Press release BoxID: 163652 (Qualys GmbH)
  • Qualys GmbH
  • Terminalstraße Mitte 18
  • 85356 München
  • Contact person
  • Jane Folwell
  • +44 (1344) 845132

Qualys Supports New Self Assessment Questionnaire for PCI Compliance

QualysGuard PCI Compliance Solution Provides Full Support for All Types of New Self-Assessment Questionnaire (SAQ) Version 1.1 for Both Merchants and Service Providers

(PresseBox) (Slough, UK, ) Qualys, Inc. today announced an upgrade to its QualysGuard® PCI on demand compliance solution with the new Self-Assessment Questionnaire (SAQ) Version 1.1, issued by the Payment Card Industry (PCI) Security Standards Council (PCI SSC) in February 2008. The QualysGuard PCI implementation of the new SAQ allows customers to complete all versions of the questionnaire online and e-file it securely with their acquiring banks.

The SAQ is a validation tool used primarily by Level 2, 3 and 4 merchants (and some smaller service providers), as defined by the major credit-card brands-Visa Inc., MasterCard Worldwide, Discover Financial Services, American Express and JCB International - to validate compliance with the PCI Data Security Standards (PCI DSS). The PCI SSC updated SAQ version 1.0 to better align with PCI DSS version 1.1 and created four variants to ensure merchants only answer questions relevant to their environment. Each of the four variants, labeled A, B, C and D have qualifying questions used to determine which of the four questionnaires a merchant is required to complete.

"Issuing the latest self assessment questionnaire is another step the PCI Security Standards Council is taking to ensure that all merchants and service providers have options in determining their compliance strategy," said Bob Russo, general manager, PCI Security Standards Council. "Having multiple SAQs available will streamline the process and make it easier for stakeholders to determine their compliance gaps and take action to ensure full compliance with the Standard."

The SAQ, version 1.1 is now available at and consists of four unique forms to meet various business scenarios.

In this upgrade, QualysGuard PCI now supports both the previous SAQ version 1.0, as well as the four forms of the new SAQ version 1.1, allowing merchants to choose which version they wish to complete. According to the PCI SSC, after April 30, 2008, the older SAQ version 1.0 will no longer be accepted for compliance validation. From that date forward, all merchants will be required to use the new SAQ version 1.1.

About QualysGuard PCI

QualysGuard PCI Compliance solution has become a de facto standard for merchants looking to comply with PCI. It is currently in use at organizations such as The Humane Society, Tribune Company, Steak n Shake restaurants, Houghton Mifflin Company and Palm, Inc. More than 50 percent of all PCI DSS ASVs and Qualified Security Assessors (QSAs) utilize QualysGuard to deliver PCI certification and PCI-related services to their clients, bringing the total number of partners that have adopted Qualys platform to 250.

Qualys GmbH

Qualys is the leading provider of on demand IT security risk and compliance management solutions - delivered as a service. Qualys Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers with an immediate and continuous view of their security and compliance posture.

The QualysGuard® service is now in use by more than 3,500 organisations in 85 countries including 35 of the Fortune Global 100 and is performing more than 200 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a single Fortune Global 50 company with over 223 appliances, distributed in 53 countries and scanning over 700,000 systems.

Qualys has established strategic agreements with leading managed service providers and consulting organisations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, SecureWorks, Symantec, TELUS and VeriSign.

For more information, please visit