Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Publishes “IT Policy Compliance for Dummies”

Comprehensive Guide Helps Readers Understand and Plan for Information Technology (IT) Policy Compliance

Redwood City, Calif. - March 31, 2010 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced that it has published a new handbook – “IT Policy Compliance for Dummies” – an easy-to-use guide to what IT and security managers need to know about IT policy compliance. Created in conjunction with publisher John Wiley & Sons and co-authored by Qualys’ Jason Creech and Matt Alderman, the book simply explains IT policy compliance and the steps an organization needs to carry out to prove compliance to an independent auditor. To download a free copy of this book, visit:

Because the vast majority of business today is done through or with IT, organizations of all sizes are required to operate according to accepted industry standards and demonstrate IT compliance according to internal policies and external regulations. According to Gartner research, “by facilitating the mapping of controls to specific IT resources, and by automating the collection and reporting of information on the degree to which those controls are being performed, IT governance, risk and compliance management can be used to improve an organization’s external audit posture, reduce compliance reporting costs and improve an organization’s capability to address IT risks.”*

“IT Policy Compliance for Dummies” outlines the process in five parts:

  • Stepping Into the World of IT Policy Compliance for a primer on the meaning of policy compliance and its relationship to IT.

  • Defining the Problem of IT Policy Compliance to direct readers to the alphabet soup of regulations and standards and look at how they relate to policy compliance.

  • Best Practices for IT Policy Compliance Management providing a swift orientation to the guts of IT policy compliance, including ten best practices.

  • Looking at Automation in IT Policy Compliance helping readers discover how automation can help their organizations ease policy compliance and save money.

  • Ten Tips for IT Policy Compliance listing the steps to ensure compliance with regulations and standards.

“This book is based on industry best practices compiled from working with organizations on IT compliance initiatives,” said Alderman and Creech. “We hope this will be a valuable resource helping businesses understand IT policy compliance and take the steps necessary to ensure their companies pass audits for the set of regulations with which they must comply.”

“IT Policy Compliance for Dummies” is Qualys’ third book in John Wiley & Sons’ for Dummies publications. To learn more about these publications or to download free copies, visit:

About the Authors
As director of product management at Qualys, Matt Alderman designs, plans and implements compliance solutions that strengthen organizations. With 20 years of experience in IT, including 12 years in network security and compliance, Alderman has held key roles addressing risk and compliance needs, including serving as Founder and Chief Technology Officer for ControlPath, VP of compliance management solutions for Trustwave, and director of compliance services at Accuvant.

With over 17 years in IT, Jason Creech is director of compliance solutions at Qualys. Creech has spent the last 10 years promoting enterprise IT security and compliance solutions including product management, project management, security and compliance consulting, presales engineering, evangelism and product training, and has assisted much of the Fortune 1000 in the creation of IT security policy.

About John Wiley & Sons
Wiley’s Scientific, Technical, Medical, and Scholarly business, also known as Wiley-Blackwell, is one of the world’s foremost academic and professional publishers and the largest society publisher. The business was created in February 2007 by merging Blackwell Publishing with Wiley’s global Scientific, Technical, and Medical business. Wiley-Blackwell publishes around 1,400 scholarly peer-reviewed journals and an extensive collection of books, major reference works, databases, and laboratory manuals, in print and electronically, in the life and physical sciences, medicine and allied health, engineering, the humanities, and the social sciences. Wiley-Blackwell has operations in the United States, the United Kingdom, Europe, Asia, and Australia.

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk andcompliance management solutions – delivered as a service. Qualys’Software-as-a-Service solutions are deployed in a matter of hours anywhere inthe world, providing customers an immediate and continuous view of theirsecurity and compliance postures.

The QualysGuard® service is used today by more than 4,000 organizations in 85countries, including 42 of the Fortune Global 100 and performs more than 500million IP audits per year. Qualys has the largest vulnerability managementdeployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed serviceproviders and consulting organizations including BT, Etisalat, Fujitsu, IBM,I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.

For more information, please visit

*“Critical Capabilities for IT Governance, Risk and Compliance Management, 2009,” by Mark Nicolett and Paul E. Proctor, April 16, 2009


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters

Media Contact:
Tami Casey