Try our new research platform with insights from 80,000+ expert users
Qualys Policy Compliance Logo

Qualys Policy Compliance Reviews

Vendor: Qualys
4.3 out of 5
Leave a review

What is Qualys Policy Compliance?

Qualys Policy Compliance (PC) automates the collection of technical controls from information assets within the enterprise, and maps this information to policies to fix and document compliance with regulations and business mandates. It provides compliance reporting by leveraging a comprehensive knowledge-base that is mapped to prevalent security regulations, industry standards and compliance frameworks.
Get the Qualys Policy Compliance Buyer's Guide and find out what your peers are saying about Qualys Policy Compliance, RSA Archer, IBM OpenPages and more!
Qualys Policy Compliance is the #3 ranked solution in top IT Governance solutions. PeerSpot users give Qualys Policy Compliance an average rating of 8.6 out of 10. Qualys Policy Compliance is most commonly compared to RSA Archer: Qualys Policy Compliance vs RSA Archer. Qualys Policy Compliance is popular among the large enterprise segment, accounting for 74% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.
Buyer's Guide
Qualys Policy Compliance
August 2025
Get the report
Helped 866,088 peers since 2012

Featured Qualys Policy Compliance reviews

Read more reviews

Qualys Policy Compliance mindshare

As of August 2025, the mindshare of Qualys Policy Compliance in the IT Governance category stands at 2.8%, up from 1.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.
IT Governance Market Share Distribution
ProductMarket Share (%)
Qualys Policy Compliance2.8%
RSA Archer33.2%
MetricStream23.1%
Other40.9%
IT Governance

PeerResearch reports based on Qualys Policy Compliance reviews

TypeTitleDate
CategoryIT GovernanceAug 28, 2025Download
ProductReviews, tips, and advice from real usersAug 28, 2025Download
ComparisonQualys Policy Compliance vs RSA ArcherAug 28, 2025Download
ComparisonQualys Policy Compliance vs IBM OpenPagesAug 28, 2025Download
ComparisonQualys Policy Compliance vs MetricStreamAug 28, 2025Download
Suggested products
TitleRatingMindshareRecommending
RSA Archer4.033.2%92%42 interviewsAdd to research
IBM OpenPages3.622.1%71%8 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Qualys Policy Compliance offers customizable policies with comprehensive, lucid compliance reports. Users value the binary decision-making based on custom policies, integration with SIEM tools, and automation for real-time threat detection. The platform's ability to define enterprise policy, generate clear dashboards, and its extensive reporting enhances understanding. The interface supports asset scanning and automatic patching, and the integration with Confluence, Jira, and ServiceNow adds additional value. Predefined templates simplify compliance requirements application.
  • "From the Qualys Policy Compliance, the best feature is that they have predefined templates for compliances, allowing easy application of compliance requirements against our products and providing clear reports on whether assets are compliant or not."
  • "The solution's interface looks good, which enhances asset scanning and ensures automatic patching."
  • "The reporting and security checks are valuable."

Room for Improvement

Qualys Policy Compliance requires enhancements in reporting capabilities, particularly in management and CI/CD pipelines. Users note challenges with policy versioning and implementation compared to CIS standards, leading to potential support overload. Faster technical support and improved detection features are desired. Users express a need for comprehensive educational resources and better alignment with automation languages like Python or Ansible, emphasizing improvements in policy creation and handling. Training for beginners would enhance user experience.
  • "They need to improve the reporting part of the CI/CD pipelines and the ability to download scans from pods."
  • "Some sort of education or knowledge base about the product would be beneficial for beginners."
  • "The policy creation aspect needs improvement."

ROI

Many customers indicate a return on investment from using Qualys Policy Compliance compared to other options. They find it delivers quick results and offers ease of use and reliability. Calculating ROI precisely can be challenging yet users report efficiency, saving time and effort. Some cannot currently determine its cost-effectiveness or ROI specifics.

Pricing

Qualys Policy Compliance pricing is variable, typically mid-range, based on features and number of devices, though specifics are often confidential due to NDAs. Some perceive costs as high, yet many note it as cost-efficient, highlighting its security features. Companies regard it as a worthwhile investment, with enterprise-level pricing influencing its usage without specific comparison to other solutions. Most firms appreciate its value despite it being rated expensive by some.
  • "The prices might be a little bit high. I cannot compare it with another product because we did not try any other product, but this is my impression when comparing different modules."
  • "The solution's pricing is in the mid-range, where it is neither expensive nor very cheap."

Popular Use Cases

Organizations use Qualys Policy Compliance primarily to harden servers based on predefined benchmarks. It is employed for comparing security configurations of operating systems and applications against best practices. This includes policy checks for platforms like Windows and Linux, compliance before deployment, and monitoring vulnerabilities affecting compliance. Users utilize templates such as PCI and FedRAMP, leveraging it for VMDR to detect, block, and manage vulnerabilities, ensuring security standards are upheld.

