Page 404 - Board Member Onboardin August 2019
P. 404
C30 CSCS Associate Handbook This document includes the company's personnel policies and guidelines
C31 Managing unapproved purchases with distribution centers The Analysis looks into unapproved spend by distribution centers
through Unapproved Spend Analysis
C32 Segregation of duties This is a check and balance system to prevent any fraudulent act.
(A) Physical Protection of data This is a check and balance system to prevent any fraudulent act.
(B) Security Protection for electronic data Security protocols to prevent confidential data from leakage, loss, and theft
C33
Manage system using inbound/outbound port IP based access, TLS SSL 128/256bit encrypted
(C) Access, Encryption, & Recovery Services
objects at rest & transit, and configured manual/automated backup & restore points
Demand plan is constructed by Brand Management team to assist test, promotion, and menu
C34 Carefully construct and review Demand Plan
processes
C35 Review contracts through Contract Calendar Every two weeks, an update on contracts by CM is shared with relevant personnel
Maintain data visibility around products, vendors, and suppliers CSCS maintains an integrated supply chain solution which stores business critical data. The system
C36
using CSCS Integrated Supply Chain Management System is provided by a third party. CSCS continuously review data to ensure the integrity
C37 Price variance analysis An analysis to detect incorrect pricing charged by distribution centers
C38 Continuous review and control from CSCS This control applies to third party service providers (InfoSync, Benefits and Systems)
C39 Maintain pricing integrity Pricing is uploaded onto HAVI by vendors and approved via workflow by CMs.
C40 Annual audit by third party Annual financial audit by third party
A document that contains confidential information about the franchisee, which is completed and
C41 Membership Subscription Agreement signed by the franchise owner, and is approved and signed by the CSCS CFO that establishes
Membership with the concept Co-op.
C42 Multi-tiered internal approval process Approval by Directors and CFO required prior to distribution of information
C43 Protection of confidential information Information deemed confidential and proprietary is only published on secured websites or provided
C44 Legal review and/or presence Third party provides legal counsel
Franchise and store information provided via data feed from Applebee's system of record (SDMS)
C45 3rd Party System Control and IHOP system of record (FRED). Weekly data quality control audits conducted by Havi to
identify discrepancies.
C46 Monthly Commodity Review Discussion In this meeting, CEO, CPO, and category managers review current contracts and pricing around
several key commodities, and plans future strategies
Business Analyst audits balances for several key commodities such as bacon, ground beef,
C47 Formula-based Pricing Balance Audits for several commodities
cheese, and butter
C48 Implement DineEquity Crisis Management Training Document Review and follow DineEquity Crisis Management Document
C49 Test Brief The document includes the test design, line up which is vetted with MDI for new SKUs
Presentation new food ideas by MDI/FBI (Operations / Marketing) to Senior Management to
C50 Food show
determine test line up
C51 Brand prepares a menu/campaign brief and product matrix Menu/Campaign brief and Product Matrix is provided by Brands
For Applebee's, Business Analytics or Brand Finance publishes a forecast for promotion/menu,
optional and deletes come from One Net. Yields are warehoused in Star Chef.
C52 Forecasting yields are provided by brands
For IHOP-Forecast (including yield assumptions) supplied by Brand via E-mail.
C53 Market Distribution Agreement (MDA) This agreement is signed by CSCS and DCs.
C54 Freight Agreements This agreement is signed by CSCS and DCs regarding freight programs.
C55 Volume Report from Distributor This report is provided by DCs.
Regular auditing done on data coming in, residing in, and coming out of the system (Havi). Audits
C56 Data Audits cover the following: pricing, DC item mapping, DC mark-ups, validating the supplier's, brand's, and
distributor's daily feeds.
A schedule of all critical business records, purposes, format, retention period, and disposition
C57 CSCS Record Retention and Disposition Schedule and Policy
method. Records are monitored and maintained annually based on the schedule.
Data stewards are appointed to represent departments to make decisions related to data
C58 Data Stewards from all departments
management for all departments.
Strengthen security using Two Factor Authentication, hashed passwords, and/or a strong password
C59 User Management - System Administrators
policy
Periodically review 3rd Party compliance certificates to ensure it meets their industry's security
C60 3rd Party Security Certifications standards: GDPR, HIPPA, FedRAMP, Iso 27001, SOC 1, SOC 2, Encryption Standards, Service
Legal Agreements, Uptime Resiliency
C61 Database Performance & Optimization Systems & Data Analytics teams meet weekly to discuss data factory processing to ensure
accurate information
