General Data Protection Regulation
The GDPR goes into effect May 25, 2018, and has major repercussions for companies worldwide. With potential fines of up to 4% of revenue, this is much more than a compliance issue. Currently, there is no official certification for GDPR compliance. Pega is committed to providing secure solutions that enable our customers to fully comply with data privacy and security best practices, including the GDPR.
Health Insurance Portability and Accountability Act
Currently, there is no official certification for HIPAA or HITECH Act compliance. However, Pega has received an assessment from an independent audit firm which concluded Pega Cloud meets the requirements of the HIPAA/HITECH privacy and security regulations. This assessment provides Pega Cloud clients with confidence that they can securely process and store PHI (Protected Health Information) in Pega Cloud.
Payment Card Industry Data Standard
Pega has received an Attestation of Compliance (AOC) from a qualified security assessor which demonstrates that Pega Cloud is compliant with PCI DSS. This enables Pega Cloud clients to reduce the associated effort and costs to obtain PCI certification for an end-to-end solution which leverages Pega Cloud as a component.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Pega complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework for protecting personal data transferred from the EU and Switzerland. Pega's adherence to the Privacy Shield Principles allows clients to comply with the data protection requirements of the EU Data Protection Directive when transferring personal data to Pega and its affiliates outside of the EEA and with the requirements of the Swiss Federal Act on Data Protection when transferring personal data outside of Switzerland.
Pega Cloud for Government is in the process of achieving FedRAMP compliance and an Authority to Operate (ATO) at the Moderate level. The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, in order to accelerate the adoption of secure cloud solutions by government agencies.
Rehabilitation Act of 1973, Section 508
Pega Cloud meets the accessibility requirements as outlined by Voluntary Product Accessibility Template (VPAT), in accordance with the Section 508 standards. The VPAT assists U.S. Federal contracting and procurement officials in understanding how Pega Cloud meets accessibility requirements.