REDWOOD CITY, CA--(Marketwired - Jun 10, 2013) - Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced the availability of customizable questionnaires in its QualysGuard® Cloud Platform and suite of integrated solutions for security and compliance. Businesses can use the new Questionnaire solution to centralize and automate the vendor risk assessment process, reducing time and increasing efficiency. It also helps companies ensure that their service providers and IT suppliers do not disrupt or hurt business performance.
Gartner defines Vendor risk management as follows: IT GRC (Governance, Risk and Compliance) technology can help organize survey data and responses from partners, vendors and others to prioritize vendor risk against security and other IT-related requirements.1 However, vendor risk management is typically done using emails and spreadsheets, making it tedious, time-consuming and decentralized.
QualysGuard's new customizable questionnaire service streamlines vendor risk programs by providing a centralized, secure and easy-to-deploy solution for vendor classification assessment, risk assessment and the approval of vendors based on their respective criticality. QualysGuard Questionnaire simplifies each of these steps by providing an efficient way to: Classify vendors by identifying the type of information shared with the vendors, such as Personal Identifiable Information (PII), Protected Health Information (PHI) and credit card information; assess the vendor risk by launching tailored assessments based on the vendor criticality; and track progress to finally reject or approve vendors. This allows customers to better manage their vendor security programs by making it transparent, consistent, accountable and repeatable, while proving compliance across multiple regulations or standards such as ISO 27002 Section 10.2, FFIEC and GLBA IT Security Handbook, HIPAA - (§ 164.308(b)(1)) or PCI DSS 2.0.
"We participated in the QualysGuard Questionnaire beta and used it to assess the risk of various vendors and partners we work with," said Randy Barr, VP chief security and information officer for Saba. "We found the solution easy to use and customizable to our vendor risk assessment needs, and having it delivered via the cloud allowed us to easily assess third-parties -- giving vendor contacts access to complete online vendor assessments and reminders for pending and past-due assessments."
The new service provides:
- Questionnaire responder interface that offers subject matter experts, an easy-to-use set of tools to quickly and efficiently assign and complete questionnaires, including evidence attachment by drag and drop, and quick delegation of questions, sections or even entire questionnaires.
- Visual Questionnaire designer, which provides analysts an intuitive user interface to visually design a questionnaire and define requirements for evidence, comments or asset attachment.
- Assessment workflow that includes the ability to automatically send assignments or reminder emails to questionnaire respondents, track progress and quickly identify non-active assessments.
- Dashboards and reports providing insight into progress, compliance and risk posture for a single assessment or across a defined set of assessments.
- Integrated library of 500+ regulations, standards, guidelines and best practices via the leverage of the Unified Compliance Framework (UCF), and the ability to automatically build a single questionnaire encompassing multiple regulations or standards such as the one provided by Shared Assessment program: SIG and AUP.
"Our new customizable questionnaire service extends QualysGuard's capabilities for mapping and scanning, with an easy-to-use and cost-effective cloud-based approach to manage non-IT controls with support for authoring, distributing, completing, collecting and documenting surveys," said Philippe Courtot, chairman and CEO of Qualys. "This helps organizations to streamline and expand their vendor risk assessment programs."
Availability and Pricing
The new customizable questionnaire service is now available as part of the QualysGuard security and compliance suite. Pricing starts at $9,995 per year and is based on the number of analysts. It includes 24x7 support and full updates. For more information, visit: www.qualys.com/questionnaire.
About QualysGuard Cloud Platform
The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions help provide organizations of all sizes with a global view of their security and compliance posture while reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enables customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.
Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).
For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies
1 Gartner, Inc., "Technology Overview for IT GRC: Clarifying IT GRC to Match Technology Need," by Paul E. Proctor, April 14, 2013