Disaster Recovery for Identity Current - for Active Directory Security Guide

Disaster Recovery for Identity for Active Directory cryptographic usage is based on Azure FIPS 140-2 compliant cryptographic functions.

More information:

The On Demand team follows a strict Quality Assurance cycle.

Access to source control and build systems is protected by domain security, meaning that only employees on Quest’s corporate network have access to these systems. Therefore, should an On Demand developer leave the company, this individual will no longer be able to access On Demand systems.
All code is versioned in source control.
All product code is reviewed by another developer before check in.

In addition, the On Demand Development team follows a managed Security Development Lifecycle (SDL) which includes:

MS-SDL best practices
Threat modeling.
OWASP guidelines.
Regularly scheduled static code analysis is performed on regular basis.
Regularly scheduled vulnerability scanning is performed on regular basis.
Segregated Development, Pre-Production, and Production environments. Customer data is not used in Development and Pre-Production environments.

On Demand developers go through the same set of hiring processes and background checks as other Quest employees.

On Demand has undergone a third-party security assessment and penetration testing yearly since 2017. The assessment includes but is not limited to:

A summary of the results is available upon request. No OWASP Top 10 critical or high-risk issues have been identified.