OPEM-05

If you answered "yes" to OPEM-04, are your remote actions and changes logged or otherwise visible to the campus?

Explanation

This question is asking whether your organization logs and makes visible any remote actions or changes that you perform on the campus systems when providing remote support or maintenance (which was confirmed in question OPEM-04). In the context of PCI DSS (Payment Card Industry Data Security Standard), this question relates to maintaining visibility and accountability when vendors or service providers access systems that may process, store, or transmit payment card data. The question is being asked because remote access to systems presents significant security risks. When a vendor can remotely access campus systems, the campus needs visibility into what actions are being performed to ensure that: 1. No unauthorized changes are made to systems 2. No malicious actions are performed 3. If something goes wrong, there's an audit trail to investigate 4. Compliance requirements for monitoring vendor access are met PCI DSS specifically requires that all access to network resources and cardholder data must be tracked and monitored, including vendor access. This is part of the principle of maintaining complete visibility into who is accessing systems and what they're doing. To best answer this question, you should explain: - How your remote actions are logged (what logging mechanisms are in place) - What specific actions and changes are captured in these logs - How these logs are made available to the campus - How long these logs are retained - Whether the campus can view these actions in real-time or only after the fact

Example Responses

Example Response 1

Yes, all remote actions and changes performed by our support team are comprehensively logged and made visible to campus personnel We implement detailed session logging that captures all commands executed, files accessed, and configuration changes made during remote support sessions These logs are automatically forwarded to the campus's SIEM (Security Information and Event Management) system in real-time via our secure API integration Additionally, campus IT security personnel can access a dedicated portal where they can view active remote sessions in real-time and review historical session recordings that are retained for 90 days For critical systems, we also implement a change management process that requires campus approval before any significant changes are implemented, and post-change reports are provided within 24 hours of maintenance completion.

Example Response 2

Yes, our remote actions and changes are logged and visible to campus personnel through multiple mechanisms First, all remote support sessions utilize a secure access tool that records full session activity including screen captures, keystrokes, and file transfers These recordings are stored in an immutable format and are accessible to authorized campus personnel through our customer portal for a period of 12 months Second, we maintain detailed change logs documenting all modifications made to systems during maintenance, which are provided to campus IT staff within 48 hours of session completion Third, for planned maintenance, we provide pre-maintenance and post-maintenance documentation detailing intended changes and actual changes performed Campus security teams can also opt to have real-time notifications sent to their ticketing system whenever our technicians initiate a remote session to their environment.

Example Response 3

No, our current remote support process does not provide comprehensive logging or visibility of actions to campus personnel While we do maintain internal logs of remote sessions for our own quality assurance and security purposes, these logs are not automatically shared with the campus If requested, we can provide a summary report of actions taken during a support session, but this is a manual process and does not include detailed command-level logging We recognize this is a limitation in our current service offering and are developing an enhanced logging and visibility solution that will provide campus personnel with access to detailed session logs and change documentation through a secure portal We anticipate this capability will be available within the next 6 months In the interim, we can arrange for supervised sessions where campus IT personnel can observe remote support activities if required for critical systems.

Context

Tab
Case-Specific
Category
Payment Card Industry Data Security Standard (PCI DSS)

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron