There are some settings in Theatre Manager that a venue must examine during installation and may need to be changed for PCI standard 8.5 compliance.
If you are upgrading from a demo version of TM, some of these settings were optional to facilitate the purposes of a demo and need implemented for a production system. |
Ensure that the minimum recommended settings are met and increase the security as you see fit. If the minimum recommended settings change, Theatre Manager will automatically update the current settings to any more current minimum during any upgrade.
The steps to increase security strength are:
If you wish to implement login by user id in addition to password, the change all the user id's in the system to a scheme that is suited to your network security needs. Since you will be logging in with a User Id and Password, it can be a good idea to make user names more difficult to determine.
To change user names and password settings, repeat the following steps for all users EXCEPT the Master User:
You must at least visit the 'Functions' tab and make sure that any of the privileges that say 'Credit Card' in the second column are all unchecked to start with. Then enable those that you wish the user to have. Creating any new normal user will default to a 'deny-all' setting per PCI DSS 7.2
All existing users can be easily reset to the 'deny-all' at one button click (see below) |
You can do reset all employees with non-administrative access at one time by selecting them all on the list of employees and clicking the 'PCI' button.
Per PCI requirements, this password for this account must be changed at the initial installation of Theatre Manager by the venue so that it is something unique to the venue.
No user of Theatre Manager is required to have these privileges in order to use the system - except to create another user account. If any user is set as a Master User for the duration of the installation process, those privileges should be revoked per PCI compliance.