On Demand has undergone a third-party security assessment and penetration testing yearly since 2017. The assessment includes but is not limited to:
Manual penetration testing
Static code analysis with Third Party tools to identify security flaws
A summary of the results is available upon request. No OWASP Top 10 critical or high-risk issues have been identified.
On Demand is included in the scope of the Platform Management ISO/IEC 27001, 27701, 27017 and 27018 certification:
ISO/IEC 27001:2022 Information technology — Security techniques — Information security management systems — Requirements: Certificate Number: 1156977-8, valid until 2028-07-27.
ISO/IEC 27701:2019 Information security, cybersecurity and privacy protection — Privacy information management systems — Requirements and guidance: Certificate Number: 1156977-8, valid until 2028-07-27.
ISO/IEC 27017:2015 Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services: Certificate Number: 1156977-8, valid until 2028-07-27.
ISO/IEC 27018:2019 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors: Certificate Number: 1156977-8, valid until 2028-07-27.
Quest Software, Inc. has successfully completed a SOC 2 examination of its On Demand solution. The examination was performed by an independent CPA firm for the scope of service described below.
Examination Scope: Quest On Demand Platform
Selected SOC 2 Categories: Security
Examination Type: Type 2
Review Period: August 1, 2024, to July 31, 2025
Service Auditor: Schellman & Company, LLC
Source control and build systems can only be accessed by Quest employees on Quest’s corporate network (domain security). If a developer (or any other employee with access to Security Guardian) leaves the company, the individual immediately loses access to the systems.
All code is versioned in source control
