Cloud Platform
Solutions
Subscriptions
Cloud platform apps
Customers
Partners
Community
Support
Company
Login

Cloud platform apps

Security Assessment Questionnaire.

Minimize the risk of doing business with vendors and other third parties.

Transformative cloud solution for automating and streamlining an organization’s vendor risk management process

SABA

Questionnaire is easy to use and to customize. Having it delivered via the cloud allows us to easily assess third parties.

Randy Barr Randy Barr VP & CISO at Saba

Highlights

Intuitive campaign design

SAQ helps create campaign questionnaires with due dates, notifications, assigned reviewers, various answer formats, question criticality, answer scores, evidence requirements and varying workflows. You do this using SAQ’s wizard and its simple, drag-and-drop web UI. You can also use SAQ’s library of out-of-the-box templates covering common compliance standards.

Simplified questionnaire distribution

There’s no need to set up user accounts. Organizations enter vendor emails and SAQ auto-provisions the surveys. Respondents complete surveys on browser-based forms, and can delegate questions they can’t answer. As deadlines approach, administrators can trigger reminder emails to respondents. Organizations can also set up recurring campaigns.

Automated campaign tracking

SAQ captures responses in real time and aggregates them in one central dashboard, so administrators can see campaigns’ progress. SAQ displays charts updated live, and lets administrators drill down to individual respondent questionnaires, and slice and dice results. Administrators can manage multiple campaigns at different stages of completion.

Comprehensive, customizable reports

SAQ generates proof of compliance with detailed reports and caters to a variety of users, including upper management via executive-level dashboards, as well as auditors and compliance officers with more granular views of the data. SAQ can also be used for polling your employees and managers in internal audits and documenting compliance.

Quickly design and build your questionnaires

SAQ streamlines your third-party and internal risk assessment processes right from the questionnaire creation phase. With SAQ, you easily design in-depth surveys to make business-process control assessments of security policies and practices of third parties and internal staff, and their compliance with industry standards, regulations and internal requirements.

  • Let SAQ’s wizard walk you through the creation of campaigns, including assigning deadlines and configuring notifications

  • Create questionnaires with SAQ’s drag-and-drop UI, or tap SAQ’s template library of surveys for regulations like HIPAA, Basel 3 and SOX, and industry standards like PCI

  • Require that respondents attach evidence files for certain answers

  • Form questions with various types of answer formats, such as multiple-choice check boxes, drop-down menus and open-ended text boxes

  • Configure questions to be dynamically shown or hidden based on a prior response

  • Design campaigns with different workflows: Accept surveys once they’ve been completed by respondents, or require extra steps, such as supervisor reviews and approvals

  • Assign criticality levels to questions, and a score for answer options in the questionnaire templates. The question criticality scale is customizable with labels and answer weights

  • Allow respondents to delegate questions to peers that are better able to answer them

Launch and track campaigns from SAQ’s central console

The traditional way of conducting these risk assessment surveys – emailing questionnaires and tracking responses on a spreadsheet – no longer cuts it. SAQ automates these audit campaigns and makes the process agile, accurate, comprehensive, centralized, scalable and uniform across your organization.

  • Enter respondent emails in the SAQ web console and SAQ auto-provisions the surveys, sending out links to the web-based questionnaires

  • Centrally manage and track the progress of all of your campaigns

  • Monitor response activity in dashboards updated in real time, and literally watch as questions are answered

  • Let supervisors review the format and content of questionnaires before they’re launched and even while a campaign is in progress

  • Set up recurring campaigns that need to be run with a specific frequency

  • Support a wide variety of risk assessment use cases within your organization and externally with your vendors, contractors, partners and consultants, including:

    • Auditing current vendors to make sure they remain compliant
    • Evaluating vendors bidding for your business
    • Assessing for the first time a key supplier you just signed up
    • Conducting a “postmortem” assessment of a slip-up by one of your third parties
    • Verifying your employees understand IT security and compliance policies and procedures

Simplify the process of responding to questionnaires

If the process of filling out a risk assessment questionnaire is cumbersome, this will affect the quality and thoroughness of answers provided by respondent, as well as their timeliness for completing the surveys. SAQ makes the task intuitive with a raft of convenient features designed to make life easier for respondents, including.

  • Quickly and efficiently completing questionnaires from any browser at any time

  • Securely attaching evidence files with drag-and-drop convenience

  • Delegating questions to other users or user groups based on their role

  • Receiving reminder emails regarding due dates and completion status

Document, visualize and share campaign results

The goal of these campaigns is to quickly and precisely identify IT security and compliance gaps among your network of third parties, and within your organization, so you can take appropriate action. SAQ gives you all the tools for displaying, understanding, analyzing and acting on the collected data.

  • Provide high-level dashboards for executives and detailed views for internal auditors and compliance officers

  • When generating reports, filter data by question criticality and answer scores to derive an overall risk score or identify high risk areas

  • Create custom dashboards designed to reflect the risk and compliance postures of specific third parties

  • Slice and dice campaign results using a variety of criteria, such as by vendor, respondent or specific questions

  • Generate proof of compliance with detailed reports

Powered by the Qualys Cloud Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all of their IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption & strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, no software to install, and no databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Email us or call us at +1 800 745 4355.