Introduction

Trasis is operating TeamViewer solution for remote assistance on Windows computers for both corporate IT and Customer Service department to assist customers, partners and third party with their technical issues experienced with Trasis solutions.

The usage of TeamViewer at Trasis is not recent and has been completely integrated to our work practices

The aim of this policy is to establish security standards for the use of TeamViewer by Trasis employees when taking remote control of customer sites.

This is to protect information and data against unauthorized access and potential threats.

Scope

This policy applies to all Trasis employees who use TeamViewer to interact with customers.

Responsibilities

Trasis employees must ensure that TeamViewer is used securely and in accordance with this policy. The Trasis IT security team is responsible for implementing, monitoring and reviewing this policy.

Connection method

TeamViewer is natively integrated into Trasis software suite deployed as standard on Windows PCs sold to customers.

This integration consists of a menu option launching a secured remote assistance session (QuickSupport) with respect to TeamViewer standard behavior, including temporary credentials specific to the remote-control session.

When initiated from the customer’s PC, by an authorized customer employee, equipped with Trasis Software Suite, the system will comply with one-time usage credential which will apply exclusively to that session and expire immediately afterwards.

Secured communications

All communications, from engineer’s computer to customer’s computer are secured using 4096 Bit RSA private/public key exchange and 256 Bit AES session encoding.

Unless TeamViewer is affected by a security flaw in its design, it is not possible to circumvent or intercept those communication

Authentication requirements

The access to the central management console by Trasis Customer Service engineer requires authenticating individually with credential and 2-factor authentication.

Access Management

TeamViewer access rights are assigned on the basis of the principle of least privilege and are regularly reviewed to ensure that they remain appropriate.

Monitoring and logging

Session recording

For quality improvement purpose or security (action identification and replay), every remote assistance session can be recorded with respect to the security of credential storage and transmission which remain obfuscated.

Session audit trail

Each remote assistance session is recorded in an audit log which includes standard fields as well as technical information regarding the session and duration

Regular cybersecurity audits

Trasis conducts regular cybersecurity audits, the latest took place in spring 2023. It did not reveal any specific concern regarding TeamViewer implementation. However, as part of our 2023 plan to increase overall security, evolutions are foreseen and described in the section below.

Incident response

In the event of a security breach involving TeamViewer, employees must follow the Trasis incident response procedure, which includes immediate notification of the IT security team.

Training and awareness-raising

Employees must receive regular training on the secure use of TeamViewer and on the procedures of this SLSP policy.

Review and update

This policy should be reviewed annually or in response to significant changes in the threat environment or in the use of TeamViewer.