Consultant and MSP FAQ.

What is Qualys Consulting Edition?

Qualys Consulting Edition is used for engagement-based services such as, but not limited to, vulnerability identification, security program assessments, and penetration testing.

Who can use the Qualys Consulting Edition?

Qualys Consulting Edition can be used by IT and Security auditors, individual consultants, consulting firms, and MSPs that provide 3^rd party assessments to the SMB/SME (<5000 IP’s/employees) market.

Can consultants scan their own company networks?

No. Per the Qualys Service Agreement, Qualys Consulting Edition subscriptions cannot be used for scanning the network or any associated network of the company that purchased the subscription.

Can continuous services be provided with Qualys Consulting Edition?

Yes. Qualys Consulting Edition is designed to handle both ad-hoc, point-in-time assessments as well as ongoing, continuous engagements with your clients.

Can clients of consultants have access to the Qualys Cloud Platform within Qualys Consulting Edition?

No. Qualys Consulting Edition user access is specific to the subscribing organization. Clients of the consulting subscriber may not provide direct or indirect access to the consultant’s Qualys Cloud Platform instance or have any type of user account. The Qualys API should not be used to create a custom portal for clients to have access to features.

Can Consultant customers submit external scans for PCI ASV validation?

Consultant customers are direct customers of Qualys, who is an approved ASV vendor, but the clients of the Qualys Consulting Edition customer are not; therefore, consultants are not permitted to submit external scans for Qualys PCI ASV validation on behalf of their clients.

Does Qualys offer professional services, managed services, or consulting?

No. Qualys does not provide professional services, managed services, or consulting.

Where can I find additional resources for Qualys Consulting Edition?

Visit the Qualys Consulting Edition community page.