Qualys Announces General Availability of Cloud-Based Customizable Questionnaire

Qualys Announces General Availability of Cloud-Based Customizable Questionnaire 
New QualysGuard Solution Automates Vendor Risk Management and
Certification Processes 
REDWOOD CITY, CA -- (Marketwired) -- 06/10/13 --  Qualys, Inc.
(NASDAQ: QLYS), a pioneer and leading provider of cloud security and
compliance solutions, today announced the availability of
customizable questionnaires in its QualysGuard(R) Cloud Platform and
suite of integrated solutions for security and compliance. Businesses
can use the new Questionnaire solution to centralize and automate the
vendor risk assessment process, reducing time and increasing
efficiency. It also helps companies ensure that their service
providers and IT suppliers do not disrupt or hurt business
performance. 
Gartner defines Vendor risk management as follows: IT GRC
(Governance, Risk and Compliance) technology can help organize survey
data and responses from partners, vendors and others to prioritize
vendor risk against security and other IT-related requirements.(1)
However, vendor risk management is typically done using emails and
spreadsheets, making it tedious, time-consuming and decentralized.  
QualysGuard's new customizable questionnaire service streamlines
vendor risk programs by providing a centralized, secure and
easy-to-deploy solution for vendor classification assessment, risk
assessment and the approval of vendors based on their respective
criticality. QualysGuard Questionnaire simplifies each of these steps
by providing an efficient way to: Classify vendors by identifying the
type of information shared with the vendors, such as Personal
Identifiable Information (PII), Protected Health Information (PHI)
and credit card information; assess the vendor risk by launching
tailored assessments based on the vendor criticality; and track
progress to finally reject or approve vendors. This allows customers
to better manage their vendor security programs by making it
transparent, consistent, accountable and repeatable, while proving
compliance across multiple regulations or standards such as ISO 27002
Section 10.2, FFIEC and GLBA IT Security Handbook, HIPAA - (Section 
164.308(b)(1)) or PCI DSS 2.0. 
"We participated in the QualysGuard Questionnaire beta and used it to
assess the risk of various vendors and partners we work with," said
Randy Barr, VP chief security and information officer for Saba. "We
found the solution easy to use and customizable to our vendor risk
assessment needs, and having it delivered via the cloud allowed us to
easily assess third-parties -- giving vendor contacts access to
complete online vendor assessments and reminders for pending and
past-due assessments." 
The new service provides: 


 
--  Questionnaire responder interface that offers subject matter experts,
    an easy-to-use set of tools to quickly and efficiently assign and
    complete questionnaires, including evidence attachment by drag and
    drop, and quick delegation of questions, sections or even entire
    questionnaires.
--  Visual Questionnaire designer, which provides analysts an intuitive
    user interface to visually design a questionnaire and define
    requirements for evidence, comments or asset attachment.
--  Assessment workflow that includes the ability to automatically send
    assignments or reminder emails to questionnaire respondents, track
    progress and quickly identify non-active assessments.
--  Dashboards and reports providing insight into progress, compliance and
    risk posture for a single assessment or across a defined set of
    assessments.
--  Integrated library of 500+ regulations, standards, guidelines and best
    practices via the leverage of the Unified Compliance Framework (UCF),
    and the ability to automatically build a single questionnaire
    encompassing multiple regulations or standards such as the one
    provided by Shared Assessment program: SIG and AUP.

  
"Our new customizable questionnaire service extends QualysGuard's
capabilities for mapping and scanning, with an easy-to-use and
cost-effective cloud-based approach to manage non-IT controls with
support for authoring, distributing, completing, collecting and
documenting surveys," said Philippe Courtot, chairman and CEO of
Qualys. "This helps organizations to streamline and expand their
vendor risk assessment programs."  
Availability and Pricing
 The new customizable questionnaire service
is now available as part of the QualysGuard security and compliance
suite. Pricing starts at $9,995 per year and is based on the number
of analysts. It includes 24x7 support and full updates. For more
information, visit: www.qualys.com/questionnaire. 
About QualysGuard Cloud Platform
 The QualysGuard Cloud Platform and
its integrated suite of security and compliance solutions help
provide organizations of all sizes with a global view of their
security and compliance posture while reducing their total cost of
ownership. The QualysGuard Cloud Suite, which includes Vulnerability
Management, Web Application Scanning, Malware Detection Service,
Policy Compliance, PCI Compliance and Qualys SECURE Seal, enables
customers to identify their IT assets, collect and analyze large
amounts of IT security data, discover and prioritize vulnerabilities
and malware, recommend remediation actions and verify the
implementation of such actions. 
About Qualys
 Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading
provider of cloud security and compliance solutions with over 6,000
customers in more than 100 countries, including a majority of each of
the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform
and integrated suite of solutions help organizations simplify
security operations and lower the cost of compliance by delivering
critical security intelligence on demand and automating the full
spectrum of auditing, compliance and protection for IT systems and
web applications. Founded in 1999, Qualys has established strategic
partnerships with leading managed service providers and consulting
organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu,
NTT, Symantec, Verizon and Wipro. The company is also a founding
member of the Cloud Security Alliance (CSA). 
For more information, please visit www.qualys.com. 
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of
Qualys, Inc. All other products or names may be trademarks of their
respective companies 
(1) Gartner, Inc., "Technology Overview for IT GRC: Clarifying IT GRC
to Match Technology Need," by Paul E. Proctor, April 14, 2013 
Contact: 
Melinda Marks
Qualys, Inc. 
(650) 801-6242
mmarks@qualys.com 
Rod McLeod
Bateman Group for Qualys
(415) 503-1818
qualys@bateman-group.com