Try our new research platform with insights from 80,000+ expert users
Qualys Policy Compliance Logo

Qualys Policy Compliance Reviews

Vendor: Qualys
4.4 out of 5
Leave a review

What is Qualys Policy Compliance?

Qualys Policy Compliance (PC) automates the collection of technical controls from information assets within the enterprise, and maps this information to policies to fix and document compliance with regulations and business mandates. It provides compliance reporting by leveraging a comprehensive knowledge-base that is mapped to prevalent security regulations, industry standards and compliance frameworks.
Get the Qualys Policy Compliance Buyer's Guide and find out what your peers are saying about Qualys Policy Compliance, RSA Archer, IBM OpenPages and more!
Qualys Policy Compliance is the #3 ranked solution in top IT Governance solutions. PeerSpot users give Qualys Policy Compliance an average rating of 8.8 out of 10. Qualys Policy Compliance is most commonly compared to RSA Archer: Qualys Policy Compliance vs RSA Archer.
Buyer's Guide
Qualys Policy Compliance
December 2025
Get the report
Helped 879,986 peers since 2012

Featured Qualys Policy Compliance reviews

Read more reviews

Qualys Policy Compliance mindshare

As of January 2026, the mindshare of Qualys Policy Compliance in the IT Governance category stands at 3.6%, up from 2.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.
IT Governance Market Share Distribution
ProductMarket Share (%)
Qualys Policy Compliance3.6%
RSA Archer26.3%
IBM OpenPages18.4%
Other51.7%
IT Governance

PeerResearch reports based on Qualys Policy Compliance reviews

TypeTitleDate
CategoryIT GovernanceJan 13, 2026Download
ProductReviews, tips, and advice from real usersJan 13, 2026Download
ComparisonQualys Policy Compliance vs RSA ArcherJan 13, 2026Download
ComparisonQualys Policy Compliance vs IBM OpenPagesJan 13, 2026Download
ComparisonQualys Policy Compliance vs MetricStreamJan 13, 2026Download
Suggested products
TitleRatingMindshareRecommending
RSA Archer4.026.3%92%42 interviewsAdd to research
IBM OpenPages3.618.4%71%9 interviewsAdd to research
 
 
Key learnings from peers
Last updated Nov 18, 2025

Valuable Features

Qualys Policy Compliance offers customizable policies with comprehensive, lucid compliance reports. Users value the binary decision-making based on custom policies, integration with SIEM tools, and automation for real-time threat detection. The platform's ability to define enterprise policy, generate clear dashboards, and its extensive reporting enhances understanding. The interface supports asset scanning and automatic patching, and the integration with Confluence, Jira, and ServiceNow adds additional value. Predefined templates simplify compliance requirements application.
  • "The reason I decided to stick with Qualys is that for the past three years, we went through evaluating other tools, but Qualys was always our priority and always our first choice because of what it was offering as a platform."
  • "From the Qualys Policy Compliance, the best feature is that they have predefined templates for compliances, allowing easy application of compliance requirements against our products and providing clear reports on whether assets are compliant or not."
  • "The solution's interface looks good, which enhances asset scanning and ensures automatic patching."

Room for Improvement

Qualys Policy Compliance requires enhancements in reporting capabilities, particularly in management and CI/CD pipelines. Users note challenges with policy versioning and implementation compared to CIS standards, leading to potential support overload. Faster technical support and improved detection features are desired. Users express a need for comprehensive educational resources and better alignment with automation languages like Python or Ansible, emphasizing improvements in policy creation and handling. Training for beginners would enhance user experience.
  • "There are a couple of vulnerabilities where the metrics that are already there and the way Qualys measures those metrics and labels them as critical, high, or low does not align with my understanding from a user standpoint."
  • "They need to improve the reporting part of the CI/CD pipelines and the ability to download scans from pods."
  • "Some sort of education or knowledge base about the product would be beneficial for beginners."

ROI

Many customers indicate a return on investment from using Qualys Policy Compliance compared to other options. They find it delivers quick results and offers ease of use and reliability. Calculating ROI precisely can be challenging yet users report efficiency, saving time and effort. Some cannot currently determine its cost-effectiveness or ROI specifics.

Pricing

Qualys Policy Compliance pricing is variable, typically mid-range, based on features and number of devices, though specifics are often confidential due to NDAs. Some perceive costs as high, yet many note it as cost-efficient, highlighting its security features. Companies regard it as a worthwhile investment, with enterprise-level pricing influencing its usage without specific comparison to other solutions. Most firms appreciate its value despite it being rated expensive by some.
  • "The prices might be a little bit high. I cannot compare it with another product because we did not try any other product, but this is my impression when comparing different modules."
  • "The solution's pricing is in the mid-range, where it is neither expensive nor very cheap."

