Spend ten minutes in the boardroom of any fifteen-site restaurant group and you will hear the same five IT complaints. I know, because I have sat through the conversation more times than I can count. The names on the wall change, the cuisine changes, the headcount changes. The complaints do not.
They are almost never about specific kit. They are about an operating model that grew by accident, and a finance director who now wants to know why IT spend has doubled in three years with nothing obvious to show for it.
Complaint 1: “Every site has a different setup”
The first thing any new ops director discovers is that no two sites in their estate look the same. Site A runs Oracle Micros on a Draytek router with a BT business line. Site B runs Zonal on a Ubiquiti stack with a Hyperoptic fibre. Site C was an acquisition eighteen months ago, and nobody is entirely sure what is in the cupboard behind the pass.
This is the inheritance problem, and it has two causes. The first is acquisition: you buy a four-site group and inherit four sites’ worth of someone else’s decisions. The second is organic growth: the first site was opened on a shoestring, the second by the same founder a year wiser, the third with help from a mate, and by the seventh there was a proper budget. Nobody ever went back and retrofitted the earlier sites, because they were working, and there was always something more urgent to spend money on.
The result is an estate where a single problem has seven different diagnostic paths. Nothing is interchangeable. Spares from one site do not fit another. Every time a router dies, the conversation starts from scratch.
Complaint 2: “We can’t see what’s happening across the estate”
The second complaint usually comes from the same meeting. The ops director wants to know, at ten on a Friday, whether all the sites are actually trading. Are the tills up? Are the card machines online? Did Site 9’s kitchen printer come back after this morning’s outage?
In most groups I walk into, the honest answer is: nobody knows until a GM rings head office. There is no central monitoring, no dashboard, no group-level reporting on uptime or patch status. The kind of franchise connectivity platform that gives you a single pane of glass is mature and affordable - it just was never commissioned. IT exists as a series of separate bubbles, and head office only learns about a problem when it is already costing covers.
This is not a technology problem in 2026 - the tooling has been cheap and mature for years. It is an operating model problem. Nobody was ever given the brief to consolidate the view.
Complaint 3: “Every new site opening is a panic”
Ask the property director about the last opening and watch the face. Every new site is a scramble: someone books the circuit the week before launch and discovers it takes six weeks to install. Someone else realises on soft-launch day that the POS has not been configured with the group menu. The CCTV installer and the network installer fight over the comms cupboard. Three days before opening, a panicked WhatsApp goes round asking if anyone has a spare switch.
The root cause is that there is no template. Every opening is treated as a one-off, and every project manager is reinventing the wheel. A mature group has a site-opening pack: a standard bill of materials, a standard network design, a standard POS build, a standard timeline with the circuit ordered the day the lease is signed. A less mature group has a spreadsheet from the last opening and a prayer.
The cost is not just stress. A delayed circuit can push a launch by a fortnight. A rushed install gets redone six months later. And the panic itself is a tax on your best operators, who should be thinking about food and service.
Complaint 4: “IT support is different at every site”
This one is my favourite, because it is so predictable. In a typical fifteen-site group I will find six different IT suppliers across the estate. The founder’s mate looks after sites 1 to 3. An acquired group came with its own MSP on a rolling contract nobody has cancelled. The newer sites were onboarded with whichever supplier the fit-out contractor recommended. One site is “supported” by the nephew of the GM, for cash.
Every one of these relationships has a different SLA, a different ticketing system (or none), a different out-of-hours number, and a different invoice. When something goes wrong at multiple sites at once - because the group’s booking platform has had an outage, say - there is no single point of coordination. Head office is on six phone calls, getting six different stories.
It also means your group has no leverage. Six suppliers means six margins, six minimum charges, and no volume discount anywhere. You are running fifteen single-site contracts and paying the single-site premium on every one of them.
Complaint 5: “Security is a black hole”
The last complaint is the one the finance director has started losing sleep over, rightly. Security across a fragmented estate is a disaster. Different sites have different admin passwords (if any). Different patching schedules (if any). Different firewall rules, or no firewall at all. Nobody has a list of who has access to what. When a chef leaves, their rota account is disabled, but their VPN credentials into the back office are still live two years later.
