Gartner defines Vendor risk management as follows: IT GRC (Governance, Risk and Compliance) technology can help organize survey data and responses from partners, vendors and others to prioritize vendor risk against security and other IT-related requirements.1 However, vendor risk management is typically done using emails and spreadsheets, making it tedious, time-consuming and decentralized.
QualysGuard's new customizable questionnaire service streamlines vendor risk programs by providing a centralized, secure and easy-to-deploy solution for vendor classification assessment, risk assessment and the approval of vendors based on their respective criticality. QualysGuard Questionnaire simplifies each of these steps by providing an efficient way to: Classify vendors by identifying the type of information shared with the vendors, such as Personal Identifiable Information (PII), Protected Health Information (PHI) and credit card information; assess the vendor risk by launching tailored assessments based on the vendor criticality; and track progress to finally reject or approve vendors. This allows customers to better manage their vendor security programs by making it transparent, consistent, accountable and repeatable, while proving compliance across multiple
regulations or standards such as ISO 27002 Section 10.2,
"We participated in the QualysGuard Questionnaire beta and used it to assess the risk of various vendors and partners we work with," said
The new service provides:
- Questionnaire responder interface that offers subject matter experts, an easy-to-use set of tools to quickly and efficiently assign and complete questionnaires, including evidence attachment by drag and drop, and quick delegation of questions, sections or even entire questionnaires.
- Visual Questionnaire designer, which provides analysts an intuitive user interface to visually design a questionnaire and define requirements for evidence, comments or asset attachment.
- Assessment workflow that includes the ability to automatically send assignments or reminder emails to questionnaire respondents, track progress and quickly identify non-active assessments.
- Dashboards and reports providing insight into progress, compliance and risk posture for a single assessment or across a defined set of assessments.
- Integrated library of 500+ regulations, standards, guidelines and best practices via the leverage of the Unified Compliance Framework (UCF), and the ability to automatically build a single questionnaire encompassing multiple regulations or standards such as the one provided by Shared Assessment program: SIG and AUP.
"Our new customizable questionnaire service extends QualysGuard's capabilities for mapping and scanning, with an easy-to-use and cost-effective cloud-based approach to manage non-IT controls with support for authoring, distributing, completing, collecting and documenting surveys," said
Availability and Pricing
The new customizable questionnaire service is now available as part of the QualysGuard security and compliance suite. Pricing starts at
About QualysGuard Cloud Platform
The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions help provide organizations of all sizes with a global view of their security and compliance posture while reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enables customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.
About
For more information, please visit www.qualys.com.
1 Gartner, Inc., "Technology Overview for IT GRC: Clarifying IT GRC to Match Technology Need," by
Source:
News Provided by Acquire Media