top of page
  • Writer's pictureNick Thomas

Streamlining GDPR compliance with Security Assessment Questionnaire

Cyber Business Support helps organisations find and implement ways to reduce the burden of achieving and maintaining compliance to regulation like GDPR. By leveraging industry-leading tools and our knowledge combining business process and technology, we quickly deploy solutions to address associated challenges. Focusing today on the problems of auditing third-parties and Thursday, keeping internal systems in compliance, we look at how Cyber Business Support can adopt cost-saving measures to gain maturity in these areas.

Third-Party Compliance using Security Assessment Questionnaire.

Organizations must manage risk from third parties such as contractors and suppliers, and from internal staffers and teams, as part of their compliance program for the EU’s General Data Protection Regulation (GDPR). The need to manage vendor risk in particular is stressed repeatedly throughout the text of the GDPR, a strict and broad regulation. GDPR applies to any organization worldwide that controls and processes personal data of EU residents, whose security and privacy the regulation is designed to defend.

Qualys SAQ provides clear dashboards for visualising vendor compliance to questionnaires.

In GDPR terms, “data controllers” must vet the “data processors” that they share EU customer information with, and thus assume joint responsibility for what happens to it. Your organization is liable if one of your third parties gets breached for failing to adhere to GDPR requirements and your EU customers’ personal data gets compromised. GDPR states that controllers “shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures” and stresses that controllers must detail in contracts how their processors will handle customer data. The Qualys Security Assessment Questionnaire service can help you enhance these foundation security practices so you can shrink your risk of data breaches that could put you at risk of a significant fine.

Save time by utilising out-of-the box questionnaires.

Key features include :

  • Intuitive interface with questionnaire distribution to multiple vendors#Multi-campaign support and tracking

  • “Out of the box” templates with question gating and scoring

  • Multi-user interface supporting segregation of duties

  • Question classification

Logically organise questions and set appropriate scores to help prioritise follow-up actions.

Leverage SAQ for your GDPR compliance

With SAQ, you can adopt a uniform, automated  process — including design of questionnaires, distribution of surveys and tracking of campaigns — that every department in your organization can follow to do frequent and in-depth assessments of GDPR compliance.

In summary, Qualys gives you single-pane visibility of your risk both internally, and across third-party data processors, helping your organization maintain continuous visibility of their GDPR compliance state.

In our next post in this blog series, we’ll look into the importance for GDPR compliance of assessing the security configurations of IT systems throughout your network.

Lookout for our second part of this solution on Thursday as we look at how Quays Policy Compliance can help with GDPR and other regulations.

If you would like to see a demonstration of these services in action or work with us to appreciate if these tools can help your organisation, please get in touch or respond to this message.

Credit: Pushpak Pradhan, Qualys Product Manager

53 views0 comments


bottom of page