Popular Use Cases

Organizations use Qualys Policy Compliance primarily to harden servers based on predefined benchmarks. It is employed for comparing security configurations of operating systems and applications against best practices. This includes policy checks for platforms like Windows and Linux, compliance before deployment, and monitoring vulnerabilities affecting compliance. Users utilize templates such as PCI and FedRAMP, leveraging it for VMDR to detect, block, and manage vulnerabilities, ensuring security standards are upheld.

Service and Support

Customer service and support for Qualys Policy Compliance receive positive ratings, with users highlighting responsiveness and effectiveness. Support is generally rated between eight and nine out of ten. Some experienced slight challenges when providing necessary evidence for issues, but understand its importance for resolution. Despite a few unresolved cases, technical support is mostly seen as commendable. While some hardly require assistance, others acknowledge support's helpful approach, including the potential need for meetings to clarify issues.

Deployment

Organizations find Qualys Policy Compliance's initial setup straightforward and easy, involving simple agent installation. While network scans may require in-depth discussions and can depend on client readiness, basic deployment typically finalizes within days. Importing policies from best practice libraries involves quick customization, and some controls need extra research or support. The platform’s unified features justify the effort, and its installation can be managed individually by knowledgeable users.

Scalability

Users find Qualys Policy Compliance scalable, capable of managing numerous IPs during scans. Although the speed may vary across platforms, it handles cloud, hybrid cloud, and PC integration effectively. Adjustments in licensing are necessary for infrastructure growth. Its scalability is highly rated for cloud agents, scanning capabilities, and integration with ticketing tools. Users, trained in its deployment, report potential improvements in interface speed, yet appreciate its capability in diverse environments.

Stability

Qualys Policy Compliance exhibits exceptional stability and reliability. Users have unanimously noted its robustness and consistent performance, especially during extensive scanning activities. There have been no reports of module crashes, and it is rare for them to encounter performance problems, estimated at a minimal rate of 0.1 to 0.01%. Qualys Policy Compliance earned a stability rating of nine out of ten due to its strong availability and effective report production.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Qualys Policy Compliance Buyer's Guide for additional reliable information.

Compare Qualys Policy Compliance with alternative products

Go!

Learn more about Qualys Policy Compliance

Qualys Policy Compliance customers

PDX, Cigna

Related questions

  • 46
What is your recommended automated audit software for internal and external audit?
  • 25
SailPoint IdentityIQ vs. CA Identity Governance
  • 14
What aspect does Symantec Control Compliance Solution cover in IT Governance, Risk and Compliance?
  • 41
Why is Identity Governance and Administration (IGA) important?
  • 4
When evaluating IT Governance, what aspect do you think is the most important to look for?
  • 10
How many ISO norms do we have in the entire ISO27k security family standards?
  • 9
Why is IT Governance important for companies?

Product Categories

Product Categories
IT Governance

Popular Comparisons

Popular Comparisons
RSA Archer vs Qualys Policy Compliance Logo
RSA Archer vs Qualys Policy Compliance
IBM OpenPages vs Qualys Policy Compliance Logo
IBM OpenPages vs Qualys Policy Compliance
See all alternatives
 
Qualys Policy Compliance Reviews Summary
Author infoRatingReview Summary
Information Security Analyst at a tech services company with 11-50 employees5.0I've used Qualys Policy Compliance for four years to support PCI compliance across our cloud infrastructure, finding it reliable and effective, though vulnerability labeling and historical reporting could improve; overall, it's met our needs well.
Technical Security Solutions Architecture at a tech vendor with 10,001+ employees4.5I assessed Qualys Policy Compliance, finding its predefined compliance templates and customer support valuable. However, improvements are needed in wrapper certificates and automation alignment. I evaluated other options, but Qualys proved more compatible than Azure and Amazon. ROI remains unclear.
Application Security Manager at IDB BAnk4.0I use Qualys Policy Compliance to define hardening policies for various platforms, benefiting from features like enterprise policy definition, compliance checking, and reporting. Challenges include implementing CIS controls, but overall, I'm satisfied with its comprehensive functionality and time efficiency.
Information Security Engineer at a university with 1,001-5,000 employees4.5No summary available
Cyber Security Analyst at a tech vendor with 10,001+ employees4.5I use Qualys Policy Compliance for pre-deployment server checks, finding its reporting and security scans valuable despite needing more knowledge in policy creation. It's efficient compared to my prior manual testing, saving time and effort.
CEO at Foresight Cyber Ltd5.0No summary available
Head of Information Security Department at a financial services firm with 201-500 employees4.0No summary available
Cyber Security Consultant at Confidential4.0We use QualysGuard Policy Compliance for VMDR, appreciating its automation for real-time threat detection and SIEM integration. While we've achieved ROI, faster technical support and enhanced vulnerability detection are desired improvements. No alternative solutions were considered.