There are three components to the Theatre Manager System
The installation of the database server, Theatre Manager and web sales is relatively simple and can be done in a few minutes.
The installation procedures are constantly updated with the latest instructions to implement Theatre Manager in a PCI manner. |
Achieving PCI compliance for your venue comes with how you install it on your network and other protections you put in place. These protections are mandated by PCI standards regardless of whether or not you use software in your operation. We hope that our instructions make it easy for a merchant to meet PCI DSS compliance.
We have placed alerts similar to this throughout the installation documentation to signify areas of particular concern to the PCI standards council. Please pay particular attention to these alerts as they contain valuable information to assist venues meeting PCI compliance. |
The steps that follow indicate how to install and run Theatre Manager in a manner that will help you meet your PCI compliance requirements as outlined in the latest PCI quick reference guide. A venue that chooses to opt out of some of the safety and security measures in this document needs to be aware that they have chosen to bypass some aspects of the compliance required in the merchant agreement with their bank and the PCI Security Standards Council that is operated by the credit card companies.
Venues may opt out of any compliance step by signing the appropriate area. The credit card companies have placed the onus on all point of sale software providers to help merchants meet compliance (instead of the banks) and highlight areas to address.
Theatre Manager assists you in meeting PCI compliance because:
Step | Purpose | Optional | Installation instructions or link | Who |
1. | Network Setup | Mandatory | Setting up network for PCI compliance | Artsman Venue |
2. | Installation of Postgres Server | Mandatory | Platform specific install instructions | ArtsMan |
3. | Installation of Theatre Manager | Mandatory | Platform specific install instructions | Venue |
4. | Installation of a customer database | Optional | If this is the first time that Theatre Manager is being installed at a venue, an 'empty' venue specific serialized database will be provided. It will only contain the zip code lookup table and sample code tables. | ArtsMan |
5. | Credit Card Authorization | Optional | Theatre Manager provides a selection of service providers for credit card authorization.
|
Venue Artsman |
6. | Installation of the Nginx Server | Optional | Installation of the Nginx server is platform specific if you are using web sales. | ArtsMan |
7. | Setup TLS certificate | Optional | If you are using web sales, you must set up an TLS certificate and configure your firewall to allow web traffic. You will need to set up a DNS record for 'tickets.yourvenue.org' rather than assigning the TLS to a static IP address. | ArtsMan |
8. | Upgrade of existing web pages | Optional | This step indicates the general changes to existing web pages that must be made when migrating from any version to any other version.
In addition, a venue must be aware of OWASP and should bookmark it in their browser. This site has a 'top 10' list of ongoing security considerations and standards for web site development. Arts Management reviews and implements each years suggestions annually - see this years top 10. Finally, if you accept credit cards on the internet, you may need an application firewall as per PCI requirement 6.6 and the web pages are significantly changed. We are looking at mod_security and may put that into a future release of the apache server on your behalf. |
Venue |
9. | Initial settings in TM | Mandatory | After Theatre Manager and the database have been installed, you will need to review minimum key standards and other security features for PCI compliance. | ArtsMan Venue |
10. | Remote Access | Optional | This step is a discussion on remote access and what a venue need to do if they wish to provide that for themselves, for Remote Box Offices.
There are considerations for using RDP within the network and enabling security. Arts Management uses a tool for remote remote support called teamviewer. |
ArtsMan Venue |
11. | Policy Manual Additions | mandatory | These are some policies that should be added to the customer service and/or security policy manual at a venue for PCI compliance. | Venue ArtsMan |