Legal Documents
Contract Documents
Master Agreements, Terms & Conditions
The Master Terms and Conditions, Order Confirmation, Data Protection Agreement (as applicable), Service Descriptions (including dependencies and assumptions) (as applicable), Trustwave End User License Agreement (as applicable), third party end user license agreements (as applicable), and any non-disclosure agreement executed between the parties, will apply to the services you purchase from Trustwave.
- (PDF) Trustwave Master Terms and Conditions
- (PDF) Trustwave EMEA Master Terms and Conditions
- (PDF) Trustwave Australia Master Terms and Conditions
- (PDF) Data Protection Agreement
- (PDF) Trustwave End User License Agreement (EULA)
Dependencies and Assumptions
The following service descriptions will apply to the Trustwave services under the categories below purchased through the Trustwave Order Confirmation. Trustwave Services are categorized into Managed Security Services (MSS), Global Compliance and Risk Services (GCRS), Non-Managed Services, SpiderLabs Services, Cyber Security Education Services and Third Party Product (TPP) Implementation and Support Services. Client understands and agrees that each category of services will have a set of dependencies and assumptions that equally apply to all services under that category.
- (PDF) Managed Security Services
- (PDF) GCRS Services
- (PDF) Non-Managed Services
- (PDF) SpiderLabs Services
- (PDF) DFIR Services
- (PDF) Cyber Security Education Services
- (PDF) TPP Implementation and Support Services
Managed Detection and Response
- (PDF) MSS Transition Service
- (PDF) Co-Managed SOC
- (PDF) Managed Detection and Response Essential (MDR Essential)
- (PDF) Managed Detection and Response Complete (MDR Complete)
- (PDF) Threat Detection and Response: Managed Detection
- (PDF) Managed Intrusion Detection Security (IDS)
- (PDF) Security and Compliance Monitoring
- (PDF) Proactive Threat Hunting
- (PDF) Information Security Advisor (ISA)
- (PDF) Client Success Manager (CSM)
Managed Security Compliance (MSC)
- (PDF) Managed Security and Compliance (MSC)
- (PDF) Managed Security and Compliance (MSC) – Compliance Essentials
- (PDF) Managed Security and Compliance (MSC) – P2PE
Cloud Security
- (PDF) Security Services for Cloud Access Security Broker (CASB)
- (PDF) Security Services for Secure Web Gateway (SWG)
Security Technology Management
To the extent that Client purchases Security Technology Management Services, the main “Security Technology Management” service description will apply.
- (PDF) Security Technology Management (On Premise/Hybrid)
- (PDF) Security Technology Management (Cloud)
The following addenda to the main "Security Technology Management" service description should also apply for any relevant supported solutions purchased by Client.
- (PDF) IDPS/NGFW Solution
- (PDF) Endpoint Protection Solution
- (PDF) Multi Factor Authentication (MFA)
- (PDF) Security Technology Management - Cloud WAF Addendum
- (PDF) Security Technology Management - Cloud WAF Addendum (MSS Transition)
- (PDF) Public Cloud Security (IaaS)
- (PDF) Managed Next Generation Firewall
- (PDF) Managed Application Control (MAC)
Database Security
Scanning
- (PDF) Security Testing for Networks
- (PDF) Vulnerability Scanning
Secure Email Gateway
- (PDF) Trustwave Secure Email Gateway (Non-Managed)
- (PDF) Trustwave WebMarshal
- (PDF) Secure Email Gateway
Security Testing
SpiderLabs Services
Managed Security Testing (MST) Services
Trusted Advisor and Consulting Services
Penetration Testing Offerings
- (PDF) Trustwave SpiderLabs Testing
- (PDF) Active Directory Review
- (PDF) Amazon Web Services
- (PDF) Application Penetration Testing
- (PDF) Application Source Code
- (PDF) Azure Cloud Assessment
- (PDF) ATM Technical Security Review
- (PDF) Embedded Security Assessment
- (PDF) External Network Penetration Testing
- (PDF) Internal Network Penetration Testing
- (PDF) Mobile Application Penetration Testing
- (PDF) Operational Technology Security Assessment
- (PDF) Physical Security Assessment
- (PDF) Purple Teaming
- (PDF) Red Teaming
- (PDF) Segmentation Test Discovery Scan
- (PDF) Social Engineering
- (PDF) Virtualization Technology Assessments
- (PDF) Wireless Penetration Testing
Spider Labs Incident Response & Forensics (DFIR)
- (PDF) Comprehensive IR Retainer
- (PDF) Essentials IR Retainer
- (PDF) Standard IR Retainer
- (PDF) Incident Response Readiness Assessment (IRRA)
- (PDF) Fundamentals of Incident Response (FIRE) course
- (PDF) DFIR Proactive Services
- (PDF) Computer Security Incident Response Plan (CSIRP) Development
- (PDF) Incident Response Management and Investigation (IRMI) Course
- (PDF) Tabletop Exercises
Security Awareness Training
Security Awareness Education (SAE)
- (PDF) SAE Trustwave Hosted
- (PDF) SAE Client Hosted
- (PDF) SAE Content Updates
- (PDF) SAE Custom Content Development
- (PDF) SAE Translation Service
Secure Development Training (SDT)
- (PDF) SDT Trustwave Hosted
- (PDF) SDT Client Hosted
Third Party Products
- (PDF) Carbon Black Response Technology Implementation Service
- (PDF) Carbon Black Technical Support Center Services
- (PDF) Cybereason Technology Implementation Service
- (PDF) DarkTrace Technology Implementation Service
- (PDF) FortiGate Next Generation Firewall Deployment Service
- (PDF) Palo Alto Next Generation Firewall Deployment Service
- (PDF) Palo Alto Technical Support Center Services
- (PDF) Splunk Technical Support Center Services
- (PDF) Splunk Technology Implementation Service
Third Party End User License Agreements
To the extent that Client purchases (i) a third party product or (ii) a service with third party product that is integrated into or used in the provision of services (“Third Party Bundle”), the following end user license agreements (“EULA”) shall apply. Client agrees to be bound by an applicable EULA when purchasing an applicable Third Party Bundle in addition to the terms and conditions between Trustwave and Client.
