Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

On Demand Global Settings Current - Security Guide

Table of Contents

About On Demand Shared Services

About On Demand Core

Architecture Overview Authentication and Consents

User Authentication Quest On Demand Application Consent Admin Consent and Service Principals

About the On-Premises Agent Role Based Access Control Auditing Notification Service Data Egress Service Azure Datacenter Security AWS Datacenter Security Overview of Data Handled by On Demand Core

Data Handled by Core Data Handled by the Notification Service Data Handled by Common Storage Services

Location of Customer Data Privacy and Protection of Customer Data Separation of Customer Data Network Communications FIPS 140-2 Compliance SDLC and SDL Third party Assessments and Certifications

Penetration testing Certification

Operational Security

Access to Data Permissions Required to Configure and Operate On Demand Operational Monitoring Production Incident Response Management Security Incident Response Management

Customer Measures

Third party Assessments and Certifications

Penetration testing

On Demand has undergone a third party security assessment and penetration testing yearly since 2017. The assessment includes but is not limited to:

•

Manual penetration testing

•

Static code analysis with Third Party tools to identify security flaws

A summary of the results is available upon request.

Penetration testing

Third party Assessments and Certifications

On Demand has undergone a third party security assessment and penetration testing yearly since 2017. The assessment includes but is not limited to:

•

Manual penetration testing

•

Static code analysis with Third Party tools to identify security flaws

A summary of the results is available upon request.

Certification

On Demand is included in the scope of the Platform Management ISO/IEC 27001, 27017 and 27018 certification:

ISO/IEC 27001 Information technology — Security techniques — Information security management systems — Requirements: Certificate Number: 1156977-3 , valid until 2025-07-28.

ISO/IEC 27017 Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services: Certificate Number: 1156977-3, valid until 2025-07-28.

ISO/IEC 27018 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors: Certificate Number: 1156977-3, valid until 2025-07-28.

Quest Software, Inc. has successfully completed a SOC 2 examination of its On Demand solution. The examination was performed by an independent CPA firm for the scope of service described below:

Examination Scope: Quest On Demand Platform

Selected SOC 2 Categories: Security

Examination Type: Type 2

Review Period: August 1, 2022, to July 31, 2023

Service Auditor: Schellman & Company, LLC

Operational Security

Access to On Demand Core data is restricted to Quest Operations team members. On Demand developers have no access to customer production data.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center