home > support > data & password security standards

Data & password security standards

These standards are put in place to ensure that we, on your behalf, are able to provide maximum protection to your data

Many of these standards are incorporated into TourCMS to assist with potential compliance of the PCI (Payment Card Industry) standards - a global standard for the protection of sensitive data on IT systems.

Usernames & passwords

  • Identify all users with a unique username (do not use group, shared or generic accounts & passwords)
  • Passwords must have a minimum length of at least 7 characters
  • Use passwords containing both numeric and alphabetic characters
  • Passwords must be changed every 90 days
  • Previously used passwords may not be reused
  • Limit repeated access attempts by locking out the user ID after not more than 6 attempts

Locked user accounts

If your user account becomes locked (after a small number of failed login attempts) please contact your account owner (or any user on your account with full system management permission). They will be able to issue you a new password or unlock you. They can also issue you a new password if you have forgotten yours. For security reasons there is no remind me of my password functionality.

Only rarely will we issue new passwords - generally this will be to users on an account that are is not currently trading (hence no live customer data). In an emergency please contact our emergency support by phone and be ready to identify yourself.

Inactivity

  • If a session has been idle for more than 15 minutes, require the user to re-enter the password to reactivate the terminal
  • If a user has not logged in for more than 90 days that user account is made inactive

You can set the inactivity logout to 60 minutes...... however this then excludes you from compliance with the PCI standards mentioned above.

Credit card data

  • Do not store credit card data within TourCMS

As a reminder, this is in the TourCMS terms of service: "You agree to (a) immediately notify Travel UCD of any unauthorised use of your password or account or any other breach of security, and (b) ensure that you exit from your account at the end of each session"