Service and Support

Customer service and support for Qualys Policy Compliance receive positive ratings, with users highlighting responsiveness and effectiveness. Support is generally rated between eight and nine out of ten. Some experienced slight challenges when providing necessary evidence for issues, but understand its importance for resolution. Despite a few unresolved cases, technical support is mostly seen as commendable. While some hardly require assistance, others acknowledge support's helpful approach, including the potential need for meetings to clarify issues.

Deployment

Organizations find Qualys Policy Compliance's initial setup straightforward and easy, involving simple agent installation. While network scans may require in-depth discussions and can depend on client readiness, basic deployment typically finalizes within days. Importing policies from best practice libraries involves quick customization, and some controls need extra research or support. The platform’s unified features justify the effort, and its installation can be managed individually by knowledgeable users.

Scalability

Users find Qualys Policy Compliance scalable, capable of managing numerous IPs during scans. Although the speed may vary across platforms, it handles cloud, hybrid cloud, and PC integration effectively. Adjustments in licensing are necessary for infrastructure growth. Its scalability is highly rated for cloud agents, scanning capabilities, and integration with ticketing tools. Users, trained in its deployment, report potential improvements in interface speed, yet appreciate its capability in diverse environments.

Stability

Qualys Policy Compliance exhibits exceptional stability and reliability. Users have unanimously noted its robustness and consistent performance, especially during extensive scanning activities. There have been no reports of module crashes, and it is rare for them to encounter performance problems, estimated at a minimal rate of 0.1 to 0.01%. Qualys Policy Compliance earned a stability rating of nine out of ten due to its strong availability and effective report production.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Qualys Policy Compliance Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews
Healthcare Company
18%
Financial Services Firm
18%
Government
10%
Insurance Company
8%
Hospitality Company
6%
Manufacturing Company
4%
Outsourcing Company
4%
Real Estate/Law Firm
4%
Performing Arts
4%
Computer Software Company
4%
Comms Service Provider
4%
Educational Organization
4%
Consumer Goods Company
4%
University
2%
Legal Firm
2%
Logistics Company
2%
Retailer
2%

Compare Qualys Policy Compliance with alternative products

Go!

Learn more about Qualys Policy Compliance

Qualys Policy Compliance customers

PDX, Cigna

Related questions

  • 41
What is your recommended automated audit software for internal and external audit?
  • 6
SailPoint IdentityIQ vs. CA Identity Governance
  • 8
What aspect does Symantec Control Compliance Solution cover in IT Governance, Risk and Compliance?
  • 20
Why is Identity Governance and Administration (IGA) important?
  • 2
When evaluating IT Governance, what aspect do you think is the most important to look for?
  • 5
How many ISO norms do we have in the entire ISO27k security family standards?
  • 4
Why is IT Governance important for companies?

Product Categories

Product Categories
IT Governance

Popular Comparisons

Popular Comparisons
RSA Archer vs Qualys Policy Compliance Logo
RSA Archer vs Qualys Policy Compliance
IBM OpenPages vs Qualys Policy Compliance Logo
IBM OpenPages vs Qualys Policy Compliance
See all alternatives
 
Qualys Policy Compliance Reviews Summary
Author infoRatingReview Summary
Technical Security Solutions Architecture at a tech vendor with 10,001+ employees4.5I assessed Qualys Policy Compliance, finding its predefined compliance templates and customer support valuable. However, improvements are needed in wrapper certificates and automation alignment. I evaluated other options, but Qualys proved more compatible than Azure and Amazon. ROI remains unclear.
Application Security Manager at IDB BAnk4.0I use Qualys Policy Compliance to define hardening policies for various platforms, benefiting from features like enterprise policy definition, compliance checking, and reporting. Challenges include implementing CIS controls, but overall, I'm satisfied with its comprehensive functionality and time efficiency.
Information Security Engineer at a university with 1,001-5,000 employees4.5No summary available
Cyber Security Analyst at a tech vendor with 10,001+ employees4.5I use Qualys Policy Compliance for pre-deployment server checks, finding its reporting and security scans valuable despite needing more knowledge in policy creation. It's efficient compared to my prior manual testing, saving time and effort.
CEO at Foresight Cyber Ltd5.0No summary available
Head of Information Security Department at a financial services firm with 201-500 employees4.0No summary available
Cyber Security Consultant at Confidential4.0We use QualysGuard Policy Compliance for VMDR, appreciating its automation for real-time threat detection and SIEM integration. While we've achieved ROI, faster technical support and enhanced vulnerability detection are desired improvements. No alternative solutions were considered.