products-platform

Pega Trust Center

Pega has a comprehensive security and compliance program based on industry best practices. We provide transparency about our compliance posture on emerging and established international and local regulations and standards, and maintain a comprehensive set of compliance certifications, attestations, and third-party assessments to give you confidence in our cloud services.

Pega Trust Center

Pega has a comprehensive security and compliance program based on industry best practices. We provide transparency about our compliance posture on emerging and established international and local regulations and standards, and maintain a comprehensive set of compliance certifications, attestations, and third-party assessments to give you confidence in our cloud services.

Our customers require a higher level of security, and Pega exceeds those requirements.

David Hodge Senior Vice President, IT

Service Organization Controls

Pega has received a SOC 2 Type 2 report from an independent audit firm which describes how Pega Cloud complies with Service Organization Controls framework. This report provides Pega Cloud clients with confidence in Pega's information security practices.

Learn more about SOC

Health Insurance Portability and Accountability Act

Currently, there is no official certification for HIPAA or HITECH Act compliance. However, Pega has received an assessment from an independent audit firm which concluded Pega Cloud meets the requirements of the HIPAA/HITECH privacy and security regulations. This assessment provides Pega Cloud clients with confidence that they can securely process and store PHI (Protected Health Information) in Pega Cloud.

Learn more about HIPAA

Payment Card Industry Data Standard

Pega has received an Attestation of Compliance (AOC) from a qualified security assessor which demonstrates that Pega Cloud is compliant with PCI DSS. This enables Pega Cloud clients to reduce the associated effort and costs to obtain PCI certification for an end-to-end solution which leverages Pega Cloud as a component.

Learn more about PCI DSS

General Data Protection Regulation

Currently, there is no official certification for GDPR compliance. Pega is committed to providing secure solutions that enable our customers to fully comply with data privacy and security best practices, including the GDPR.

Learn more about GDPR

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Pega complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework for protecting personal data transferred from the EU and Switzerland. Pega's adherence to the Privacy Shield Principles allows clients to comply with the data protection requirements of the EU Data Protection Directive when transferring personal data to Pega and its affiliates outside of the EEA and with the requirements of the Swiss Federal Act on Data Protection when transferring personal data outside of Switzerland.

View the Privacy Shield List

FedRAMP

Pega Cloud for Government is in the process of achieving FedRAMP compliance and an Authority to Operate (ATO) at the Moderate level. The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, in order to accelerate the adoption of secure cloud solutions by government agencies.

Learn more about our FedRAMP status

Rehabilitation Act of 1973, Section 508

Pega Cloud meets the accessibility requirements as outlined by Voluntary Product Accessibility Template (VPAT), in accordance with the Section 508 standards. The VPAT assists U.S. Federal contracting and procurement officials in understanding how Pega Cloud meets accessibility requirements.

Learn more about VPAT

FDA CFR Title 21 Part 11

Although regulatory authorities do not certify individual products or services as Part 11 compliant, the Pega Platform provides life sciences organizations with the necessary process and technical controls needed to achieve compliance with FDA CFR Part 11.

Learn more about CFR Title 21 Part 11

UK G-Cloud

Pega Cloud is listed as a cloud service provider on the G-Cloud Digital Marketplace. This enables U.K. government agencies to easily locate and procure Pega Cloud services.

Learn more about G-Cloud