PCI compliance - Acceptability of Shared User Accounts

Jason Andrea $organization over 10 years ago

Greetings-

Forgive me if this post was submitted to the wrong place.

My question/concern is about sharing accounts between multiple users... so the scenario is.. one username/password may be shared by 3 or more people (within reason, of course).

We are just beginning the implementation process and I have a question about User Accounts going forward. We have a central location, and 26 or so historic 'sites' located throughout Minnesota. We have legions of people who work for us that can be categorized as part-time, seasonal, volunteer, intern, etc...

As you can see, maintaining all of these people who come and go at various intervals with a separate, and possibly short-lived username/password, could turn into a nightmare. I'm wondering if anyone knows about any PCI compliance guidelines that can be followed that either reenforce the 'shared login' practice, or strictly prohibit the practice in a system like Tessitura.

Or... if anyone has any advice or tips on the subject, feel free to let me know!

Thanks!

Jason

Minnesota Historical Society

Parents

Jason Andrea $organization over 10 years ago
Yes, good point. We ARE RAMP. Lots to learn, but this was a big one, and at least learned at the right time. Thanks again.

On Wed, Nov 25, 2015 at 2:57 PM, Christopher Cuhel <bounce-christophercuhel9903@tessituranetwork.com> wrote:
The other caveat to this Jason; if you are a RAMP location, I believe every person who is going to use Tessitura needs their own "fish" for the one time password generation and their own unique email address to have a RAMP account. If you aren't RAMP, than this is moot.
From: Jason Andrea <bounce-jasonandrea1626@tessituranetwork.com>
Sent: 11/25/2015 3:32:03 PM
EXACTLY what i was looking for. We are making the commitment to following the importance of PCI Compliance and its guidelines.

--
View this message online at http://www.tessituranetwork.com/Community/forums/p/14862/45555.aspx#45555 or reply to this message

Jason Andrea
Minnesota Historical Society
651-259-3016
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Reply

Jason Andrea $organization over 10 years ago
Yes, good point. We ARE RAMP. Lots to learn, but this was a big one, and at least learned at the right time. Thanks again.

On Wed, Nov 25, 2015 at 2:57 PM, Christopher Cuhel <bounce-christophercuhel9903@tessituranetwork.com> wrote:
The other caveat to this Jason; if you are a RAMP location, I believe every person who is going to use Tessitura needs their own "fish" for the one time password generation and their own unique email address to have a RAMP account. If you aren't RAMP, than this is moot.
From: Jason Andrea <bounce-jasonandrea1626@tessituranetwork.com>
Sent: 11/25/2015 3:32:03 PM
EXACTLY what i was looking for. We are making the commitment to following the importance of PCI Compliance and its guidelines.

--
View this message online at http://www.tessituranetwork.com/Community/forums/p/14862/45555.aspx#45555 or reply to this message

Jason Andrea
Minnesota Historical Society
651-259-3016
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Children

No Data