The software or hardware provided by any vendor is only a portion of the merchant's ability to meet PCI compliance. Software provided by vendors must meet the prevailing PCI PA-DSS and PCI-SSF standards to assist the merchant to meet overall PCI compliance.
Please familiarize yourself with the definitions of key terms used by the PCI DSS, PA-DSS, and key terms used by PCI SSF set by the Security Standards Council. Full documentation can be downloaded from the Official PCI Security Standards Council Site. |
|
Meeting compliance requires some due diligence and is determined by the PCI compliance level guideline your organization needs to attain.
Depending on how your venue processes transactions, your venue can be Schedule 'A', 'A-EP', 'B','C', or 'D'. |
The life cycle of a standard provided by the PCI Security Standards Council is approximately every 2 to 3 years. Once approved at a standard, it is valid even though future standards are being worked on.
The following table illustrates a brief historical summary of Theatre Manager PCI compliance
Version | Standard | Status | Action |
11.0 | PCI PA/DSS 3.2.1 SSF 1.1 |
Theatre Manager version 11 has been reviewed for its PCI PA/DSS 3.2.1 audit as part of the 3 year cycle. A new audit for Secure Software Framework (SSF) 1.1 was completed at the same time. The onsite assessment audit took place November 7 - 10, 2022 and the final document was approved by the PCI Security Standard Council with an expiry date of October 4, 2026 for new installations. The image (above) is from the PCI Security Standards Council's website of validated applications. Search for Arts Management. |
All upgrade automatically occurs - no action required by venue |
11.0 | PCI PA/DSS 3.2.1 |
Theatre Manager version 11.0.zz has been reviewed for its PCI PA/DSS 3.2.1 audit as part of the 3 year cycle.
The audit took place in September 16 - 20, 2019 the final document was approved by the PCI Security Standards Council with an expiry date of October 28, 2022 for new installations. The image (above) is from the PCI Security Standards Council's website of validated applications. Search for Arts Management. |
Upgrade automatically occurs July 2020 |
10.06 | PCI PA/DSS 3.1 |
Theatre Manager version 10.06.zz has been reviewed for its PCI PA/DSS 3.1 audit as part of the 3 year cycle.
The audit took place in October 2015 the final document was approved by the PCI Security Standards Council with an expiry date of October 28, 2019 for new installations. The image (above) is from the PCI Security Standards Council's website of validated applications. Search for Arts Management. |
Upgrade October 2015 |
10.02 | PCI PA/DSS 2.0 |
Theatre Manager version 10.02 has been reviewed for its PCI PA/DSS 2.0 audit as part of the annual change cycle.
The audit took place in October 2014 the final document was approved by the PCI Security Standards Council. |
Upgrade October 2014 |
10.00 | PCI PA/DSS 2.0 |
Theatre Manager version 10 has been reviewed for its PCI PA/DSS 2.0 audit as part of the 3 year cycle.
The audit took place in July 2013 the final document was approved by the PCI Security Standards Council in October 2013. The image to the left is from the PCI Security Standards Council's website of validated applications. Search for Arts Management. |
Upgrade October 2013 |
9 | PCI PA/DSS 1.2 | Theatre Manager meets the PCI PA/DSS 1.2 standard and approved by the PCI Security Standards Council in December 2010. | Upgrade to version 9 ASAP |
8 | PABP 1.4 | Theatre Manager meets the PABP 1.4 standard and was certified in October 2008. Please refer to our certificate and approval by Visa - page 6. | Install 2008 |
7 | **Self Assessed in 2006 | Theatre Manager implements the standards required of PABP 1.4 (as of 2006), including 3DES high encryption of cards, and does not store any track II or CVV2 information. However, this version is neither audited nor certified by an external vendor (not a requirement from the PCI Security Standards Council at the time). Version 7 has the same security measures as version 8 and was simply renamed version 8 as part of the audit. | CD's Sent |
6 | **Self Assessed in 2003 | Theatre Manager implements almost all PCI security features in effect at the time (early 2000's). Card encryption is DES and it does not track CVV2 information. Version 6 can be considered PCI compliant. | Diskettes Sent |
** Please note: PCI requirements have changed over the years. At one time, the PCI Security Standards Council required that vendors of software 'self assess' that they have followed the guidelines. At Arts Management, we have always taken card security and privacy of information seriously and implemented many PCI features before there were published rules. That is why we felt able to meet the self assessment criteria in force at the time. However, there is a much greater need for security than ever before and we encourage merchants to fulfill their obligations to merchant agreements and upgrade to the 'certified' versions of Theatre Manager - which have been audited by external companies as meeting all the rules in effect at the time of the audit.