• Replies 8 replies
  • Subscribers 337 subscribers
  • Views 24 views
  • Users 0 members are here
Related

PCI compliance - Acceptability of Shared User Accounts

Jason Andrea
$organization

Greetings-

Forgive me if this post was submitted to the wrong place.

My question/concern is about sharing accounts between multiple users... so the scenario is.. one username/password may be shared by 3 or more people (within reason, of course).

We are just beginning the implementation process and I have a question about User Accounts going forward. We have a central location, and 26 or so historic 'sites' located throughout Minnesota. We have legions of people who work for us that can be categorized as part-time, seasonal, volunteer, intern, etc...

As you can see, maintaining all of these people who come and go at various intervals with a separate, and possibly short-lived username/password, could turn into a nightmare. I'm wondering if anyone knows about any PCI compliance guidelines that can be followed that either reenforce the 'shared login' practice, or strictly prohibit the practice in a system like Tessitura.

Or... if anyone has any advice or tips on the subject, feel free to let me know!

Thanks!

Jason

Minnesota Historical Society

Parents
  • $organization

    Why not use accounts like

    Temp1 Temp2  and activate/deactivate  and be sure to reset the passwords when they leave.  This way you have only 26 accounts that are always available. 

     

    You may want to use accounts that are more descriptive.

     

    Regards,

     

    MJ Bavaret

    Houston Ballet Foundation

    Director of Informaton Technology

    Security/Network/Website/Telcommunications

     

    MJBavaret@houstonballet.org

    Cell 713-545-0401

    Office 713-535-3255

    Fax 832-325-5355

     

    From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Jason Andrea
    Sent: Wednesday, November 25, 2015 1:40 PM
    To: Bavaret, MJ
    Subject: [Tessitura Technical Forum] PCI compliance - Acceptability of Shared User Accounts

     

    Greetings-

    Forgive me if this post was submitted to the wrong place.

    My question/concern is about sharing accounts between multiple users... so the scenario is.. one username/password may be shared by 3 or more people (within reason, of course).

    We are just beginning the implementation process and I have a question about User Accounts going forward. We have a central location, and 26 or so historic 'sites' located throughout Minnesota. We have legions of people who work for us that can be categorized as part-time, seasonal, volunteer, intern, etc...

    As you can see, maintaining all of these people who come and go at various intervals with a separate, and possibly short-lived username/password, could turn into a nightmare. I'm wondering if anyone knows about any PCI compliance guidelines that can be followed that either reenforce the 'shared login' practice, or strictly prohibit the practice in a system like Tessitura.

    Or... if anyone has any advice or tips on the subject, feel free to let me know!

    Thanks!

    Jason

    Minnesota Historical Society




    This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

Reply
  • $organization

    Why not use accounts like

    Temp1 Temp2  and activate/deactivate  and be sure to reset the passwords when they leave.  This way you have only 26 accounts that are always available. 

     

    You may want to use accounts that are more descriptive.

     

    Regards,

     

    MJ Bavaret

    Houston Ballet Foundation

    Director of Informaton Technology

    Security/Network/Website/Telcommunications

     

    MJBavaret@houstonballet.org

    Cell 713-545-0401

    Office 713-535-3255

    Fax 832-325-5355

     

    From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Jason Andrea
    Sent: Wednesday, November 25, 2015 1:40 PM
    To: Bavaret, MJ
    Subject: [Tessitura Technical Forum] PCI compliance - Acceptability of Shared User Accounts

     

    Greetings-

    Forgive me if this post was submitted to the wrong place.

    My question/concern is about sharing accounts between multiple users... so the scenario is.. one username/password may be shared by 3 or more people (within reason, of course).

    We are just beginning the implementation process and I have a question about User Accounts going forward. We have a central location, and 26 or so historic 'sites' located throughout Minnesota. We have legions of people who work for us that can be categorized as part-time, seasonal, volunteer, intern, etc...

    As you can see, maintaining all of these people who come and go at various intervals with a separate, and possibly short-lived username/password, could turn into a nightmare. I'm wondering if anyone knows about any PCI compliance guidelines that can be followed that either reenforce the 'shared login' practice, or strictly prohibit the practice in a system like Tessitura.

    Or... if anyone has any advice or tips on the subject, feel free to let me know!

    Thanks!

    Jason

    Minnesota Historical Society




    This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

Children
No Data