Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Unveils Customizable Questionnaire and Workflow for its QualysGuard Cloud Platform

New Service Extends Policy Compliance Capabilities to Automate Manual Assessments of Nontechnical Controls

SAN FRANCISCO – RSA Conference USA 2012 Booth #1431 - February 27, 2012 - Qualys Inc., the pioneer and leading provider of information security and compliance cloud solutions, today at RSA Conference USA 2012 unveiled a new service for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance to help businesses further automate their compliance tasks and reduce the time and effort for manual assessment of IT and non-IT controls. The QualysGuard Customizable Questionnaire service enables customers to easily build questionnaires using the Unified Compliance Framework (UCF), as well as leverage existing business process workflows to evaluate controls, gather documents and evidence and validate compliance.

Qualys will showcase this new service tonight at RSA Conference USA 2012 at 7 p.m. PT – booth #1431.

“For infrastructures that cannot be queried via software or networks — and for non-technology controls — IT-GRC tools must provide a survey mechanism to determine whether controls are operating. One vendor’s customers describe the solution as “TurboTax for compliance” — basically, for a particular control, the product asks questions that evaluate the effectiveness of the control, much like how tax-preparation software asks questions to assess tax status. Similarly, questionnaires may be used to ascertain the acceptance and awareness of organizational policies.”*

QualysGuard’s new service for customizable questionnaires automatically generates survey questions based on policies, compliance requirements and controls selected by the organization. Surveys can be delegated to employees across the organization based on their roles and areas of responsibility. The service also provides a customizable workflow engine which includes the ability to send email reminders to survey respondents, track progress, and communicate with external applications. It also includes simple and easy-to-use reports on survey status to allow tracking of self-assessment efforts. In more details the new service provides:

  • Automation of manual assessments of controls and business processes as well as policy dissemination
  • Ability to define audit work flow via a customizable language or over a dozen out-of-box actions including questionnaire assignment, delegation, escalation and notification
  • Control documentation including file-based evidence collection
  • Industry leading policy repository of nearly 1000 standards and regulations via integration with the Unified Compliance Framework

“Our new customizable questionnaires service extends QualysGuard’s capabilities for scanning and mapping to conduct technical controls assessment, with an easy-to-use and cost-effective cloud-based approach to manage non-IT controls with support for authoring, distributing, completing, collecting, and documenting surveys, helping organizations to further automate and expedite compliance requirements,” said Philippe Courtot, Chairman and CEO of Qualys.

About QualysGuard Policy Compliance
QualysGuard Policy Compliance allows organizations to automate the collection and validation of configuration and security data across IT assets and maps it to IT-GRC data model. Leveraging a comprehensive knowledgebase of regulations, industry standards and compliance frameworks, it provides flexible reporting capabilities based on policies, compliance requirements, and controls selected by the organization. Seamless integration with leading enterprise GRC solutions is also available out-of-the-box to roll vulnerability and configurations data into IT-GRC risk reporting and correlation with various compliance requirements. QualysGuard Policy Compliance is delivered via a cloud platform drastically reducing customers’ total cost of ownership and providing IT and security organizations with a more efficient means to monitor compliance and risk.

Availability and Pricing
The new customizable questionnaire service will be available starting March 29 in a limited Beta program as part of the QualysGuard security and compliance suite. Pricing will be $25,000 for 100 users, with additional users purchased for $5,000 per 100 users. Please visit / for more information or to sign up.

*Gartner, Inc., “IT Governance, Risk, and Compliance Management Solutions,” byTrent Henry, December 28, 2011.

About Qualys

Qualys, Inc. s the pioneer and leading provider of information security and compliance cloud solutions with 5,500+ customers in 85 countries, including 51 of the Forbes Global 100. The QualysGuard Cloud Platform and integrated suite of applications helps businesses simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters

Media Contact:
Tami Casey