Security Guardian Current - Security Guide

Introduction About Security Guardian Architecture Overview Azure Datacenter Security Overview of Data Handled by Security Guardian Admin Consent and Service Principals Location of Customer Data Privacy and Protection of Customer Data Network Communications Authentication of Users Role Based Access Control FIPS 140-2 Compliance SDLC and SDL Third Party Assessments and Certifications

Penetration Testing Certification

Operational Security

Access to Data Permissions Required to Configure and Operate Security Guardian Operational Monitoring Production Incident Response Management

Customer Measures

SDLC and SDL

The On Demand team follows a strict Quality Assurance cycle.

Access to source control and build systems is protected by domain security, meaning that only employees on Quest’s corporate network have access to these systems. Therefore, should an On Demand developer leave the company, this individual will no longer be able to access On Demand systems.
All code is versioned in source control.
All product code is reviewed by another developer before check in.

Regularly scheduled static code analysis is performed on regular basis.

Regularly scheduled vulnerability scanning is performed on regular basis.

Segregated Development, Pre-Production, and Production environments. Customer data is not used in Development and Pre-Production environments.

In addition, the On Demand development team follows a managed Security Development Lifecycle (SDL) which includes:

MS-SDL best practices
Threat modelling
OWASP guidelines

On Demand developers go through the same set of hiring processes and background checks as other Quest employees.

Third Party Assessments and Certifications

Penetration Testing

On Demand has undergone a third-party security assessment and penetration testing yearly since 2017. The assessment includes but is not limited to:

Manual penetration testing
Static code analysis with Third Party tools to identify security flaws

A summary of the results is available upon request. No OWASP Top 10 critical or high-risk issues have been identified.

Certification

On Demand is included in the scope of the Platform Management ISO/IEC 27001, 27017 and 27018 certifications:

ISO/IEC 27001 Information technology — Security techniques — Information security management systems — Requirements: C710-ISMS222-07-19, valid until 2025-07-28.
ISO/IEC 27017 Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services: C711-ITCS2-07-19, valid until 2025-07-28.
ISO/IEC 27018 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors: C712-ITPII2-07-19, valid until 2025-07-28.

Quest Software, Inc. has successfully completed a SOC 2 examination of its On Demand solution. The examination was performed by an independent CPA firm for the scope of service described below.

Examination Scope: Quest On Demand Platform

Selected SOC 2 Categories: Security

Examination Type: Type 2

Review Period: August 1, 2022 to July 31, 2023

Service Auditor: Schellman & Company, LLC

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen

Bitte w&auml;hlen Sie Ihr Produkt aus:

Damit wir Ihnen besser helfen können, geben Sie den Grund Ihres Chats an:

Empfohlene Lösungen für Ihr Problem

Security Guardian Current - Security Guide

SDLC and SDL

Third Party Assessments and Certifications

Penetration Testing

Certification

Bitte wählen Sie Ihr Produkt aus: