Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Announces General Availability of Cloud-Based Customisable Questionnaire

New QualysGuard Solution Automates Vendor Risk Management and Certification Processes

REDWOOD CITY, Calif., June 10, 2013 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced the availability of customisable questionnaires in its QualysGuard Cloud Platform and suite of integrated solutions for security and compliance. Businesses can use the new Questionnaire solution to centralise and automate the vendor risk assessment process, reducing time and increasing efficiency. It also helps companies ensure that their service providers and IT suppliers do not disrupt or hurt business performance.

Gartner defines Vendor risk management as follows: IT GRC (Governance, Risk and Compliance) technology can help organise survey data and responses from partners, vendors and others to prioritise vendor risk against security and other IT-related requirements.[1] However, vendor risk management is typically done using emails and spreadsheets, making it tedious, time-consuming and decentralised.

QualysGuard’s new customisable questionnaire service streamlines vendor risk programs by providing a centralised, secure and easy-to-deploy solution for vendor classification assessment, risk assessment and the approval of vendors based on their respective criticality. QualysGuard Questionnaire simplifies each of these steps by providing an efficient way to: classify vendors by identifying the type of information shared with the vendors, such as Personal Identifiable Information (PII), Protected Health Information (PHI) and credit card information, assess the vendor risk by launching tailored assessments based on the vendor criticality, and track progress to finally reject or approve vendors. This allows customers to better manage their vendor security programs by making it transparent, consistent, accountable and repeatable, while proving compliance across multiple regulations or standards such as ISO 27002 Section 10.2, FFIEC and GLBA IT Security Handbook, HIPAA - (§ 164.308(b)(1)) or PCI DSS 2.0.

“We participated in the QualysGuard Questionnaire beta and used it to assess the risk of various vendors and partners we work with,” said Randy Barr, VP chief security and information officer for Saba. “We found the solution easy to use and customisable to our vendor risk assessment needs, and having it delivered via the cloud allowed us to easily assess third-parties – giving vendor contacts access to complete online vendor assessments and reminders for pending and past-due assessments.

The new service provides:

  • Questionnaire responder interface that offers subject matter experts, an easy-to-use set of tools to quickly and efficiently assign and complete questionnaires, including evidence attachment by drag and drop, and quick delegation of questions, sections, or even entire questionnaires.
  • Visual Questionnaire designer, which provides analysts an intuitive user interface to visually design questionnaire and define requirements for evidence, comments or asset attachment.
  • Assessment workflow that includes the ability to automatically send assignments or reminder emails to questionnaire respondents, track progress and quickly identify non-active assessments.
  • Dashboards and reports providing insight into progress, compliance and risk posture for a single assessment or across a defined set of assessments.
  • Integrated library of 500+ regulations, standards, guidelines and best practices via the leverage of the Unified Compliance Framework (UCF), and the ability to automatically build a single questionnaire encompassing multiple regulations or standards such as the one provided by Shared Assessment program: SIG and AUP.

“Our new customisable questionnaire service extends QualysGuard’s capabilities for mapping and scanning, with an easy-to-use and cost-effective cloud-based approach to manage non-IT controls with support for authoring, distributing, completing, collecting, and documenting surveys,” said Philippe Courtot, Chairman and CEO of Qualys. “This helps organisations to streamline and expand their vendor risk assessment programs.”

Availability and Pricing

The new customisable questionnaire service is now available as part of the QualysGuard security and compliance suite. Pricing starts at $9,995 per year and is based on the number of analysts. It includes 24x7 support and full updates. For more information, visit:

About QualysGuard Cloud Platform

The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions help provide organisations of all sizes with a global view of their security and compliance posture while reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enables customers to identify their IT assets, collect and analyse large amounts of IT security data, discover and prioritise vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.

About Qualys

Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organisations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organisations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies

[1] Gartner, Inc., “Technology Overview for IT GRC: Clarifying IT GRC to Match Technology Need,” by Paul E. Proctor, April 14, 2013

Media Contact:
Tami Casey