products-platform
Cloud

Pega Trust Center

Pega is committed to maintaining customer data privacy. To that end, Pegasystems is making the necessary investments to follow the standards and practices of the regulatory programs described below in order, to assure customer data is being maintained in accordance with standard regulatory and industry practices.

Service Organization Controls (SOC) reports reflect the results of a Pega Cloud audit by an independent third party auditing firm. Specifically, these reports show how Pega Cloud’s internal controls are in accordance with the security, availability and confidentiality SOC objectives.

Pega Cloud meets the general requirements of CfR 164 for the privacy and security components of the American Institute of Certified Public Accountants’ applicable criteria for the SOC 2 Type II reports.


The United States Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates the security and privacy of Protected Health Information (PHI).

Pega Cloud received a privacy and security compliance assessment report relating to the Health Insurance Portability and Accountability Act (HIPAA) / Health Information Technology for Economic and Clinical Health (HITECH) Act. As conducted by an independent third party auditing firm, the assessment included and evaluated the HIPAA/HITECH privacy and security regulatory criteria including the administrative, technical and physical controls along with supporting policies, processes, procedures and personnel.

The report concluded Pega Cloud meets the requirements of the HIPAA/HITECH privacy and security regulations.


The Rehabilitation Act of 1973, Section 508, requires that Federal agencies’ electronic and information technology is accessible to people with disabilities. Under this section, a template, the Voluntary Product Accessibility Template (VPAT) has been defined to measure compliance.

Pega Cloud meets the accessibility requirements as outlined by Voluntary Product Accessibility Template (VPAT), in accordance with the Section 508 standards.


The Federal Risk and Authorization Management Program (FedRAMP) is a United States-based program that is the result of close collaboration with cybersecurity and cloud experts from GSA, NIST, DHS, DOD, NSA, OMB, the Federal CIO Council and its working groups, as well as private industry.

The FedRAMP assessment process is initiated by agencies or cloud service providers (CSPs) beginning a security authorization using the FedRAMP requirements which are FISMA compliant and based on the NIST 800-53 rev3 and initiating work with the FedRAMP PMO.

CSPs must implement the FedRAMP security requirements on their environment and hire a FedRAMP approved third party assessment organization (3PAO) to perform an independent assessment to audit the cloud system and provide a security assessment package for review.

Pega Cloud’s FedRAMP status is in process.

ECM Taxonomy Terms: 
Cloud
Cloud