On Demand has undergone a third-party security assessment and penetration testing yearly since 2017. The assessment includes but is not limited to:
Manual penetration testing
Static code analysis with Third Party tools to identify security flaws
A summary of the results is available upon request. No OWASP Top 10 critical or high-risk issues have been identified.
On Demand is included in the scope of the Platform Management ISO/IEC 27001, 27017 and 27018 certifications:
ISO/IEC 27001 Information technology — Security techniques — Information security management systems — Requirements: C710-ISMS222-07-19, valid until 2025-07-28.
ISO/IEC 27017 Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services: C711-ITCS2-07-19, valid until 2025-07-28.
ISO/IEC 27018 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors: C712-ITPII2-07-19, valid until 2025-07-28.
Quest Software, Inc. has successfully completed a SOC 2 examination of its On Demand solution. The examination was performed by an independent CPA firm for the scope of service described below.
Examination Scope: Quest On Demand Platform
Selected SOC 2 Categories: Security
Examination Type: Type 2
Review Period: August 1, 2022 to July 31, 2023
Service Auditor: Schellman & Company, LLC
Source control and build systems can only be accessed by Quest employees on Quest’s corporate network (domain security). If a developer (or any other employee with access to Security Guardian) leaves the company, the individual immediately loses access to the systems.
All code is versioned in source control
© ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center
