Qualys announced new functionality in its Security Assessment Questionnaire (SAQ) cloud app that allows customers to better achieve visibility of data across their own network and supply chain for compliance with the European Union’s General Data Protection Regulation (GDPR).
New GDPR-specific SAQ templates and a purpose-built dashboard allow customers to reduce the cost and effort of risk assessment to determine the status of their own business and procedural readiness for GDPR, as well as that of vendors in their supply chain.
SAQ will also offer customers a single dashboard from which to launch GDPR campaigns, manage new GDPR templates, and manage risky third-party vendors. This new tool will simplify the execution and management of GDPR vendor risk assessments by saving time and effort.
With a single pane of glass for all GDPR-related assessments, customers can launch new GDPR assessments using the SAQ templates within a matter of minutes and a few clicks. Information on the status and aging of all assessments, vendor risk data along with risk scoring will be available on this dashboard.
Each of the seven new questionnaire templates spells out GDPR requirements in granular detail and helps teams assess their business readiness for GDPR compliance:
- GDPR Business Readiness Self-Assessment Designed to identify key areas where operational changes will be required, and to assist the organization in prioritizing efforts for GDPR compliance.
- GDPR Data Inventory and Mapping: Helps in assessing the process to identify, locate, classify and map the flow of GDPR-protected data.
- GDPR Accountability and Responsibility Assessment: Helps in assessing the process of accountability and responsibility in terms of data governance as per GDPR requirements.
- GDPR Data Privacy Assessment in Operations: Focuses on assessing appropriate technical and organizational measures to protect EU residents’ personal data from loss or unauthorized access or disclosure.
- GDPR Third-Party Vendor Assessment: Helps to identify and assess the requirements of third-party vendors with which you share personal data of EU residents.
- GDPR Data Incident and Breach Notification Assessment: Helps in the assessment of GDPR’s data breach notification and communication requirements.
- GDPR Data Protection and Privacy Impact Assessment: Helps organizations in the assessment of the privacy risks and data protection safeguards of new projects.
Assessing procedural controls can be costly and time-consuming. However, these new out-of-the-box cloud-based SAQ questionnaire templates give audit teams the ability to drastically reduce the spend and labor required to assess both high-level and specific elements of GDPR readiness. Instead of having to craft questionnaires from scratch, teams can distribute the questionnaires as-is or slightly modify each as necessary, and then use questionnaire responses to generate proof of GDPR compliance with detailed reports.
“GDPR is a major turning point for organizations, and has incentivized them to accelerate their digital transformation efforts as well as build stronger businesses that can thrive and build trust with customers into the next decade,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Our latest SAQ capabilities aim to streamline many of the mundane tasks for GDPR compliance and help customers document the security posture of both third-party vendors as well as their own, ultimately strengthening their cybersecurity practices and safeguarding customers’ data across on-premises, endpoints, mobile and cloud environments.”
SAQ GDPR-specific templates are already available to customers. The SAQ GDPR-specific dashboard will be available to customers in August. Qualys will showcase this new functionality at its stand #L100 during Infosecurity Europe 2018.