Surveying policies, controls and compliance
Qualys unveiled a new service for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance to help businesses further automate their compliance tasks and reduce the time and effort for manual assessment of IT and non-IT controls.
The QualysGuard Customizable Questionnaire service enables customers to easily build questionnaires using the Unified Compliance Framework (UCF), as well as leverage existing business process workflows to evaluate controls, gather documents and evidence and validate compliance.
The service automatically generates survey questions based on policies, compliance requirements and controls selected by the organization. Surveys can be delegated to employees across the organization based on their roles and areas of responsibility.
The service also provides a customizable workflow engine which includes the ability to send email reminders to survey respondents, track progress, and communicate with external applications. It also includes simple and easy-to-use reports on survey status to allow tracking of self-assessment efforts.
In more details the new service provides:
- Automation of manual assessments of controls and business processes as well as policy dissemination
- Ability to define audit work flow via a customizable language or over a dozen out-of-box actions including questionnaire assignment, delegation, escalation and notification
- Control documentation including file-based evidence collection
- Policy repository of nearly 1000 standards and regulations via integration with the Unified Compliance Framework
QualysGuard Policy Compliance allows organizations to automate the collection and validation of configuration and security data across IT assets and maps it to IT-GRC data model.
QualysGuard Policy Compliance is delivered via a cloud platform, reducing customers’ total cost of ownership and providing IT and security organizations with a more efficient means to monitor compliance and risk.