On Demand Migration for Email Current

On Demand Migration for Email Current - Security Guide

Introduction About On Demand Migration for Email Permissions Required to Configure and Operate ODME Overview of Data Handled by ODME Location of Customer Data Separation of Customer Data Privacy and Protection of Customer Data Who at Quest Software has Access to ODME Azure Region Security Auditing Single Layer of Access Control Network Communications Authentication of Users Validation of Input from Users Third Party Assessments and Certifications Operational Security Customer Measures Conclusion Appendix. On Demand Migration for Email and FISMA Compliance Notes

Authentication of Users

When a customer creates an ODME user account, a designated individual from the customer chooses his or her username and password for this account. These credentials are required when this individual wishes to manage email migration jobs.

Validation of Input from Users

ODME performs input validation on data submitted by its users. Specifically, it employs field level validation for URLs, user names and email addresses, amongst others. The import file containing mailbox names is pre-processed to ensure that all mailbox names are valid.

Third Party Assessments and Certifications

Penetration testing

On Demand has undergone a third party security assessment and penetration testing yearly since 2017. The assessment includes but is not limited to:

Manual penetration testing
Static code analysis with Third Party tools to identify security flaws

A summary of the results is available upon request.

Certification

On Demand is included in the scope of the Platform Management ISO/IEC 27001, 27017 and 27018 certification:

ISO/IEC 27001 Information technology — Security techniques — Information security management systems — Requirements :Certificate Number: 1156977-3 , valid until 2025-07-28.
ISO/IEC 27017 Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services: Certificate Number: 1156977-3, valid until 2025-07-28.
ISO/IEC 27018 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors: Certificate Number: 1156977-3, valid until 2025-07-28.

Quest Software, Inc. has successfully completed a SOC 2 examination of its On Demand solution. The examination was performed by an independent CPA firm for the scope of service described below:

Examination Scope: Quest On Demand Platform

Selected SOC 2 Categories: Security

Examination Type: Type 2

Review Period: August 1, 2022 to July 31st, 2023

Service Auditor: Schellman & Company, LLC

Operational Security

All the product code is versioned in source control. All product code changes are reviewed by authorized ‘Code Owner’ before check in. Access to source control and build systems is protected by domain security, meaning that only employees that are on Quest’s corporate network have access to these systems. Therefore, should an ODME developer depart from the company, this individual will lose access to the corporate network and therefore no longer be able to access ODME systems.

ODME developers go through the same set of hiring processes and backgrounds checks as other Quest employees. ODME developers should also pass additional background checks in order to comply with MSFT requirements for US Federal customers.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen

Bitte w&auml;hlen Sie Ihr Produkt aus:

Damit wir Ihnen besser helfen können, geben Sie den Grund Ihres Chats an:

Empfohlene Lösungen für Ihr Problem