Cyber Essentials and PCI DSS compliance, which are not optional if you take card payments, assume you can answer basic questions about segmentation, access control, and logging. In a fragmented estate you cannot answer them honestly. I have sat in rooms where the finance director has asked “are we PCI compliant?” and got a very long silence from the IT lead.
The threat picture is real. Hospitality is a well-known target: lots of card data, lots of staff churn, lots of guest WiFi, and historically weak defences. Most of the breach stories you read start with exactly the problems above.
The root cause underneath all five
None of these five complaints is really about technology. They are all the same thing: IT grew organically alongside the business, and the operating model never caught up. Each site made sensible local decisions in isolation, nobody imposed a group-level view, and by the time the group was big enough to need one, the mess was big enough to feel impossible to untangle.
The good news is that it is not impossible. It is a project with a reasonably predictable shape.
How to fix it
Three words: standardise, consolidate, centralise. In that order.
Standardise. Write down the group’s standard site build. One POS vendor (or at most two, for legitimate commercial reasons). One network design: same router, same access points, same VLAN structure, same SSIDs. One CCTV and access control platform. One set of cloud services for email, file storage, and rota. Document it as a bill of materials and a network diagram that fits on a single page. Every new site gets built to the standard. Every existing site gets rebuilt to the standard on a planned refresh cycle, not all at once.
Consolidate. Move to a single IT partner for the whole estate. One phone number for your GMs. One ticketing system. One SLA. One invoice. One relationship you can actually hold to account. This is what our franchise IT support offering exists to do - one specialist, one contract, visibility and accountability across every site. The commercial benefits are real (volume pricing, less admin, fewer suppliers to chase) but the operational benefits are bigger: when something goes wrong at two sites simultaneously, one team knows both sites and can prioritise.
Centralise. Pull the network and the cloud stack into central management. A proper managed network gives you a single dashboard for every site, alerts that come to head office before the GM notices, remote config changes without sending a van, and group-wide policies for guest WiFi, segmentation, and PCI scope. A managed cloud platform gives you central identity - one joiners/leavers process, one place to disable a leaver, one place to enforce MFA, one audit trail. Between them, complaints 2 and 5 mostly disappear.
Why one specialist partner beats six local MSPs
I get the argument for local relationships. The GM likes knowing Dave. Dave answers his phone. A van turns up in twenty minutes.
Here is the counter-argument. Dave is brilliant at his three sites and has no idea what is happening at the other twelve. Dave cannot write you a group security policy, stand up central monitoring, or give you PCI evidence at group level. Dave has no hospitality-specific expertise, because he also does a dentist, an accountancy firm, and a car showroom. When you have a group-wide POS outage, Dave is one of six people scrambling, none of whom are talking to each other.
A specialist hospitality partner, running the whole estate on a single operating model, can do all of that. You trade the warm mobile number for proper 24/7 coverage, real monitoring, and the ability to answer the finance director’s PCI question without a long silence.
A realistic timeline
For a ten-site group starting from the fragmented state I have just described, here is what is achievable.
Months 0 to 6. Full estate audit. Every site visited, everything catalogued, every contract logged. Standards document written. Central monitoring deployed across existing kit. One partner onboarded as the single IT contact. Quick wins on obvious security gaps - MFA everywhere, leavers cleanup, firewall rules tightened. New openings from this point use the standard.
Months 6 to 12. Network refresh rolled out to the worst three or four sites - the ones with consumer kit, the Friday night problems, no segmentation. Group-wide identity consolidated onto one platform. Site-opening pack productionised. First honest PCI assessment, with findings addressed.
Months 12 to 18. Remaining sites refreshed to standard on natural refresh cycles. Group-level reporting in place: uptime, incidents, patch compliance, security posture. Finance director gets a monthly IT pack that actually answers questions. New acquisitions integrate in weeks, not a year of chaos.
None of this is glamorous. It is methodical, and it requires a partner who understands hospitality specifically rather than generic SME IT. At the end of it, IT stops being the thing everyone moans about in the boardroom and becomes the thing that quietly holds the group together.
If the five complaints at the top of this post sound like your last ops meeting, get in touch. We do this for a living, and the first conversation is always free.