All remote access is to be done at the invitation of the customer. The product we use is called
teamviewer and it is built into Theatre Manager. If you are on the phone with the customer and need to use remote assistance, the procedure is:
- Ask the customer to activate the remote access session
- Ask them to provide you the number and password for remote access the session
- Connect to their work station
- Ask the customer to confirm our identity by providing them their customer number and having them look it up in 'about Theatre Manager' or providing the case number that they received from us that initiated the need for report support session (PCI requirement for authentication)
- As part of the pre-amble, inform them how they can disconnect you immediately if there should be anything come on the screen that they feel you should not see or is private.
- Provide the appropriate support
- When the support all is finished, have the client disconnect you and have them acknowledge you are gone
- Do not leave a session active when you are done. If need be, close the session on their end to force you out.
If you remote into a customer site and log in, all passwords used on a customer site must comply with the same rules as PCI DSS requirements 8.5.8 to 8.5.18 (
described here) and if customers do not appear to be using compliant passwords, a gentle reminder could be useful.
|
All Theatre Manager access passwords are required to be PCI compliant in Version 9
|