Share
ReportEach of our stores has a manager's PC, where they run SO Manager to settle batches, check inventory, perform transfers etc. But they also use many other functions on those PCs outside of RMS, such as checking email, managing employee time cards, even surfing the web. Since the PC is used to settle credit card batches, it should be considered within the scope of PCI-DSS. However, does that mean that all of the systems they connect to should also be considered in scope, such as our email server? Obviously there is some risk here as they are able to surf the web and handle credit card batches on the same PC.
We are trying to find a way to isolate the manager functions to a separate PC or thin client to eliminate this risk. We have gone down a few paths - running Manager from the register, connecting remotely to a register to run manager, or connecting to a store server. But they all come up a bit short and a bit difficult to implement. For example. our registers do not have mice or keyboards attached - they do all PoS functions with the on screen keyboard and taskpad, which would be cumbersome or impossible for some manager functions. It would also take a register out of sales for the duration of the manager functions, on busy days this could affect sales. If they connect to the server, then we are giving end users control over our server, which could result in a server going down and putting all registers in offline mode. Do you have any suggestions?
*This post is locked for comments
All responses (
Answers (
13,380
