Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Announces Security Assessment Questionnaire Service (SAQ) Release 2.0

Cloud-based solution orchestrates IT audits with automated validation to dramatically simplify third-party and vendor risk assessment

REDWOOD CITY, CA. – June 13, 2016 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced the release of its Security Assessment Questionnaire service (SAQ) 2.0. This addition to Qualys’ suite of integrated security and compliance services enables organizations to better orchestrate security assessments or compliance audits with automated validation.

As audit and assessment complexity increases, traditional email, document and spreadsheet-based audit methods have become more laborious, costly and often inaccurate. Qualys SAQ 2.0 enables organizations to better consolidate and orchestrate their assessment of third-party business processes and vendor risk by centrally capturing all relevant information from technical and human sources, drastically reducing time and cost. The service also allows companies to demonstrate compliance against internal policies, standards and mandates such as PCI-DSS, HIPAA, COBIT and ISO 27001/2.

SAQ 2.0 enables organizations to assess business process requirements, including:

  • Vendor risk assessment
  • End-to-end security and compliance
  • Internal audit management
  • Assessment of employee training and awareness program

SAQ 2.0 offers:

  • Campaign Management: Campaigns are new ways of easily distributing and tracking questionnaires required for compliance. SAQ’s campaign wizard walks users through creation of a campaign step by step.
  • Template Creation: Users can start with one of the standard templates, like HIPAA or SOX, or create their own with Qualys’ easy drag and drop Template Builder. The predefined templates are prepared by security and risk experts and are always up-to-date on compliances.
  • Questionnaire Distribution: A questionnaire template can be assigned to all relevant parties – colleagues, partners, vendors or groups. Questionnaire results can be grouped together to simplify the management of multiple ongoing campaigns. Users have the option to extend the campaigns to include reviewers and/or approvers as needed.
  • Result Analysis: Features include campaign progress tracking and customizable dashboards, reflecting vendor risk and compliance posture. Response gathering happens automatically without the need for spreadsheets or other reporting tools. Campaigns track compliance in one centralized place for all stakeholders. Real time analytics help users monitor the campaigns at the executive level with live charts or drill down to details needed by security and risk professionals.

“Qualys SAQ has allowed Pekin Insurance to move from time-consuming, manual processes that are dependent on using spreadsheets and email to a centralized cloud-based solution that not only saves time, but also drastically improves the efficiency of our Vendor Risk Management process,” said Devin Arteman, director of enterprise security, Pekin Insurance. “Qualys SAQ is a turn-key solution that is easy to right-size for any organization.”

Recent mega-breaches have demonstrated the potential high cost of hidden vendor vulnerabilities, as evidenced by the 2014 attack on third-party climate control systems used by U.S. retailer Target, which led to one of the largest breaches in history[1]. Qualys SAQ gives organizations complete confidence in the audit of their third-party vendors and security providers. As a cloud-based solution, it systematically gathers risk data, compliance information and evidence files, addressing both the procedural and technical requirements of security and compliance.

“Third party risk management and vendor compliance is rapidly growing in importance as organizations increasingly turn to third-party providers to reduce operating costs and increase their focus on core competencies,” said Philippe Courtot, chairman and CEO of Qualys.

“Our SAQ service extends the Qualys Cloud Platform capabilities to help organizations proactively identify potential risks, verifying that third-party providers and their employees are compliant and monitoring for changes that might create new risks or compliance gaps.”

Pricing and Availability
Qualys SAQ is sold as an annual subscription that includes 24x7 support and product updates. It starts at $4,295 for small and medium-sized enterprises and $9,995 for large enterprises.

Additional Resources:

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 8,800 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, SecureWorks, Fujitsu, HCL Comnet, Infosys, NTT, Optiv, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.



Jennifer McManus-Goode
LEWIS for Qualys
(781) 418-2406


Media Contact:
Tami Casey