Bring Your IT-GRC Program to the Cloud
The QualysGuard Cloud Platform and integrated suite of applications delivers a unified solution that helps businesses automate their GRC efforts and expedite compliance requirements.
Automated & Agent-less.
Provides automated and agent-less compliance auditing supporting multiple frameworks and regulatory initiatives.
Includes customizable questionnaires and business workflows to evaluate controls, gather evidence and validate compliance with auditors.
Seamless Integration with Enterprise GRC solutions.
QualysGuard provides direct connectors to all leading GRC solutions for consolidation of compliance data and reporting.
QualysGuard PC provides a comprehensive controls library based on CIS and NIST standards and mapped directly to frameworks and regulations such as COBIT, ISO, HIPAA, FISMA and others. You can customize these controls to fit the pass/fail criteria for your compliance needs.
Define and customize your polices from a library of defined standards using the Unified Compliance Framework (UCF) or leveraging existing business process workflows to evaluate controls, gather evidence and validate compliance.
Conduct technical control assessments on your servers, hosts and databases to gather OS configurations and application access controls data that will be mapped automatically to IT-controls within our policies.
Use an integrated customizable questionnaires service to o manage non-IT controls with support for authoring, distributing, completing, collecting, and documenting surveys, helping your organizations to further automate and expedite compliance requirements.
Detailed compliance reports help you determine compliance with your defined set of policies. QualysGuard scanners safely and accurately measure compliance against the technical controls specified in your policies and identifies compliance lapses for remediation.
Users may request exceptions for some hosts/controls in a selected policy to support a business need. You can submit exceptions for one or more hosts/controls in a policy that failed compliance. Exceptions are typically limited to a period of time and will need to be approved by a manager or auditor in order to pass compliance for the specified period.
Intuitive and easy-to-read reports provide detailed technical analysis of compliance, executive-level summaries, and reports tailored for auditors. You can customize your own reports from templates with flexible options and interactive charts.
QualysGuard Policy Compliance out-of-box integrations with leading GRC solutions helps leverage these investments by automating the collection of technical controls and passing it back to these solutions for consolidated reporting and correlation with multiple compliance requirements.