CHICAGO, February 20 /PRNewswire/ --

- New SAQ available in TrustKeeper(R) compliance management portal

Trustwave, the leading provider of information security and compliance management solutions for businesses and organizations throughout the world, has upgraded TrustKeeper with the new Self-assessment Questionnaire (SAQ) Version 1.1, issued by the Payment Card Industry Security Standards Council (PCI SSC) earlier this month. TrustKeeper, a Web-based, real-time compliance management tool used for compliance validation with the Payment Card Industry Data Security Standard (PCI DSS) by thousands of merchants and service providers throughout the world, is the first compliance management solution to support the new SAQ version 1.1.

The SAQ is a validation tool used primarily by Level 2, 3 and 4 merchants (and some smaller service providers), as defined by the major card brands -- Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB -- to validate compliance with the PCI DSS. The PCI SSC updated SAQ version 1.0 to better align with PCI DSS version 1.1 and created four variants to ensure merchants only answer questions relevant to their environment. Each of the four variants, labeled A, B, C and D have qualifying questions used to determine which of the four questionnaires a merchant is required to complete. Each merchant completing the SAQ version 1.1 selects the questionnaire that best represents their environment, based on the descriptions below:

SAQ Validation Number of Type Description SAQ Questions 1 Card-not-present (e-commerce or A 11 mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. 2 Imprint-only merchants with no B 21 electronic cardholder data storage. 3 Stand-alone terminal merchants, no B 21 electronic cardholder data storage. 4 Merchants with POS systems connected C 38 to the Internet, no electronic cardholder data storage. 5 All other merchants (not included in D 226 Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ.

TrustKeeper now supports both the previous SAQ version 1.0, as well as, the four forms of the new SAQ version 1.1, allowing merchants to choose which version they wish to complete. According to the PCI SSC, after April 30, 2008, the older SAQ version 1.0 will no longer be accepted for compliance validation. From that date forward, all merchants will be required to use the new SAQ version 1.1.

To help merchants and service providers better understand SAQ version 1.1, Trustwave is hosting a webinar on Wednesday, February 27, 2008, at 1:00 p.m. CST (GMT -06:00, Chicago) to discuss and explain the changes. Additionally, Trustwave has created an SAQ version 1.1 compliance bulletin to explain the changes and how they may affect merchants (and some service providers). Those parties responsible for the completion of the SAQ are encouraged to sign up for this webinar and download the compliance bulletin by visiting the following page: https://www.trustwave.com/NewSAQ.php.

"The updated Self Assessment Questionnaire is an important tool the Council is providing to the merchant and service provider community that is streamlined and in line with the latest version of the PCI Data Security Standard," said Bob Russo, General Manager, PCI Security Standards Council. "With the new SAQ in place, we are making it easier and more cost effective for our stakeholders to gain PCI compliance."

"As a provider of PCI DSS compliance to thousands of businesses and organizations throughout the world, it is incumbent on us to make the latest tools, such as the new SAQ, available to our clients," says Robert J. McCullen, chairman and CEO of Trustwave. "In support of the rollout of the new SAQ, we are offering educational opportunities including our webinar and SAQ supplemental documentation to help Trustwave customers better understand the new SAQ and how it could affect their business."

About Trustwave

Trustwave is the leading provider of on-demand and subscription-based information security and compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper(R) compliance management software and other proprietary security solutions. Trustwave has helped more than 30,000 organizations -- ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, Europe, Africa, Asia and Australia.

Web site: http://www.trustwave.com

Michelle Genser of Trustwave, +1-312-873-7288, mgenser@trustwave.com