CHICAGO, February 20 /PRNewswire/ --

- New SAQ available in TrustKeeper(R) compliance management portal

Trustwave, the leading provider of information security and compliance
management solutions for businesses and organizations throughout the world,
has upgraded TrustKeeper with the new Self-assessment Questionnaire (SAQ)
Version 1.1, issued by the Payment Card Industry Security Standards Council
(PCI SSC) earlier this month. TrustKeeper, a Web-based, real-time compliance
management tool used for compliance validation with the Payment Card Industry
Data Security Standard (PCI DSS) by thousands of merchants and service
providers throughout the world, is the first compliance management solution
to support the new SAQ version 1.1.

The SAQ is a validation tool used primarily by Level 2, 3 and 4 merchants
(and some smaller service providers), as defined by the major card brands --
Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB
-- to validate compliance with the PCI DSS. The PCI SSC updated SAQ version
1.0 to better align with PCI DSS version 1.1 and created four variants to
ensure merchants only answer questions relevant to their environment. Each of
the four variants, labeled A, B, C and D have qualifying questions used to
determine which of the four questionnaires a merchant is required to
complete. Each merchant completing the SAQ version 1.1 selects the
questionnaire that best represents their environment, based on the
descriptions below:

SAQ 
    Validation                                                    Number of
       Type                 Description                SAQ        Questions

        1     Card-not-present (e-commerce or           A            11
              mail/telephone-order) merchants, 
              all cardholder data functions 
              outsourced. This would never apply 
              to face-to-face merchants.

        2     Imprint-only merchants with no            B            21
              electronic cardholder data storage.

        3	  Stand-alone terminal merchants, no        B            21
              electronic cardholder data storage.

        4	  Merchants with POS systems connected      C            38
              to the Internet, no electronic 
              cardholder data storage.

        5     All other merchants (not included in      D           226
              Types 1-4 above) and all service 
              providers defined by a payment brand 
              as eligible to complete an SAQ.

TrustKeeper now supports both the previous SAQ version 1.0, as well as,
the four forms of the new SAQ version 1.1, allowing merchants to choose which
version they wish to complete. According to the PCI SSC, after April 30,
2008, the older SAQ version 1.0 will no longer be accepted for compliance
validation. From that date forward, all merchants will be required to use the
new SAQ version 1.1.

To help merchants and service providers better understand SAQ version
1.1, Trustwave is hosting a webinar on Wednesday, February 27, 2008, at 1:00
p.m. CST (GMT -06:00, Chicago) to discuss and explain the changes.
Additionally, Trustwave has created an SAQ version 1.1 compliance bulletin to
explain the changes and how they may affect merchants (and some service
providers). Those parties responsible for the completion of the SAQ are
encouraged to sign up for this webinar and download the compliance bulletin
by visiting the following page: https://www.trustwave.com/NewSAQ.php.

"The updated Self Assessment Questionnaire is an important tool the
Council is providing to the merchant and service provider community that is
streamlined and in line with the latest version of the PCI Data Security
Standard," said Bob Russo, General Manager, PCI Security Standards Council.
"With the new SAQ in place, we are making it easier and more cost effective
for our stakeholders to gain PCI compliance."

"As a provider of PCI DSS compliance to thousands of businesses and
organizations throughout the world, it is incumbent on us to make the latest
tools, such as the new SAQ, available to our clients," says Robert J.
McCullen, chairman and CEO of Trustwave. "In support of the rollout of the
new SAQ, we are offering educational opportunities including our webinar and
SAQ supplemental documentation to help Trustwave customers better understand
the new SAQ and how it could affect their business."

About Trustwave

Trustwave is the leading provider of on-demand and subscription-based
information security and compliance management solutions to businesses and
government entities throughout the world. For organizations faced with
today's challenging data security and compliance environment, Trustwave
provides a unique approach with comprehensive solutions that include its
flagship TrustKeeper(R) compliance management software and other proprietary
security solutions. Trustwave has helped more than 30,000 organizations --
ranging from Fortune 500 businesses and large financial institutions to small
and medium-sized retailers-manage compliance and secure their network
infrastructure, data communications and critical information assets.
Trustwave is headquartered in Chicago with offices throughout North
America, Europe, Africa, Asia and Australia.

Web site: http://www.trustwave.com