- Akamai Privacy Policies
- Akamai AUP
- Akamai EULA
- (PDF) Aqua Security Software EULA
- (PDF) Carbon Black
- Cisco
- (PDF) Cybereason
- Fortinet
- Netskope Software EULA
- Netskope Subscription Terms
- Palo Alto
- Symantec VIP
Consulting and Professional Services
Compliance
- (PDF) Data Loss Prevention – Discover
- (PDF) Endpoint Protection Suite
- (PDF) Extended Validation (EV) SSL Certificate
- (PDF) Managed Network Access Control (NAC)
Global Compliance Risk Services (GCRS)
Payment Card Industry Data Security Standards (PCI DSS) Services
- (PDF) PCI DSS Compliance Validation Service
- (PDF) PCI DSS Gap Assessment
- (PDF) PCI DSS General Consulting
- (PDF) PCI DSS Policy and Procedures Service
- (PDF) PCI DSS Policy Template
- (PDF) PCI DSS Readiness Subject Matter Expert Consulting
- (PDF) PCI DSS Readiness Workshop
- (PDF) PCI DSS Remediation Service
- (PDF) PCI DSS Self-Assessment Consulting
- (PDF) PCI DSS Self-Assessment Validation
Payment Application Data Security Standards (PA-DSS) Services
- (PDF) PA-DSS Application Security Review
- (PDF) PA-DSS Compliance Validation Service
- (PDF) PA-DSS Final Application Review
- (PDF) PA-DSS General Consulting
- (PDF) PA-DSS High-Impact Change Assessment
- (PDF) PA-DSS Low-Impact Change Assessment
- (PDF) PA-DSS Maintenance Program
- (PDF) PA-DSS No-Impact Change Assessment
- (PDF) PA-DSS Training
- (PDF) SSF Consulting
- (PDF) SSF Gap Assessment
- (PDF) SSF Pre-Assessment Workshop
- (PDF) SSF Secure SLC Compliance Validation Service
- (PDF) SSF Secure Software Compliance Validation Service
Point-to-Point Encryption (P2PE) Services
- (PDF) Non-listed Encryption Implementation Review
- (PDF) Non-listed Encryption Solution Assessment
- (PDF) P2PE Application Assessment
- (PDF) P2PE Application Delta Change Assessment
- (PDF) P2PE Application No-Impact Change Assessment
- (PDF) P2PE Component Assessment
- (PDF) P2PE Gap Assessment
- (PDF) P2PE General Consulting
- (PDF) P2PE Pre-Assessment Workshop
- (PDF) P2PE Solution Assessment
- (PDF) P2PE Solution Designated Change Assessment
Other PCI and Payment Services
- (PDF) CPS 234 Information Security Gap Assessment
- (PDF) Payment Services Directive Gap Assessment
- (PDF) PCI Card Production Compliance Validation Service
- (PDF) PCI Card Production Gap Assessment
- (PDF) PCI Card Production General Consulting
- (PDF) PCI Card Production Pre-Assessment Workshop
- (PDF) PCI PIN Gap Assessment
- (PDF) PCI PIN General Consulting
- (PDF) PCI PIN Security Assessment
- (PDF) PCI Three Domain Secure Core Security Assessment
- (PDF) PCI Three Domain Secure Gap Assessment
- (PDF) PCI Three Domain Secure General Consulting
- (PDF) PCI Token Service Provider Assessment
Privacy and Data Protection Services
- (PDF) Brazil Data Privacy Consulting
- (PDF) Brazil Data Privacy Impact Assessment
- (PDF) Brazil Data Privacy Policy Service
- (PDF) Brazil Data Privacy Risk Assessment
- (PDF) Brazil LGPD Gap Assessment
- (PDF) CCPA Gap Assessment
- (PDF) EMEA Data Privacy Consulting
- (PDF) EMEA Data Privacy Impact Assessment
- (PDF) EMEA Data Privacy Policy Service
- (PDF) EMEA Data Privacy Risk Assessment
- (PDF) EMEA Data Privacy Workshop
- (PDF) EMEA Data Privacy Privacy Workshop & Subject Matter Expert Consulting
- (PDF) HIPAA Gap Assessment
- (PDF) HIPAA Policy Service
- (PDF) HIPAA Remediation Consulting
- (PDF) HIPAA Risk Assessment
- (PDF) NIST Privacy Framework Consulting
- (PDF) US Data Privacy Consulting
- (PDF) US Data Privacy Impact Assessment
- (PDF) US Data Privacy Mapping
- (PDF) US Data Privacy Policy Service
- (PDF) US Data Privacy Risk Assessment
- (PDF) US Data Privacy Subject Rights Request Consulting
Risk Assessment Services
- (PDF) Information Security Risk Assessment
- (PDF) Information Security Risk Assessment Remediation Consulting
- (PDF) International Standards Organization Gap Assessment
General Consulting Services
- (PDF) General Consulting
- (PDF) NIST Controls Assessment
- (PDF) Onsite Chief Information Security Officer