The information contained and accessed on this site i.e www.itmatrix.com is provided by IT Matrix as the owner of the Site. It is meant to provide general guidance and brief information to the visitors about the company, its services, solutions, and partners.
Based on the fundamental universal condition of the electronic communication process, IT Matrix does NOT guarantee or warrant that the Site will be uninterrupted, without delay, error-free, omission-free, or free of viruses. Therefore, the information is provided "as is" without warranties of any kind, express or implied, including accuracy, timeliness and completeness. In NO event shall IT Matrix, its related partners, directors, principals, agents or employees be liable for any direct, indirect, incidental, special, exemplary, punitive, consequential or other damages or claims whatsoever including, but not limited to: failure to use the Site, loss of data, loss in profits/business arising out of or in connection with the Site.
Any unauthorized use of any materials or information on the Site is subject to violating copyright, trademark and other laws. Should a user download the materials on the Site for personal or non-commercial use, the user must retain all copyright, trademark or other similar notices contained in the original materials or any copies of the material. Materials or Information on the Site may not be modified, reproduced, changed, copied, quoted, used for commercial purposes or publicly displayed, without the written approval of IT Matrix authorized personnel.
Partners or Third Party Links are provided on the Site as a convenience to our visitors. IT Matrix does not control and is not responsible for any of these sites or their contents. IT Matrix is obligated to protect its reputation and trademarks and IT Matrix reserves the right to remove any link on its Site.
Explicit permission is required to use the IT Matrix logo. To request this written approval, contact us at: admin@itmatrix.com.
The following web link activities are explicitly prohibited by IT Matrix and may present trademark and copyright infringement issues:
Workshop & Training
Using IT Matrix workshop and training platform, the entire organization is able to understand the scope and impact of the Payment Card Industry Data Security Standard (PCI DSS) and through consensus, agree on an action plan across business and IT. Additionally it allows business to understand the potential foreseen cost of compliance and for IT to understand the amount of work that has to be done.
Remediation Consulting
This service takes the burden off the operational staff by assigning personnel to guide them and share the workload in completing their daily tasks in parallel to the tasks required for compliance. The allocation of a Subject Matter Expert (SME) ensures that agreed tasks are consistent with the common goal and meet the requirements of business and the PCI DSS. Furthermore, it is assured that the knowledge transfer takes place as a requirement for process improvement within the organization.
Compliance Consultation
Organization may not be in the position to use the Remediation Consulting or PCI DSS Workshop and Training offerings or would in addition to the Workshop and Training offering, prefer to have a SME available through either telephonic or email for clarification purposes. In such instance, organization would work on their own understanding of the PCI DSS and get the agreed email and telephonic support.
Approved Scanning Vendor
The PCI DSS requires applicable organizations to perform external vulnerability scans against their internet facing systems; these scans must be performed by an Approved Scanning Vendor (ASV). All ASVs must scan the systems for an amount of vulnerabilities and while most use the same tool to perform the scan, the tool does report different results. It is therefore important to the companies that wish to keep their PCI DSS certification to have a consistent approach to the scanning of its systems to prevent misunderstandings and minimize false positives. Additionally, the use of a single ASV will ensure that the organizations are aware of the process to be followed in the event of major infrastructure changes in their web facing services.
Documentation Review
Many organizations believe that their documentation is sufficient to comply with the PCI DSS, which is unfortunately is not the case in most of the time. The reasons normally given for shortfalls in documentation are usually related to lack of review and understanding the extent of the requirements and the amount required. The document review entails a full review of all documentation required by the PCI DSS including documentation not specifically stated but required in order to show compliance.
Documentation Development & Implementation
The main requirement for proving compliance is documentation. However, documentation should be neither a financial nor an administrative burden on the organization. This means that the documentation should be specific to the organization and meet its legal, regulatory, fiduciary and contractual obligations of which PCI is a subset. IT Matrix can either provide support services for building the documentation framework from concept development to implementation or create and implement approved policies, processes, procedures, work instructions, guidelines and standards within the organization as required for compliance.