There are times that a member of the Tessitura Network’s staff needs to gain access to a member’s Tessitura system to diagnose and resolve a technical issue. While we are committed to timely assistance, it is equally crucial that Tessitura Network and our members follow security protocols in our work together to ensure that data and systems are properly protected throughout our interactions.

To provide excellent and secure service, the following protocols are required for handling secure data and access. 

System access for Tessitura Support

• Locally-hosted members (members who are not hosted by Tessitura Hosting Services) will provide remote Tessitura system access to the Tessitura Network staff if required for appropriate troubleshooting. Remote access and scheduling will be mutually agreed upon between the member and the Tessitura Network.
• For Tessitura-hosted members (members who have Tessitura deployed through Hosting Services), support staff will automatically have proper access to member systems for appropriate troubleshooting or processing requests based on existing hosting agreements and protocols.
  
• Any database changes to a member’s system in the Hosting Services environment made by Tessitura Network staff will be documented using change management processes.
  

System access for member staff within Hosting Services

• Members are responsible for managing Tessitura Network security in the security application.
• Access to the hosting environment will be managed by authorized staff at the member organization using the self-service tool provided as part of the Hosting Services offering.
  
• Each individual who will log in to the Tessitura must have a unique user account set up in the Security application.
  
• The Windows Authentication configuration in the Security Application is the recommended setup for accessing Tessitura.
  
• In the event the Hosting Services environment is generally available, but specific users at the member organization are unable to access the Software due to security, the Primary IT contact or staff members with security access, will be responsible for making security changes through the security application or the Hosting Services self-service tool.

Password management & sensitive data

• All users must comply with the Payment Card Industry Data Security Standards and follow all PCI Standards. The credential activities are prohibited.
  
  • Sharing logins or disclosing passwords for unique Tessitura or Hosting Services accounts.
    
  • Using vendor-supplied defaults for system passwords.
• To maintain PCI compliance, unencrypted passwords, and sensitive data such as unencrypted credit cards may not be stored in the Software or Hosting Services environment in any way.
  
• In the event that the member needs to transmit passwords or sensitive data such as credit cards to Tessitura, these must only be communicated in the helpdesk system using the encryption utility. This PCI-compliant utility ensures that sensitive data is never stored in an unencrypted fashion during the work of the support ticket. Please note, for organizations using our hosting services you may request we add the encryption utility as a standalone application on your Citrix storefront.
  
• If sensitive data such as unencrypted credit cards or passwords are stored in the Software, Hosting Environment or helpdesk system, the Tessitura Network reserves the right to initiate Cybersecurity Incident protocols and remove non-compliant data.