before and after the change.

5) Subcontractor (supplier/contractor equipment). The measurement of equipment used by the contractor shall become the same subject of control, such as the equipment owned by the hotel. The contractor shall fulfill the provisions that the equipment shall be in accordance with the technical requirement. Before work implementation, the supplier/ contractor shall provide the copy of test result of equipment, especially for the important equipment. If there is the work requiring special training, the result of training record shall be made available for review.

6) Statistic or other analysis technical theory. The statistic or analysis technical theory based on the scientific principles shall be used to: a) assess the security situation; b) investigate the loss or failure to handle the

safeguarding, and

29

c) assist to make decision relating to the safeguarding.

7) The references (types of input) used are: a) procedure for monitoring and measurement; b) inspection schedule and checklist; c) workplace standard condition and check list

inspection; d) calibration scheme and record; and e) report on non conformance ;

Several inspection and monitoring activities to the general equipment in the hotel are: 1) power installation; 2) generator; 3) lift passenger; 4) boiler; 5) chiller; 6) metal detector; 7) Fire equipment:

(a) alarm; (b) hydrant; (c) public announcement; (d) smoke detector; and (e) sprinkler system.

8) Light Fire Extinguisher/Fire Extinguisher; 9) water test laboratory; 10) food sample test laboratory; 11) LPG tank; 12) lightning rod; and 13) air quality measurement.

12. Element Twelve: Reporting, Repair and Preventive Action of Nonformance Correct a. Reporting, corrective and preventive action non conformance

correct includes : 1) establishing the process for notification; and 2) establishing the investigation scale relating to potency or

disturbance and threat.

b. Record. Control of record in element 12 (twelve) shall be recorded and containing the information on sequence and result of investigation. Procedure of record control shall contain: 1) records of the detail of non conformity, disturbance to

safeguarding and threat, and 2) designated of place and person in charge of storage.

30

c. Investigation.

Procedure of investigation shall determine how the investigation process be taken and procedure of investigation shall contain: 1) type of investigation; 2) objective of investigation; 3) party carrying out investigation, authority of investigator,

qualification requirements; 4) root cause of non conformance ; 5) witnesses interview plan; and 6) practical matters such as availability of camera and

material evidence storage.

d. Corrective action . The corrective action shall be carried out to minimize the root cause of non conformance, disturbance and threat, with the objective to prevent the recurrence. Several matters taken into account to set up the corrective action among others: 1) identification and implementation of corrective action as

well as preventive act for short-term and long term; 2) evaluation of any consequences of disturbance and threat,

and 3) records of every change of procedure requirements based

on the corrective action or disturbance and threat.

e. Objectives. The hotel business shall have effective procedure to prepare the report, and corrective and preventive actions of non conformance. The objective of reporting procedure, corrective and preventive action of non conformance shall be to prevent the recurrence. Subsequently, the procedure is able to detect, analyze and eliminate the potential cause of nonconformance. References (types of input) used are: 1) procedure; 2) emergency plan; 3) identification of risk and threat as well as risk control; and 4) report on disturbance and threat.

f. Hotel business shall establish that procedure be documented to ensure the non conformance already investigated and corrected, as well as the preventive action be taken and its effectiveness shall be monitored and studied.

g. The procedure.

The procedure in Element 12 (twelve) shall take into account:

31

1) responsibility and authority of the hotel’s employee involved in the implementation, reporting, investigation, follow-up and monitoring;

2) fulfillment of all non conformance, disturbance and threat reported, and

3) applicable to all hotel’s employee in every level and department or division.

h. Analysis of threat and disturbance.

Identification of causes of non conformance shall be classified and analyzed. The frequency and opportunity of occurrence of threat shall be calculated by using the prescribed method.

13. Element Thirteen: Data Collection and Analysis a. The statistic or analysis technical theory based on the scientific

principle shall be used to: 1) assess the security situation; 2) investigate the loss or failure to conduct the safeguarding,

and 3) assist in making decision relating to safeguarding.

b. References (types of input) used are: 1) procedure for monitoring and measurement; 2) inspection schedule and checklists; 3) workplace standard condition and inspection check list; 4) calibration scheme and calibration record; and 5) report on non conformance.

14. Element Fourteen: Audit of Hotel SMS a. Audit of Hotel SMS shall mean the process in which the hotel

business shall review and evaluate n continuing basis the effectiveness of Hotel SMS implementation. The audit of Hotel SMS shall take into account the policy and procedure on hotel safeguarding, procedure, condition and its implementation in every level and department or division

b. Audit of Hotel SMS shall be established to review the

unsuitability of Hotel SMS already applied.

