Qualys SAQ helps create campaign questionnaires with due dates, notifications, assigned reviewers, various answer formats, question criticality, answer scores, evidence requirements and varying workflows. You do this using Qualys SAQ’s wizard and its simple, drag-and-drop web UI. You can also use Qualys SAQ’s library of out-of-the-box templates covering common compliance standards and regulations, such as the EU’s GDPR.
Qualys Security Assessment Questionnaire
Assess business process risk from third parties and internal teams.
Transformative cloud service for conducting business process control assessments among your external and internal parties
"Questionnaire is easy to use and to customize. Having it delivered via the cloud allows us to easily assess third parties."
Randy Barr VP & CISO at Saba
Qualys SAQ Highlights
Intuitive campaign design
Simplified questionnaire distribution
There’s no need to set up user accounts. Organizations enter vendor emails and Qualys SAQ auto-provisions the surveys. Respondents complete surveys on browser-based forms, and can delegate questions they can’t answer. As deadlines approach, administrators can trigger reminder emails to respondents. Organizations can also set up recurring campaigns.
Automated campaign tracking
Qualys SAQ captures responses in real time and aggregates them in one central dashboard, so administrators can see campaigns’ progress. Qualys SAQ displays charts updated live, and lets administrators drill down to individual respondent questionnaires, and slice and dice results. Administrators can manage multiple campaigns at different stages of completion.
Comprehensive, customizable reports
Qualys SAQ generates proof of compliance with detailed reports and caters to a variety of users, including upper management via executive-level dashboards, as well as auditors and compliance officers with more granular views of the data. Qualys SAQ can also be used for polling your employees and managers in internal audits and documenting compliance.
Achieve PCI compliance and secure your network
As an Approved Scanning Vendor (ASV), Qualys has been authorized by the PCI Security Standards Council to conduct the quarterly scans required to show compliance with PCI DSS. The cloud-based Qualys PCI compliance solution helps you achieve compliance via a streamlined process that also gives you assurance your network is secure.
Benefit from the ASV requirements that Qualys PCI fulfills, including:
- Disruption-free: When conducting a scan, Qualys PCI doesn’t interfere with the cardholder data system
- No stealth software installations: Qualys PCI will never install any software on your systems without your knowledge and pre-approval
- No dangerous tests: Qualys PCI will not conduct tests that overload your systems or cause an outage
- Conforming reports: Qualys PCI produces reports that conform to the standard’s requirements
Follow an easy step-by-step approach and intuitive compliance tips in a user-friendly interface
Automatically complete the required quarterly scans, and also scan as often as you like on an ad hoc manner, for PCI compliance and for identifying and remediating vulnerabilities as soon as they appear in your network
Scan your network in segments and remediate/re-scan for vulnerabilities on target IPs. No need to scan your entire network
Leverage 24/7 online help and email/telephone support for understanding and pursuing compliance
Monitor all assets on premises and in private, public or hybrid clouds
Scan web apps during and after development to ensure they’re built and maintained securely
Quickly eliminate security threats with detailed remediation instructions
PCI DSS requires businesses to perform a network security scan every 90 days on all Internet-facing networks and systems in accordance with a defined set of procedures. To achieve compliance, businesses must identify and remediate all critical vulnerabilities detected during the scan. Qualys PCI ASV app:
Automates and greatly simplifies scanning and remediation
Provides easy-to-use reporting of vulnerabilities that will cause you to fail PCI DSS
Uses the Enterprise TruRisk Platform to accurately scan vulnerabilities
Provides detailed instructions for each detected vulnerability, with links to verified patches for rapid remediation
Generate PCI network reports
Qualys PCI ASV generates two PCI network reports that are similar but intended for different purposes: One designed to offer proof of compliance, and the other to serve as a remediation guide.
Generates PCI Executive Report for submitting to the acquiring bank to document PCI compliance. This report provides summary level information only
Generates PCI Technical Report for identifying vulnerabilities and prioritizing remediation. This report includes technical details to assist with remediation
Includes in the reports an overall PCI compliance status of “passed” or “failed”
- An overall PCI compliance status of “passed” indicates that all hosts in the report passed the PCI DSS compliance standards set by the PCI Council. A host compliance status is provided for each host. A PCI compliance status of “passed” for a single host/IP indicates that no vulnerabilities or potential vulnerabilities were detected on the host.
- If you fail the assessment, you can view a list of detected vulnerabilities and potential vulnerabilities, including those that must be fixed to obtain compliance as well as vulnerabilities that we recommend that you fix. View detailed remediation information.
Auto-submit compliance status directly to acquiring bank
Once you have met the validation actions, the Qualys PCI ASV application “auto-submission” feature completes the compliance process.
Automatically submits compliance status directly to your acquiring banks
Allows you to download PCI compliance reports in PDF to submit to your acquiring bank or to assist in remediation efforts
Streamline GDPR procedural risk assessments
The EU’s GDPR compliance process requires organizations to perform procedural risk assessments, which Qualys SAQ can assist you with. Its GDPR-specific questionnaire templates break down requirements and help assess business readiness for compliance. Using these out-of-the-box questionnaires will save you time, effort and resources as you assess GDPR procedural compliance and generate reports based on responses. Qualys SAQ’s GDPR questionnaire templates include:
GDPR Business Readiness Self-Assessment
Designed to identify key areas where operational changes will be required and to assist the organization in prioritizing efforts for the GDPR compliance.GDPR Data Inventory and Mapping
Helps in assessing the process to identify, locate, classify and map the flow of GDPR-protected data.GDPR Accountability and Responsibility Assessment
Helps in assessing the process of accountability and responsibility in terms of data governance as per GDPR requirements.GDPR Data Privacy Assessment in Operations
Focuses on assessing the appropriate technical and organizational measures to protect EU residents’ personal data from loss or unauthorized access or disclosure.
GDPR Third-Party Vendor Assessment
Helps to identify and assess the requirements of the third-party vendors you share personal data of EU residents with.GDPR Data Incident and Breach Notification Assessment
Helps in the assessment of GDPR’s data breach notification and communication requirements.GDPR Data Protection and Privacy Impact Assessment
Helps organizations in the assessment of the privacy risks and data protection safeguards of new projects.
Powered by Enterprise TruRisk Platform
Single-pane-of-glass UI
See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards to aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.
Centralized & customized
Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption and strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise’s single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.
Easy deployment
Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, software to install, or databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.
Scalable and extensible
Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.
See for yourself.Try Qualys for free.
Start your free trial today.No software to download or install.Email us or call us at 1 (800) 745-4355.