The planning on audit of SMP Hotel shall be made by the hotel’s employee and/or the hotel’s external employee selected by the hotel business, to determine the extent of suitability of safeguarding procedure document and evaluate whether the system is effective to the target of hotel business safeguarding. The hotel’s employee conducting the audit of Hotel SMS shall be from the impartial position and shall be objective.

c. References (types of input) used are: 1) policy on hotel safeguarding;

32

2) target of hotel safeguarding; 3) safeguarding procedure and work instruction; 4) threat identification, risk management and risk control

result; 5) regulation and implementation guidelines; 6) report on non conformance ; 7) procedure of Hotel SMS ; 8) competent and independent internal/external auditor, and 9) procedure of non conformance.

d. The audit of Hotel SMS shall be implemented comprehensively and formally. The audit of Hotel SMS shall be conducted based on the regulation of planning and carried out by the competent and independent employee. Any matter that should be taken into account in carrying out the audit of hotel are: 1) Planning.

Annual schedule shall be prepared for the implementation of audit of Hotel SMS and evaluate the conformity of Hotel SMS. The frequency and scope of audit of Hotel SMS shall be correlated to the risk of failure of the 16 (sixteen) elements of Hotel SMS, the data on performance of Hotel SMS, as well as the output review taken by the hotel business management.

2) Top Management Support. The top management shall: a) provide full support to the audit program of Hotel SMS; b) take into account the audit finding and

recommendation; and c) take necessary corrective action of the audit finding.

3) Auditor. The Auditor of Hotel SMS shall: a) understand the tasks and competent to carry out the

audit of Hotel SMS ; b) have the experience and knowledge on the relevant

standard and system to evaluate the performance and carry out the identification of hotel safeguarding deviation;

c) understand the legislation and other relevant technical requirements, and

d) understand the standards and guidelines relating to the work in the hotel.

33

4) Data collection and interpretation. The technique and assistance in collecting the information will depend on procedure of audit. The audit of Hotel SMS shall audit the important activities representing all implementation of Hotel SMS.

5) Safeguarding Audit Finding. The report on audit finding of SMP Hotel shall be clear, accurate, complete, dated and signed by the safeguarding auditor. Report on audit finding shall cover: a) objective and target of SMP Hotel audit; b) information on the audit plan of SMP Hotel,

identification of audit team member and auditor representative, audit date and identification of audit area;

c) identification of reference document used for audit implementation of Hotel SMS ;

d) description of nonconformity; e) assessment of conformity level of Hotel SMS; and f) capability of Hotel SMS to achieve the objective statement

of SMP Hotel. The report on audit finding of Hotel SMS shall be submitted to the top management.

6) The audit finding of Hotel SMS shall provide the feedback for all relevant parties as soon as possible, and take the corrective action. The corrective action plan shall contain the designation of the person in charge, completion date of improvement, and any matters required. The implementation of corrective action shall be monitored to ensure the suitability to the recommendation. The safeguarding audit finding shall be kept confidential.

15. Element Fifteen: Management Overview a. The top management shall review the implementation of Hotel

SMS to evaluate the implementation and suitability of achievement of policy on safeguarding and objective of safeguarding.

The Management review shall re establish or renew the target of hotel safeguarding for its suitability in the future by taking into account changes of the 16 (sixteen) elements of Hotel SMS.

34

b. References (types of input)used are: 1) occurrence statistic, potential disturbance, disturbance

threshold and real disturbance already occurred in the hotel;

2) result of internal and external audit of safeguarding; 3) follow-up of the previous review of hotel business

management; 4) report on lost and loss due to real disturbance, and 5) report on threat identification, risk identification and its

control.

c. The review shall be implemented by the top management within certain period and discuss the performance of Hotel SMS.

d. In a review of hotel safeguarding planning, the top management

shall take into account: 1) agenda to be discussed; 2) participants to attend; 3) responsibility of the participants’ participation; and 4) information to be submitted.

e. the Management Representative shall report the overall performance of Hotel SMS in the management review meeting.

f. The results expected (type of output) are:

1) minutes of meeting; 2) revision of objective, target and policy on safeguarding; and 3) detail of improvement plan from the top management and the

accomplishment deadline.

16. Element Sixteen: Sustainable Development The hotel business shall continuously improve the effectiveness of Hotel SMS through the implementation of policy on hotel safeguarding, safeguarding objective, audit finding, data analysis, corrective as well as preventive action and management review.